NETCONF over Transport Layer Security (TLS)
Note: This ballot was opened for revision 07 and is now closed.
(Dan Romascanu) Yes
(Jari Arkko) (was Discuss) No Objection
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lars Eggert) No Objection
(Pasi Eronen) No Objection
Couple of minor comments/suggestions: Section 4 should explain what "third party authentication" means, since it's not obvious from the context, and the term is not used in any of the listed references either. To me, references RFC4642 and and RFC5277 don't look normative, so they probably should be in the Informative References section.
(Russ Housley) No Objection
(Cullen Jennings) No Objection
(Chris Newman) No Objection
I support Jari and Tim's discuss positions. If there is a need for authentication mechanisms other than TLS client certificates for this transport, a simple protocol design pattern would be to write a SASL profile for netconf for use in conjunction with TLS. That's a rather simple project (a couple pages) and I'd be glad to assist if needed.