Hi Jensen,
> On Dec 12, 2023, at 7:47 AM, Jensen Zhang <jingxuan.n.zh...@gmail.com> wrote:
>
> Hi authors,
>
> I am one of the authors of the draft-ietf-alto-oam-yang draft. Our draft is
> trying to reuse some groupings and typedefs in this document to support some
> TLS authentication features. But we find the current typedef 'public-key-ref'
> cannot be used by another module.
>
> To be more concrete, in the current document, the path of the typedef
> 'public-key-ref' enforces a prefix of the relative path to the sibling
> 'public-key-bag' leaf:
>
> typedef public-key-ref {
> type leafref {
> path "/ts:truststore/ts:public-key-bags/ts:public-key-bag"
> + "[ts:name = current()/../ts:public-key-bag]/"
> + "ts:public-key/ts:name";
> }
> ...
> }
>
> From my understanding, this typedef is for other modules to reference a
> public key in the trust store. The sibling 'public-key-bag' leaf should be in
> the same module of the leaf using this typedef, instead of the module 'ts'.
>
> To make this typedef usable, I believe it should look like the following:
>
> typedef public-key-ref {
> type leafref {
> path "/ts:truststore/ts:public-key-bags/ts:public-key-bag"
> + "[ts:name = current()/../public-key-bag]/"
> + "ts:public-key/ts:name";
> }
> ...
> }
>
> Otherwise, we have to define another typedef in our own module like this:
> https://github.com/ietf-wg-alto/draft-ietf-alto-oam-yang/blob/284d2e630cec00f752ea94f586469797786c6f57/yang/ietf-alto.yang#L612-L628
This is my first time looking at Alto. It may take me a little to fully grok
what’s going on. Please let me know if you think a call would be helpful.
Looking at the linked YANG module, I see that it looks very much like the
"ietf-restconf-server" module’s grouping
"restconf-server-listen-stack-grouping”, which is fine.
I take it that Alto is okay referencing the central truststore (not defining
its own instances of "truststore-grouping") as well as supporting inlined
definitions. I do not see the Alto module augmenting the centralized
truststore and, in general, it seems to behave just like the
ietf-restconf-server module, though I’m sure I’m missing something ;)
What I don’t understand is why what seems to work in ietf-restconf-server
doesn’t work in ietf-alto. Can you help me understand?
Separately, did ALTO WG ever consider renaming to “ietf-alto-server”? Would
there be value to extending that convention for consistency?
One last thought, I notice that ietf-alto defines a number of typedefs that
seem generic enough to move to ietf-truststore. Is this thought yours as well?
> Thanks,
> Jensen
Kent // author
_______________________________________________
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto
