On Tue, Mar 22, 2016 at 05:12:24PM +0100, Eliot Lear wrote: > Hi Juergen, > > On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote: > > I think such considerations belongs into documents making use of > > object signatures and close to 100% of the YANG models today don't > > so I do not even think this qualifies for RFC6087bis. > > > > I think there are AT LEAST two areas where signatures are going to be > necessary: > > * There exist multi-level authorization schemes today that rely on > signatures. Those have to be transported. > * Manufacturer usage descriptions (MUDs) have extremely broad scope in > terms of the number of devices that are intended to use the same > description (think thousands to millions). And so an unauthorized > change could have a similarly broad impact. > > > Thus, wherever the YANG experts think signatures should happen in each > encoding case is fine with me; but I'd suggest that I'm not the only > person who's going to want to know. Is it THAT hard to at least add a > reference? Because if it is, that would cause me to wonder if the > mechanisms are really in place to do the right thing. >
Eliot, I simply fail to understand what the problem is and I fail to see which addition (ideally in concrete words) is proposed to fix the problem. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
