Hi - >From: Juergen Schoenwaelder <[email protected]> >Sent: Mar 22, 2016 9:23 AM >To: Eliot Lear <[email protected]> >Cc: "[email protected]" <[email protected]>, "[email protected]" ><[email protected]>, "[email protected]" ><[email protected]>, The IESG <[email protected]>, Stephen >Farrell <[email protected]> >Subject: Re: [netmod] Stephen Farrell's No Objection on >draft-ietf-netmod-yang-json-09: (with COMMENT) > >On Tue, Mar 22, 2016 at 05:12:24PM +0100, Eliot Lear wrote: >> Hi Juergen, >> >> On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote: >> > I think such considerations belongs into documents making use of >> > object signatures and close to 100% of the YANG models today don't >> > so I do not even think this qualifies for RFC6087bis. >> > >> >> I think there are AT LEAST two areas where signatures are going to be >> necessary: >> >> * There exist multi-level authorization schemes today that rely on >> signatures. Those have to be transported. >> * Manufacturer usage descriptions (MUDs) have extremely broad scope in >> terms of the number of devices that are intended to use the same >> description (think thousands to millions). And so an unauthorized >> change could have a similarly broad impact. >> >> >> Thus, wherever the YANG experts think signatures should happen in each >> encoding case is fine with me; but I'd suggest that I'm not the only >> person who's going to want to know. Is it THAT hard to at least add a >> reference? Because if it is, that would cause me to wonder if the >> mechanisms are really in place to do the right thing. >> > >Eliot, > >I simply fail to understand what the problem is and I fail to see >which addition (ideally in concrete words) is proposed to fix the >problem.
The problem is that the current approach does not address representing blobs of configuration data as (signed) documents independent of the protocol used for shoveling those blobs around. Randy _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
