Andy, et. al.,
>> I cannot find any RFC text that says <running> has only nodes created by a >> client. > > Really? Interesting. Still, I know it’s a mantra we’ve held closely for > many year, right? > > No. Quite the opposite. <snip> There was a brouhaha back when I proposed the "keystore” draft have an “action” called “generate-private-key” that would insert the generated key into <running>. Claims were made by prominent members of this list that it’s bad form for anything but a client to edit <running>. As a result, extensive effort was spent defining a mechanism enabling the generated key to be returned in the RPC-reply in an encrypted form (such that only the server that generated the key could decrypt it), all so the client could immediately return it to the server via a config push in order to preserve the sanctity of client read-backs. If current claims were true then, why didn’t someone just say it’s okay since the server is acting like a client under the hood? K.
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
