-
Notifications
You must be signed in to change notification settings - Fork 652
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is crypto-algorithm for in openconfig-keychain model ? #785
Comments
To provide a bit more context: One obvious use case for the openconfig-keychain model could be to implement the configuration frontend for a key management system for TCP AO (RFC5925). The cryptographic algorithm in this context could refer to (1) the specific the Message Authentication Code (MAC) to be used to hash TCP segments. Alternatively, the algorithm could be (2) used by an OpenConfig speaker to convey (to the receiver) the algorithm used to encrypt the keying information (namely, |
<howdy - comment snipe> The top of the keychain yang model has this text:
this, to me, sounds like a standard keychain/table setup vendors normally implement for MACSEC, ISIS or OSPF autnentication schemes. Effectively this is a registry of: keyid key valid-use-times algorithm I believe the intent is to permit you to have 1 location to store all of this data, and reference the key table content later in other use-cases (your isis authentication, or macsec key management, etc). So, in joshpfosi's text I believe this makes sense as #1 not #2. |
Please feel free to reopen if @morrowc 's response needs clarification. |
In openconfig-keychain model,
What is this for, as this provided for every key which is configured in the keychain and can be different in the same keychain.
My understanding is this crypto type specifies the encryption in which the key is configured. Is that correct ?
The text was updated successfully, but these errors were encountered: