On Thu, Apr 27, 2017 at 10:17 AM, Eric Rescorla <[email protected]> wrote:
> > > On Thu, Apr 27, 2017 at 7:15 AM, Alia Atlas <[email protected]> wrote: > >> On Thu, Apr 27, 2017 at 10:05 AM, Adam Roach <[email protected]> wrote: >> >>> On 4/26/17 23:02, Alia Atlas wrote: >>> >>>> First, the YANG model is primarily for information in motion - either >>>> for configuration to the device >>>> or to read from the device. It is much less likely to represent the >>>> data structure and storage in the device. >>>> I believe that this draft's context is strictly for information in >>>> motion. >>>> >>> >>> >>> Thanks; I understand all that. I'm trying to focus on the final >>> paragraph of section 5, though, which appears to be an exception to what >>> you say above. >> >> >> I don't understand why - IMHO, that paragraph is simply saying - this >> model passes keys around (in motion). Of course, a system shouldn't store >> such keys unencrypted. From what Acee says, this "motherhood and apple >> pie" additional advice was added due to secdir review. >> > > I thought Adam's point was that storing keys encrypted with a key that's > adjacent to them was not useful. > This is not at all in scope for this document. It isn't giving implementation-specific advice on how to manage and store keys. It is providing a model to configure and read keys. Alia > -Ekr > > >> >> Regards, >> Alia >> >> >> >>> /a >>> >>> >> >
_______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
