Hi Roman, > On Sep 16, 2024, at 3:24 PM, Roman Danyliw via Datatracker <[email protected]> > wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-netmod-syslog-model-32: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netmod-syslog-model/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Francis Dupont for the GENART review. > > ** Section 10 says “ There are no RPC operations defined in this YANG > module.” > However, in Figure 1 there is: > > | | +---x generate-csr {csr-generation}? > > Which appears to be generate-csr-grouping from > draft-ietf-netconf-crypto-types. > > Should the Security Considerations of draft-ietf-netconf-crypto-types be > mentioned? Is this Section 10 language of “no RPC operations defined”accurate > – is it because the thinking is that this functionality is imported (via > ct:asymmetric-key-pair-with-cert-grouping)?
That is correct. The RPC operation is imported from ietf-crypto-types module, and is not something that is defined in this model. You will notice that Section 3.8 <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-crypto-types-34#name-considerations-for-the-ietf> of draft-ietf-netconf-crypto-types delves into the security considerations for actions including generate-csr (called generate-certificate-signing-request in the draft, but has been updated since). If it helps we can add a sentence to that effect. Something like: "This module imports groupings from ietf-crypto-types YANG module defined in [I-D.ietf-netconf-crypto-types]. Security considerations described in that draft apply to this module also.” Better? > > > Mahesh Jethanandani [email protected]
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
