Re: [yang-doctors] Review of draft-ietf-rtgwg-yang-key-chain-13
Ladislav Lhotka <lhotka@nic.cz> Mon, 20 February 2017 11:56 UTC
Return-Path: <lhotka@nic.cz>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CE21293D6; Mon, 20 Feb 2017 03:56:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfVCnU2vykhj; Mon, 20 Feb 2017 03:56:16 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 026601299B5; Mon, 20 Feb 2017 03:56:16 -0800 (PST)
Received: from [IPv6:2001:718:1a02:1:fd80:c4c7:82a3:3655] (unknown [IPv6:2001:718:1a02:1:fd80:c4c7:82a3:3655]) by mail.nic.cz (Postfix) with ESMTPSA id 60EAA60129; Mon, 20 Feb 2017 12:56:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1487591774; bh=blneXzU46WFtAaKP/oiCwi/DYlmmPY7IKQRiOi4hSqE=; h=From:Date:To; b=QemSl7TM/Jrv2dCbRhFI+bd24ueR3u6P6FkBECw38yBIAJBhxufsihsUbYR2nRwUR IQWAd2gS9ah05TFOykHLYL4UfbC99BTYJ5tDxxyDvoTRQHvn0f0cGLuJ0aj8e2G2/f 5JtoGx+2gjW5D7cA9aAccyZeC2K37wsCde5JJxok=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <148759139687.25976.6374643432126541498.idtracker@ietfa.amsl.com>
Date: Mon, 20 Feb 2017 12:56:37 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B1E055B-6B06-482D-8341-B49B6EE32BEC@nic.cz>
References: <148759139687.25976.6374643432126541498.idtracker@ietfa.amsl.com>
To: Benoit Claise <yang-doctors@ietf.org>
X-Mailer: Apple Mail (2.3259)
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/qTm9pJ2QZziyfApqUOPYyK3fNpQ>
Cc: draft-ietf-rtgwg-yang-key-chain.all@ietf.org
Subject: Re: [yang-doctors] Review of draft-ietf-rtgwg-yang-key-chain-13
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2017 11:56:18 -0000
Hi, this is my old review, on Mehmet's request I entered it into the datatracker, so no action is needed. I just removed my objection that turned out to be nonsense. Lada > On 20 Feb 2017, at 12:49, Ladislav Lhotka <lhotka@nic.cz> wrote: > > Reviewer: Ladislav Lhotka > Review result: Almost Ready > > # General Comments > > ## Cryptographic algorithm types > > What is the reason for representing these as a YANG choice with empty > leaves? I think it would be more natural to use a single leaf, either > an enumeration or (if extensibility is important) identityref. > > ## Reusability > > The module defines key-chain as a grouping with the aim of making it > reusable in other modules. However, this approach has known problems > that are discussed in draft-ietf-netmod-schema-mount. I am not sure > how relevant they are in this case but, for one, the "key-chain-ref" > type is not applicable if the "key-chain" grouping is used in another > module. An alternative is not to use the grouping and rely on schema > mount. > > ## Key string style > > The difference between ASCII and hexadecimal formats of key strings > should be explained. I understand that the latter is a hash of the key > and, if so, I'd suggest to include "hexadecimal-string" also in state > data. > > Also, I believe that storing clear-text key in configuration is > insecure and Security Considerations should warn against it. > > ## Example > > It might be useful to include an appendix with example instance data. > > # Specific comments > > ## Sec. 2 > > - paragraph 2: s/where ever/wherever/ > > ## Sec. 3 > > - paragraph 1: replace both Key-Id a Key-ID with Key ID (the latter > is used in other places of the > text). > - paragraph 2: the suggested way of supporting asymmetric keys looks > like a hack, I would suggest > a more explicit representation, e.g. using a choice. > > ## Sec. 4 > > - The module has inconsistent indentation: up to "grouping > crypto-algorithm-types", top-level > statements are indented with four spaces, the subsequent ones with > five spaces. > > ## Sec. 6 > > - The statement "Given that the key chains themselves are sensitive > data, it is RECOMMENDED > that the NETCONF communication channel be encrypted." is > misleading because RFC 6241 > requires that transport protocols for NETCONF guarantee > confidentiality (and RFC 8040 does the > same for RESTCONF). > > > _______________________________________________ > yang-doctors mailing list > yang-doctors@ietf.org > https://www.ietf.org/mailman/listinfo/yang-doctors -- Ladislav Lhotka, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
- [yang-doctors] Review of draft-ietf-rtgwg-yang-ke… Ladislav Lhotka
- Re: [yang-doctors] Review of draft-ietf-rtgwg-yan… Ladislav Lhotka
- Re: [yang-doctors] Review of draft-ietf-rtgwg-yan… Acee Lindem (acee)
- Re: [yang-doctors] Review of draft-ietf-rtgwg-yan… Ladislav Lhotka