Hi! I support this document and see it as a valuable contribution to the YANG ecosystem.
A comment I have raised in the past is why is the COSE_Sign1 signature [0] used? With this solution, only one signature can be attached. If instead the COSE_Sign signature structure [1] is used, multiple signatures can be attached. Examples where multiple signatures are useful are when more than one entity is required to sign off, using different signing algorithms, or migrating from an old key to a new key (having both signatures valid during the migration window). I strongly suggest the COSE_Sign signature structure is used instead of the COSE_Sign1 signature structure. The draft currently uses draft-ahuang-notif-yang, this work has been replaced with draft-ietf-notif-envelope; which does not include an envelope for RFC 5277 NETCONF Notifications. Will the notification support defined in this document only be available for Subscribed Notifications? It seems that the YANG module ietf-provenance-annotation is not used at all? If it should be used it needs work to conform to the IETF standards, which you are probably aware of. There is no ietf-yang-instance-data-provenance YANG module, which is referenced in Section 4.3. A nit is that maybe the signature-string leaf in the examples can either be wrapped or replaced with a placeholder value (e.g. BASE64VALUE=). Thanks for your contribution! [0] https://datatracker.ietf.org/doc/html/rfc8152#section-4.2 [1] https://datatracker.ietf.org/doc/html/rfc8152#section-4.1 -- Per _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
