Hiya, It's a nit so feel free to ignore me, but anyway... :-) On 06/10/2023 14:33, Carsten Bormann wrote:
“identity” is a YANG term of art, see RFC 7950, Section 3:
Sure. Bad choice of a term though when it doesn't include user@xxxxxxxxxxx but rather the 1701 value below. I guess that ship has sailed though, but even so, for me this document would have been clearer if it didn't repeat the same (IMO) error. If you wanted a suggested change: OLD * identities NEW * Yang identities such as authentication-method that don't identify specific users/devices/people But again, feel free to ignore me, the document doesn't seem to me to have any worse privacy properties than yang already has. Cheers, S.
o identity: A globally unique, abstract, and untyped name. Typical identities are essentially enumeration values of the protocols, i.e., code points that are text-based (in YANG-XML and YANG-JSON). They are defined in the YANG module, and we need to give them SIDs to be more efficient. These are the identities in ietf-system.sid: 1701,identity,authentication-method, 1702,identity,local-users, 1703,identity,radius, 1704,identity,radius-authentication-type, 1705,identity,radius-chap, 1706,identity,radius-pap, These actually in a derivation hierarchy (see YANG excerpt below), but we don’t see that in the SID allocation.If the latter were the intent, then I'd have significant privacy concerns and this review would have reached a "not ready" conclusion.Indeed, but luckily these are not user identities.
Attachment:
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
