Liaison on a YANG Data Model for a Keystore
Additional information about IETF liaison relationships is available on the IETF webpage and the Internet Architecture Board liaison webpage.
|From Contact||Glenn Parsons|
|To Contacts||The IETF Chair <email@example.com>|
|Cc||The IETF Chair <firstname.lastname@example.org>
The IESG <email@example.com>
Paul Nikolich <firstname.lastname@example.org>
Karen Randall <email@example.com>
Jodi Haasz <firstname.lastname@example.org>
Russ Housley <email@example.com>
Dorothy Stanley <firstname.lastname@example.org>
|Response Contact||Jessy Rouyer <email@example.com>
Glenn Parsons <firstname.lastname@example.org>
Mick Seaman <email@example.com>
|Deadline||2021-12-10 Action Needed|
The IEEE 802.1 Security Task Group reviewed the Internet-Draft A YANG Data Model for a Keystore (https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/ ). In this draft, a number of items are identified as truly optional MAY; it would appear that some of these items would override restrictions in other security standards. For example, in Section 3, Support for Built-in Keys, there is discussion about copying the built-in keys; however this is restricted by IEEE Std 802.1AR. The draft should be clear that where provisions of referenced security standards appear to conflict or restrict the operations described in the draft, those other security standards take precedence. The certificate encoding specified does not appear to use any standard encoding (e.g., DER/BER). It also might be useful to reference a standard key wrap or specifier for a standard key wrap algorithm for transporting both symmetric and asymmetric keys. There is an updated standard IEEE Std 802.1AR, Secure Device Identity, which is IEEE Std 802.1AR- 2018. And there are extraneous letters (i.e., Group, W. -. H. L. L. P. W.) in the reference for [Std- 802.1AR-2009] which should be removed. Thank you for your consideration of these matters, and we welcome continued collaboration going forward.