[netmod] Comments on draft-lear-ietf-netmod-mud-02

I like how this is evolving ... few things Few small things If you use CMS, I think you need to deal with how the JSON in canonicalized before being signed. I will suggest that the standards the IETF created for signing JSON would be a better choice for signing JSON than CMS - that's

Re: [netmod] [OPSAWG] Fwd: New Version Notification for draft-lear-ietf-netmod-mud-02.txt

Hi Uri, On 6/7/16 7:32 PM, Blumenthal, Uri - 0553 - MITLL wrote: > > * We now include a signature mechanism for the MUD files. It > was always the plan to do this. There were two choices: > CMS/PKCS#7 or JWS. Again for tooling's sake, so that people > don't need

Re: [netmod] [OPSAWG] Fwd: New Version Notification for draft-lear-ietf-netmod-mud-02.txt

> * We now include a signature mechanism for the MUD files. It was always the > plan to do this. There were two choices: CMS/PKCS#7 or JWS. Again for > tooling's sake, so that people don't need to roll their own, especially for > anything security related, we've gone with CMS and a detached

Re: [netmod] leafref value space and constraint

On Tue, Jun 7, 2016 at 9:38 AM, Juergen Schoenwaelder < j.schoenwael...@jacobs-university.de> wrote: > On Tue, Jun 07, 2016 at 09:08:56AM -0700, Andy Bierman wrote: > > On Tue, Jun 7, 2016 at 8:52 AM, Juergen Schoenwaelder < > > j.schoenwael...@jacobs-university.de> wrote: > > > > > On Tue, Jun

Re: [netmod] leafref value space and constraint

On Tue, Jun 07, 2016 at 09:08:56AM -0700, Andy Bierman wrote: > On Tue, Jun 7, 2016 at 8:52 AM, Juergen Schoenwaelder < > j.schoenwael...@jacobs-university.de> wrote: > > > On Tue, Jun 07, 2016 at 11:26:03AM -0400, Dale R. Worley wrote: > > > Ladislav Lhotka writes: > > > > "Dale

Re: [netmod] Opstate solutions discussions: update and request for WG input

Hi, I prefer (B). I do not think it is realistic that vendors will rewrite their IETF modules and vendor modules and all the associated client/server instrumentation. This is expensive at many levels. Stability is important for an API. So if we do (A), there will be some modules following the

Re: [netmod] leafref value space and constraint

On Tue, Jun 7, 2016 at 8:52 AM, Juergen Schoenwaelder < j.schoenwael...@jacobs-university.de> wrote: > On Tue, Jun 07, 2016 at 11:26:03AM -0400, Dale R. Worley wrote: > > Ladislav Lhotka writes: > > > "Dale R. Worley" writes: > > >> A difficulty I have with

Re: [netmod] leafref value space and constraint

> On 07 Jun 2016, at 17:26, Dale R. Worley wrote: > > Ladislav Lhotka writes: >> "Dale R. Worley" writes: >>> A difficulty I have with the current wording is that it doesn't point >>> out the crucial fact about leafref that the XPath

Re: [netmod] leafref value space and constraint

Ladislav Lhotka writes: > "Dale R. Worley" writes: >> A difficulty I have with the current wording is that it doesn't point >> out the crucial fact about leafref that the XPath expression can only >> select elements that are instantiations of one particular

[netmod] Opstate solutions discussions: update and request for WG input

All, We want to provide an update based on the off line discussions related to OpState Solutions that we have been having and solicit input from the WG. All authors of current solution drafts [1,2,3] together with those who helped conduct the solutions analysis* were invited to the these

Re: [netmod] keys in instance-identifiers

On Tue, Jun 07, 2016 at 04:03:43PM +0200, Ladislav Lhotka wrote: > > But what if the canonical value isn't defined, e.g. when the list key is an > identityref? It would be handy to be able to use the derived-from() function > as a key predicate. > Lada, we are at a stage where the document

Re: [netmod] keys in instance-identifiers

> On 07 Jun 2016, at 14:47, Martin Bjorklund wrote: > > Ladislav Lhotka wrote: >> >>> On 06 Jun 2016, at 16:02, Juergen Schoenwaelder >>> wrote: >>> >>> On Mon, Jun 06, 2016 at 03:43:23PM +0200, Ladislav Lhotka wrote:

Re: [netmod] keys in instance-identifiers

Ladislav Lhotka wrote: > > > On 06 Jun 2016, at 16:02, Juergen Schoenwaelder > > wrote: > > > > On Mon, Jun 06, 2016 at 03:43:23PM +0200, Ladislav Lhotka wrote: > >> > >>> On 06 Jun 2016, at 15:09, Juergen Schoenwaelder > >>>

Re: [netmod] leafref value space and constraint

Juergen Schoenwaelder wrote: > Martin, how close are we to have a final version addressing all the > review comments we received during the journey through the IESG? We're shrinking the list of open issues with every iteration of emails. I will go through

Re: [netmod] leafref value space and constraint

"Dale R. Worley" writes: > A difficulty I have with the current wording is that it doesn't point > out the crucial fact about leafref that the XPath expression can only > select elements that are instantiations of one particular data node. I > don't know XPath, but it seems

[netmod] Fwd: New Version Notification for draft-lear-ietf-netmod-mud-02.txt

Hi everyone, There is a new version of draft-ietf-lear-netmod-mud out there. In discussions with various WG chairs it seems like the best approach is to (a) consolidate the drafts a bit and (b) proceed in opsawg with this work. That is what this draft does. Both the PKIX constraint and the