Hi Juergen, On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote: > I think such considerations belongs into documents making use of > object signatures and close to 100% of the YANG models today don't > so I do not even think this qualifies for RFC6087bis. >
I think there are AT LEAST two areas where signatures are going to be
necessary:
* There exist multi-level authorization schemes today that rely on
signatures. Those have to be transported.
* Manufacturer usage descriptions (MUDs) have extremely broad scope in
terms of the number of devices that are intended to use the same
description (think thousands to millions). And so an unauthorized
change could have a similarly broad impact.
Thus, wherever the YANG experts think signatures should happen in each
encoding case is fine with me; but I'd suggest that I'm not the only
person who's going to want to know. Is it THAT hard to at least add a
reference? Because if it is, that would cause me to wonder if the
mechanisms are really in place to do the right thing.
Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
