On 5/1/16, 10:55 AM, "Juergen Schoenwaelder" <[email protected]> wrote:
>On Sun, May 01, 2016 at 01:38:12PM +0000, Acee Lindem (acee) wrote: >> >> >> On 5/1/16, 3:42 AM, "Juergen Schoenwaelder" >> <[email protected]> wrote: >> >> >I have briefly looked at the abstract / intro of both documents and I >> >am not sure I got from this why we do have two keychain models. Perhaps >> >both documents should be send to the security area as input for a joint >> >keychain data model? >> >> Please look at the data nodes in the two models - one is about keys and >> the other is about certificates. > >I looked at the abstract and the intro and the yang module description >and they did not tell me why there are two different models. I think >this needs to be clarified. Have you heard the expression, “You can’t judge a book by its cover”? > >So if I use TLS with pre-shared keys, I have to use the 'routing' key >chain and if I use TLS with certificates, I have to use the 'netconf' >key chain? I won’t speak for certificates but if you were going use pre-shared keys, you would simply import the key-chain model in the same manner as the applications that are currently using it. For example, https://www.ietf.org/id/draft-ietf-ospf-yang-04.txt - Note that you will have to look beyond the abstract for the example of this… Thanks, Acee > >In any case, review of both models by the security area may be a good >idea (and I still believe these models should ideally be done in the >security area) and not in OPS or RTG. > >/js > >-- >Juergen Schoenwaelder Jacobs University Bremen gGmbH >Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany >Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
