ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-netmod-system-mgmt-15.txt> (A YANG Data Model for System Management) to Proposed Standard

2014-05-09 10:10:49
from [Martin Bjorklund] [Permanent Link] 
Hi,

The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote:


The IESG has received a request from the NETCONF Data Modeling Language
WG (netmod) to consider the following document:
- 'A YANG Data Model for System Management'
  <draft-ietf-netmod-system-mgmt-15.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2014-05-13. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


The data model in in this draft has this structure (objects unrelated
to SSH keys removed)

           +--rw user* [name]
               +--rw name        string
               +--rw ssh-key* [name]
                  +--rw name         string
                  +--rw algorithm    string
                  +--rw key-data     binary

The intention is that the separation of the key with two leafs,
"algorithm" and "key-data" makes it easy to cut-and-paste from keys
generated with ssh-keygen etc.  (The encoding of type binary in YANG
is base64, which happen to match the key format.  So the operator can
set the "algorithm" and paste the base64 encoded blob into "key-data".)

During implementation of ssh key handling, we realized that the
description of the objects related to SSH keys probably need some
clarifications. 

Specifically, the list "ssh-key" and the leaf "key-data" are unclear.
After consulting with people at ietf-ssh(_at_)NetBSD(_dot_)org, I propose the
following changes:

OLD:

         list ssh-key {
           key name;
           description
             "A list of public SSH keys for this user.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

NEW:

        list authorized-key {
           key name;
           description
             "A list of public SSH keys for this user.  These keys
              are allowed for SSH authentication, as described in
              RFC 4253.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

OLD:

           leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary key data for this ssh key.";
           }

NEW:

          leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary public key data for this ssh key, as
                specified by RFC 4253, Section 6.6, i.e.,:

                  string    certificate or public key format
                            identifier
                  byte[n]   key/certificate data
                ";
             reference
               "RFC 4253: The Secure Shell (SSH) Transport Layer
                          Protocol";
           }



/martin
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Last Call: <draft-ietf-netmod-system-mgmt-15.txt> (A YANG Data Model for System Management) to Proposed Standard, Martin Bjorklund <=
Previous by Date:  Genart LC and telechat review: draft-ietf-ippm-2330-update-04, Robert Sparks
Next by Date:  RE: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC, Adrian Farrel
Previous by Thread:  Genart LC and telechat review: draft-ietf-ippm-2330-update-04, Robert Sparks
Next by Thread:  RE: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC, Adrian Farrel
Indexes:  [Date] [Thread] [Top] [All Lists]