SSH operations modelled in YANG

To: "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: SSH operations modelled in YANG
From: tom petch <ietfc%btconnect.com@localhost>
Date: Wed, 25 Jan 2023 12:27:11 +0000

I seem to recall having seen this before on this list but FYI, the IETF NETCONF  WG has produced an I-D
draft-ietf-netconf-ssh-client-server-32 
for the management of SSH with YANG and this has now completed WG LC, after some seven years.  It is big and contains seven YANG modules, three for SSH, server, client and common, and four for IANA maintenance which cast the four SSH registries -KEX, Encryption, MAC,  Public Key - as YANG Identity for use by other modules with instructions, which seem incomplete to me, as to their future maintenance (this is a well trodden path for other protocols) .

I see this approach as fatally flawed since IANA-maintained modules and regular ones have a different trajectory and putting them in one RFC just creates problems for the IETF in future.  However, setting that aside, I suspect that the technical contents of the I-D are somewhat outside the usual purview of the NETCONF WG, even if NETCONF started life as an SSH application,  and so any additional review could be beneficial.  I am just a bystander who gave up reviewing this I-D many moons ago, since it kept doing backwards somersaults and rendering my reviews pointless but at WG LC, perhaps it is worth further review.  The I-D is one of a set of nine, proceeding in parallel, and totalling over 600 pages but this is currently the only SSH one (I think that there should be two!).

Tom Petch

Follow-Ups:
- Re: SSH operations modelled in YANG
  - From: Sam Hartman

Prev by Date: Re: An additional-auth mechanism for SSH to protect against scanning/probing attacks
Next by Date: Re: SSH operations modelled in YANG
Previous by Thread: Pre-authentication draft posted
Next by Thread: Re: SSH operations modelled in YANG
Indexes:

Home | Main Index | Thread Index | Old Index