**Session Date/Time:** 21 Mar 2022 13:30

# NETCONF Session

## Summary

The NETCONF working group session covered several key drafts, including ongoing liaison work with IEEE 802.1 concerning the Keystore and Crypto Types drafts, a comprehensive update on the Client Service suite of drafts (highlighting TLS 1.3 support and discussions around a `generate-key` RPC), and updates to the UDP-based transport for configured subscriptions (`udp-native`) focusing on DTLS configuration. Significant progress was reported on the Transaction ID draft, with simulation results demonstrating efficiency gains. Finally, there was an in-depth discussion on Adaptive Subscriptions, including problem statements, use cases, and hackathon results, concluding with a poll that indicated a desire for further discussion before an adoption decision.

## Key Discussion Points

*   **IEEE 802.1 Liaison on Keystore and Crypto Types:**
    *   IEEE 802.1 raised concerns regarding the Keystore draft's language on promoting/copying private keys from system to running datastores and the handling of clear text keys.
    *   The Crypto Types draft needs to adequately define "hidden key."
    *   Discussion on general conformance when standards span multiple SDOs.
*   **Client Service Suite of Drafts Updates:**
    *   **Crypto Types:** Accommodated reviewer comments and added the "hidden keys" feature.
    *   **Trust Anchors:** Added prefixes to path statements, renamed "trustor supported" to "central trustor supported," and referenced `netmod-with-system` for built-in/system keys.
    *   **Keystore:** Similar path prefixing and feature renaming, added asymmetric/symmetric key features, and referenced `netmod-with-system`.
    *   **SSH/TLS Client Server:** Moved algorithm definitions from `ietf-ssh-common` and `ietf-tls-common` to IANA-maintained modules (converted registries into Yang modules). Added `config false` lists for server-supported algorithms.
    *   **TLS Client Server:** Major update to support TLS 1.3, specifically addressing the differences in PSK usage between TLS 1.2 and TLS 1.3. This included splitting PSK definitions into `tls12-psk` and `tls13-epsk`, defining new types for `hash` and `key-derivation-function`, and introducing the concept of zero-round-trip-time (0-RTT).
*   **`generate-key` RPC Proposal:**
    *   Revisiting the idea of an RPC for generating private keys, previously abandoned due to difficulty in unifying algorithm identifiers across protocols.
    *   Now considered feasible due to protocol-specific IANA-maintained algorithm identifiers (via Yang modules) for SSH and TLS.
    *   Proposed `generate-public-key` RPC for SSH; however, a complication for TLS was identified where cipher suites combine multiple algorithms rather than specifying a single private key algorithm.
    *   Discussion noted the RPC generates a key pair (public/private), suggesting alternative naming like `generate-key-pair`.
*   **UDP-based Transport for Configured Subscriptions (`udp-native`):**
    *   Updates included referencing IANA media types for JSON/CBOR encodings and adding a `feature encode-cbor` leaf.
    *   DTLS encryption was integrated for security, leading to a discussion on configuring DTLS parameters directly from the Yang module.
*   **Per-Node Capabilities for Optimal Data Collection:**
    *   Discussion on using per-node capabilities to map identifiers like MIB OIDs, IPFIX flow keys, and 3GPP Distinguished Names to Yang for better correlation across different protocols and management systems.
*   **Transaction ID Draft:**
    *   Addressed problems with slow `get-config` for change detection, unnecessary YANG Push notifications for client's own changes, and clobbering without proper synchronization.
    *   Proposed a tree-deep transaction ID/E-tag mechanism to track changes to specific sub-parts of the configuration and a lock-free `edit-config` for clobbering detection.
    *   Simulation results showed a 33% reduction in round trips and significant traffic reduction for a real-world application, demonstrating substantial efficiency gains.
*   **Adaptive Subscription to YANG Notification:**
    *   Motivated by the need to balance resource consumption with data fidelity.
    *   Proposed a server-driven adaptive subscription policy on top of YANG Push, allowing servers to dynamically adjust update intervals based on network conditions.
    *   Hackathon results demonstrated the effectiveness of server-side adaptive streaming in capturing critical events (e.g., RSSI for roaming, bytes sent for congestion) while significantly reducing data volume compared to high-frequency periodic collection.
    *   Clarifications were provided regarding RPC errors, XPath evaluation, and the benefits of server-driven over client-driven adaptive logic.
    *   Use cases were presented for real-time interface traffic, microburst detection, congestion events, and latency/jitter/packet loss measurement.

## Decisions and Action Items

*   **IEEE 802.1 Liaison:**
    *   **Action:** Rob Wilton to send a liaison response regarding general conformance for standards spanning multiple SDOs.
    *   **Action:** Ken Watsen to amend the Keystore draft to adequately indicate key types and ensure built-in keys are not clear text.
    *   **Action:** Ken Watsen to amend the Crypto Types draft to adequately define "hidden key."
    *   **Action:** Mick Seaman (IEEE) to confirm draft updates address his concerns.
    *   **Action:** Russ Housley (IETF IEEE liaison officer) should be included in the liaison process.
*   **`generate-key` RPC (Client Service Suite):**
    *   **Decision:** The working group generally supports pursuing protocol-specific RPCs for generating key pairs.
    *   **Action:** Kent Watsen to consult with TLS chairs regarding the complication with TLS cipher suites and the proposed RPC.
*   **`udp-native` Draft:**
    *   **Decision:** DTLS parameters will be configurable from the Yang module within the `udp-native` draft.
    *   **Action:** Authors to modify the Yang module to import `ietf-tls-client-server` (and potentially `ietf-tls-server`) and add configuration examples.
    *   **Action:** Authors requested a working group Last Call for the `udp-native` draft.
*   **Transaction ID Draft:**
    *   **Decision:** The working group will continue working on the draft. An adoption call is expected shortly.
*   **Adaptive Subscription Draft:**
    *   **Poll Result:** A show of hands indicated a split opinion (roughly 50/50) on whether to adopt the draft as a Proposed Standard or an Experimental draft.
    *   **Decision:** The working group will keep the possibility of a Proposed Standard open for now. Further discussion is required on the mailing list to address existing concerns and objections.

## Next Steps

*   **Client Service Suite:**
    *   Validate the correctness of the TLS 1.3 updates, potentially with AD highlighting for extra attention during security review.
    *   Finalize minor updates for the IEEE liaison.
    *   Resolve the `generate-key` RPC action issue.
    *   The aim is to publish the entire suite of drafts to the AD within a few weeks, concluding work started in 2014.
*   **UDP-based Transport for Configured Subscriptions:**
    *   Implement the agreed-upon DTLS Yang configuration changes and provide examples.
    *   Proceed with requesting a working group Last Call.
*   **Transaction ID Draft:**
    *   Add text detailing YANG Push integration.
    *   Conduct in-house prototype implementations to verify broader use cases.
*   **Adaptive Subscription Draft:**
    *   Engage in further discussion on the mailing list to address outstanding concerns and objections from the working group, particularly regarding its suitability as a Proposed Standard.