[babel] Babel DTLS and YANG

"STARK, BARBARA H" <bs7652@att.com> Tue, 03 August 2021 15:12 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A21FD3A26B5 for <babel@ietfa.amsl.com>; Tue, 3 Aug 2021 08:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5YkKg0dTQgF for <babel@ietfa.amsl.com>; Tue, 3 Aug 2021 08:12:08 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248E73A26DA for <babel@ietf.org>; Tue, 3 Aug 2021 08:12:08 -0700 (PDT)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.43/8.16.0.43) with SMTP id 173F71rv029759 for <babel@ietf.org>; Tue, 3 Aug 2021 11:12:07 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 3a6w2e9bpm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <babel@ietf.org>; Tue, 03 Aug 2021 11:12:01 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 173FBxg8002663 for <babel@ietf.org>; Tue, 3 Aug 2021 11:12:00 -0400
Received: from zlp27130.vci.att.com (zlp27130.vci.att.com [135.66.87.38]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 173FBvaF002620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <babel@ietf.org>; Tue, 3 Aug 2021 11:11:58 -0400
Received: from zlp27130.vci.att.com (zlp27130.vci.att.com [127.0.0.1]) by zlp27130.vci.att.com (Service) with ESMTP id D439D4009E70 for <babel@ietf.org>; Tue, 3 Aug 2021 15:11:57 +0000 (GMT)
Received: from MISOUT7MSGEX2DF.ITServices.sbc.com (unknown [135.66.184.225]) by zlp27130.vci.att.com (Service) with ESMTP id BD5A04005651 for <babel@ietf.org>; Tue, 3 Aug 2021 15:11:57 +0000 (GMT)
Received: from MISOUT7MSGED1DA.ITServices.sbc.com (135.66.184.175) by MISOUT7MSGEX2DF.ITServices.sbc.com (135.66.184.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 3 Aug 2021 11:11:57 -0400
Received: from MISOUT7MSGETA03.tmg.ad.att.com (144.160.12.222) by MISOUT7MSGED1DA.ITServices.sbc.com (135.66.184.175) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14 via Frontend Transport; Tue, 3 Aug 2021 11:11:57 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.105) by edgeso3.exch.att.com (144.160.12.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Tue, 3 Aug 2021 11:11:49 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VPAMx4wBsBjHcIel5RlpZWATweR39yepyIN6J1vfVYFZKBkjT+CpKTds6BSxNqpvCSwrZSrAqLhiLvWOdI/jc/ShPYsoQLOAXF0+ulzoh0hTP2R7X3y4XRNW8uic+GfREaaMITga7+/hifl9S8oWz3F3BXQH9wN3Ht6KpC7QhZB7gcJ6i2tYaXA3N84EUDVdY+sPgrMlJiyB9+xvLQ/cqHlLXLk037BmF6XgB4nW1OjBf0mpeLA7YXZY5uAgE1dLmRFNgvoECrV8cTBrpaJGM9E253AiTMUdciQbyQgj6G9dPn3t3XH3LOEUXmRwe1qU3JPG+9jKfi+feuoaRL8i4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nOh3CyHZx6zr8tBYwRbFiY7FkNoq6dEcT0Y7JR/UChg=; b=k2MkkPM1hnOhrE+6rBE8oy5Zta6Tt5C9SYn7Ja6rjxKxGi/khns+dvGdGiyoTjg+Trci2nKBc0b708WbRMfaTHw4LZFYvDXBSwQwCAvZB5XXoCl0+pQRp3iqDIRPOULsF5Tglycc9Q+Adc6b8P3cNnN6x/xp48IGuvzPZXDW+Dtn4A9d17s6svMgcg7jxFARb3GU63Bi9YAFLvibgkMAu6eQ7rELHhRM8rj4QVzKqVcKGZnfnGfVe+Su2SNqvIdG7pzns0v2kEe026SwyZbfPLi7poJGP5HrX+97EOxtSmVrJd/g7ifb3RcgU9h4n4y2p7T/CWzngdyP2UwGH47qPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nOh3CyHZx6zr8tBYwRbFiY7FkNoq6dEcT0Y7JR/UChg=; b=UeaV0meF+crgnadUZoVkpdDvQMmJP+jceQOH/V4S7NYARkkRgNKvFt5Ks2yNLJkUeJdBNlVkcU2KkFp5GRLYUBz89ySt4tqWxAKSFyvw2FhUhEZNHiMyyOXxSwwGLlP6JgdlvwsqTv23nA5DsIhaaYXRuXRD6sdeBc+8EXvxGNI=
Received: from DM6PR02MB6924.namprd02.prod.outlook.com (2603:10b6:5:25f::7) by DM6PR02MB5308.namprd02.prod.outlook.com (2603:10b6:5:43::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.20; Tue, 3 Aug 2021 15:11:49 +0000
Received: from DM6PR02MB6924.namprd02.prod.outlook.com ([fe80::d019:8784:1d4c:6130]) by DM6PR02MB6924.namprd02.prod.outlook.com ([fe80::d019:8784:1d4c:6130%3]) with mapi id 15.20.4373.026; Tue, 3 Aug 2021 15:11:49 +0000
From: "STARK, BARBARA H" <bs7652@att.com>
To: "'babel@ietf.org'" <babel@ietf.org>
Thread-Topic: Babel DTLS and YANG
Thread-Index: AdeIcm50meF1WZcvSGKFzTuShDENOw==
Date: Tue, 3 Aug 2021 15:11:48 +0000
Message-ID: <DM6PR02MB69240809030DD2B249100282C3F09@DM6PR02MB6924.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=att.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 61820726-5ea3-477f-845c-08d956910434
x-ms-traffictypediagnostic: DM6PR02MB5308:
x-microsoft-antispam-prvs: <DM6PR02MB53084FD08CF964B4803B0ED2C3F09@DM6PR02MB5308.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T4jxmSPfx6FJ8Z5ElCDKMq0BRyEniLTU9C5T14iWM8MgNwq4ChZ6YZASmiqM7X8JNvacUzs0cBqk/Bh7S+/Fzq5mmwqM+e/B9csRcvRFYqgjXPG5c3GHKJz1PGvHEbFxiGixLUpxM4pFiklQvJIHVcK/O++4yMpN+/6r23sFcdKkaLJduaw+0RcsXYwt1EoNiskvmk+yYJuUgfo8OkhRiB6eIO1AI+BpZC7xWorOIszXZBCN3z1ddRLzZO27bn2WvAKDi3+jWsjUV7Y6LAzYwF+ML9OrBlv2T9MBbs9wuf9fTXOADYKIjYilvLYfOlW8ENOR2ecBD0F29ag+OG6DzCiPjvMa+O+X2VBpphAZjIG9/5HIYSsoe8IYuS+y3/HcjG3cpAnZDqHyPOxnmjXgD+TiOqLJnmPubpv30Vc8voHRdgmTnt3eBfgc/8Lcky7cY8EqedcQUYgXxU2RAeptiy3A1gC5XVm1FNHtGjrzKFWMDDKp9sBDHTAK+nyR21nSl4lOX9rU9CfJrA+x1ErqDIRCuPOGiL1sYJ9IqYy3OHCKgLsTiFaQ+dsmdKDTJk5hdGTFrr9ErQwcvfc94X7YoNIRhEDbyVoUefisTtPNY/rgkmfcCdZhkKlHDdOyASvJxJpJA/DpOJFAgdrJxTGDiMXZDpqyQKEoWw75QTbDFE+3hkVmMjLGVcxmuAiuBnvpEpA94m2doiPN8N3HTNs0Ay+UAwAlehZPuBynwp6Brus=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR02MB6924.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(39860400002)(346002)(366004)(136003)(52536014)(7696005)(76116006)(26005)(186003)(6506007)(71200400001)(66946007)(66476007)(66556008)(64756008)(66446008)(3480700007)(33656002)(86362001)(122000001)(8676002)(5660300002)(82202003)(38070700005)(8936002)(6916009)(316002)(9686003)(55016002)(478600001)(38100700002)(2906002)(491001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?D1qB17lm36JWMzo8xGP/Ku3BuirgGJEHgtMQlvGUizJV1wjL4dHHkj28X0Px?= =?us-ascii?Q?zcYxoXhlgNT3ZXz0C91taeSivS7EIkeYE85UsE3NISMgtEz0bXrLlrCJaVz4?= =?us-ascii?Q?7quVy8QCUiSNNsjFa5e5rqeSOoLWAt4spfxb55NisS19lpzIsCaOuZe6XvfR?= =?us-ascii?Q?kugdRj4vEUiN3oytQqKod+3E55Jc9i0AC0Xvr+uXGKnqWSpJnMPJ1KH4u7on?= =?us-ascii?Q?UBU3O7FFM25Z3Y9VNT/B718E+0LdZF66vsQiF5bEL12Do8r7OGp/hdBGVYIM?= =?us-ascii?Q?IY+pD0yIgRd/4xtA5NRYYpHEldtb9TNJY7whkTJXb5R3pYnMYhZIY9znmoFI?= =?us-ascii?Q?l4q9mi4sPnEnJMuXOBaaFSPKXODY7fkxQry5zPTFKiEqtCmTrZL2oqj49Ejw?= =?us-ascii?Q?GR2hauoMuFDxLwY3dwBWbKWWRgFNwk/3NeAsmlFdIHhHG5DbStB/TNmwyKVX?= =?us-ascii?Q?VNmD3/rwYM6L17hV/Sp/uHQQCEjvbsTgd9qypkYMKHHf8uX8tO0FK3ZsYYax?= =?us-ascii?Q?R+MgJrt+EeWkVxu44WIXBFnS8GgfAN6C7oB6x2/I35dPc2iIkb8GbQ94Fytz?= =?us-ascii?Q?fzZcyiyn7Olx/B6xfGCWuwOJHR1PVgQQXEfjebxngdrFgZevfbN5Y+yPsCDi?= =?us-ascii?Q?RNMnzJbycyqGTkYJJ+UW/DHuSQX1G/yuaTHSyGrpJDgmuiojC62GLmxjQhtY?= =?us-ascii?Q?0gJS5HwpUEfruCfVMuSl//oC0xhKoBMcKUx0wo9m9zu+0qKGxr2FxiEibz+q?= =?us-ascii?Q?Wl9MS9zmHKhwkr5g2HBV3Kf7n6i91JHA/XXwa3tIN1ItJx/23SlrH984wgGx?= =?us-ascii?Q?cE/oWlcR0MLPUCdabPlu4AfWy0PnAck3CTN02xiAPupRhhFiOZow+XkQU2XU?= =?us-ascii?Q?Utl3qQK4bKutewoHHW1/WLJbjfFc7I7mr7I1v+SS8JFNlU04zGs5I7w/5cMr?= =?us-ascii?Q?8GXc3BTqDYfLQv+EaKlt4zono9T72o5e9I1w5b5BfcRmuKJ6gjW6hUaSApUO?= =?us-ascii?Q?zU1Su+K2QgwVwIZeoC+Lw2qkr7g6g0ZHgF/yyE0UqnpCgfPM1fp4Q9xwBSe+?= =?us-ascii?Q?74D04jewXTqCj3wA9QLOWSCtISp3LkgRrHjAhTTSH09rn6ijfyM/TI24WY44?= =?us-ascii?Q?KRG7odXXbO+9gZZUQDrplK+hpyF8FqwUQYQZ6x9dFNqvd4ZhWm6Hw+ZJCV02?= =?us-ascii?Q?YHvQYy4b+pd+UdvqCJ+EjDyPUntLvifvnboj6LqiLDH0WdI9o7s5f/1hdu5d?= =?us-ascii?Q?FQYsZG5F8CiQEfn8KouPEHYfMb2//jndXWIk2TfDny2DqhNmIk6hVvm9wNKR?= =?us-ascii?Q?y+7lvg9VtU5KqO99p4AbKpcM?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR02MB6924.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61820726-5ea3-477f-845c-08d956910434
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2021 15:11:48.9039 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Rutqn83rl1Dpd0VWyIg0zNWzEueHpfCdmWvd50jCwOA1Q4f3irzAXcb0tWp1EK/P
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR02MB5308
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: E16AA0866255BBD11175DB788498529181C8771C1684CC4D24FB42E20D97AE552
X-Proofpoint-GUID: GqRmgwrXggEObv8UY8ijaIdblA-6zWRq
X-Proofpoint-ORIG-GUID: GqRmgwrXggEObv8UY8ijaIdblA-6zWRq
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-03_04:2021-08-03, 2021-08-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 bulkscore=0 adultscore=0 phishscore=0 mlxscore=0 spamscore=0 malwarescore=0 clxscore=1011 suspectscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 mlxlogscore=847 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108030100
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/qKMBACT6Y-7VOnj4jrdXUN_WdoU>
Subject: [babel] Babel DTLS and YANG
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 15:12:13 -0000

Hi Babelers,
We're getting some comments on the YANG model that we need a little help with.
Specifically, we need help with the modeling of the DTLS private key.
For DTLS, we've included data model support for X.509 certificates and Raw Public Key.
The certificate type (X.509 or Raw Public Key) is specified for every certificate.
Both have distinct public and private keys.
Public keys are provided via the data model in PEM format.
The public key PEM file includes info about the cipher suite that was used to create the pair (RSA, Elliptic Curve, etc.) and therefore needs to be negotiated in DTLS handshaking. 

But for the private key, we had come to a consensus that the Babel implementation just wanted the binary private key value. 

If the private key were expressed in PKCS#8 (generic key format) PEM, we would have:
-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:
-------------------------------------
PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      OCTET STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}
---------------------------------------

AlgorthmIdentifier identifies the cipher suite.
But it sounds like the binary private key value Babel is providing is just the "PrivateKey" part of this. 
Is that correct? If so, doesn't the implementation need to know the "AlgorithmIdentifier"? Or (since we supply the public key with the private key) can or does the Babel implementation pick this up from the associated public key?

Thx,
Barbara