On Mon, Mar 21, 2016 at 04:07:07PM +0100, Ladislav Lhotka wrote: > > - I'm not sure if anyone has considered XMLDSIG or use of JOSE > > with YANG. If one did, then this kind of mapping would not > > allow one to preserve digital signatures without a lot of > > work. I assume that that's considered ok. (Which it can be, > > depending on how one does object level security, if one does > > object level security.) > > I am not an expert on digital signatures and their representations, but > I'd say they could be modelled as YANG's "binary" type (and transferred > base64-encoded). This should work equally well in XML and JSON, > including round trips.
Lada, I think Stephen asks about JSON encoded YANG-defined data that is signed, that is, the JSON serialization itself is signed. What happens to the signature if you convert the JSON to corresponding XML serialization. I think the answer is that the signature is broken in this case and I think this is quite natural. Object signatures so far never came up in the NETCONF/YANG context (well not quite correct, I think there is some related discussion aroud the zero-config draft) but even if they do, I think we will have to accept that signatures are encoding specific. And I think this is not a big deal; if I sign my HTML encoded email, then the signature likely won't apply to a text-only rendering of the same email. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod