[babel] Babel DTLS and YANG

"STARK, BARBARA H" <bs7652@att.com> Tue, 03 August 2021 15:12 UTC

From: "STARK, BARBARA H" <bs7652@att.com>
To: "'babel@ietf.org'" <babel@ietf.org>
Thread-Topic: Babel DTLS and YANG
Thread-Index: AdeIcm50meF1WZcvSGKFzTuShDENOw==
Date: Tue, 03 Aug 2021 15:11:48 +0000
Message-ID: <DM6PR02MB69240809030DD2B249100282C3F09@DM6PR02MB6924.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D1qB17lm36JWMzo8xGP/Ku3BuirgGJEHgtMQlvGUizJV1wjL4dHHkj28X0PxzcYxoXhlgNT3ZXz0C91taeSivS7EIkeYE85UsE3NISMgtEz0bXrLlrCJaVz47quVy8QCUiSNNsjFa5e5rqeSOoLWAt4spfxb55NisS19lpzIsCaOuZe6XvfRkugdRj4vEUiN3oytQqKod+3E55Jc9i0AC0Xvr+uXGKnqWSpJnMPJ1KH4u7onUBU3O7FFM25Z3Y9VNT/B718E+0LdZF66vsQiF5bEL12Do8r7OGp/hdBGVYIMIY+pD0yIgRd/4xtA5NRYYpHEldtb9TNJY7whkTJXb5R3pYnMYhZIY9znmoFIl4q9mi4sPnEnJMuXOBaaFSPKXODY7fkxQry5zPTFKiEqtCmTrZL2oqj49EjwGR2hauoMuFDxLwY3dwBWbKWWRgFNwk/3NeAsmlFdIHhHG5DbStB/TNmwyKVXVNmD3/rwYM6L17hV/Sp/uHQQCEjvbsTgd9qypkYMKHHf8uX8tO0FK3ZsYYaxR+MgJrt+EeWkVxu44WIXBFnS8GgfAN6C7oB6x2/I35dPc2iIkb8GbQ94FytzfzZcyiyn7Olx/B6xfGCWuwOJHR1PVgQQXEfjebxngdrFgZevfbN5Y+yPsCDiRNMnzJbycyqGTkYJJ+UW/DHuSQX1G/yuaTHSyGrpJDgmuiojC62GLmxjQhtY0gJS5HwpUEfruCfVMuSl//oC0xhKoBMcKUx0wo9m9zu+0qKGxr2FxiEibz+qWl9MS9zmHKhwkr5g2HBV3Kf7n6i91JHA/XXwa3tIN1ItJx/23SlrH984wgGxcE/oWlcR0MLPUCdabPlu4AfWy0PnAck3CTN02xiAPupRhhFiOZow+XkQU2XUUtl3qQK4bKutewoHHW1/WLJbjfFc7I7mr7I1v+SS8JFNlU04zGs5I7w/5cMr8GXc3BTqDYfLQv+EaKlt4zono9T72o5e9I1w5b5BfcRmuKJ6gjW6hUaSApUOzU1Su+K2QgwVwIZeoC+Lw2qkr7g6g0ZHgF/yyE0UqnpCgfPM1fp4Q9xwBSe+74D04jewXTqCj3wA9QLOWSCtISp3LkgRrHjAhTTSH09rn6ijfyM/TI24WY44KRG7odXXbO+9gZZUQDrplK+hpyF8FqwUQYQZ6x9dFNqvd4ZhWm6Hw+ZJCV02YHvQYy4b+pd+UdvqCJ+EjDyPUntLvifvnboj6LqiLDH0WdI9o7s5f/1hdu5dFQYsZG5F8CiQEfn8KouPEHYfMb2//jndXWIk2TfDny2DqhNmIk6hVvm9wNKRy+7lvg9VtU5KqO99p4AbKpcM
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR02MB6924.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61820726-5ea3-477f-845c-08d956910434
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2021 15:11:48.9039 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Rutqn83rl1Dpd0VWyIg0zNWzEueHpfCdmWvd50jCwOA1Q4f3irzAXcb0tWp1EK/P
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR02MB5308
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: E16AA0866255BBD11175DB788498529181C8771C1684CC4D24FB42E20D97AE552
X-Proofpoint-GUID: GqRmgwrXggEObv8UY8ijaIdblA-6zWRq
X-Proofpoint-ORIG-GUID: GqRmgwrXggEObv8UY8ijaIdblA-6zWRq
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-03_04:2021-08-03, 2021-08-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 bulkscore=0 adultscore=0 phishscore=0 mlxscore=0 spamscore=0 malwarescore=0 clxscore=1011 suspectscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 mlxlogscore=847 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108030100
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/qKMBACT6Y-7VOnj4jrdXUN_WdoU>
Subject: [babel] Babel DTLS and YANG
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 15:12:13 -0000

Hi Babelers,
We're getting some comments on the YANG model that we need a little help with.
Specifically, we need help with the modeling of the DTLS private key.
For DTLS, we've included data model support for X.509 certificates and Raw Public Key.
The certificate type (X.509 or Raw Public Key) is specified for every certificate.
Both have distinct public and private keys.
Public keys are provided via the data model in PEM format.
The public key PEM file includes info about the cipher suite that was used to create the pair (RSA, Elliptic Curve, etc.) and therefore needs to be negotiated in DTLS handshaking. 

But for the private key, we had come to a consensus that the Babel implementation just wanted the binary private key value. 

If the private key were expressed in PKCS#8 (generic key format) PEM, we would have:
-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:
-------------------------------------
PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      OCTET STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}
---------------------------------------

AlgorthmIdentifier identifies the cipher suite.
But it sounds like the binary private key value Babel is providing is just the "PrivateKey" part of this. 
Is that correct? If so, doesn't the implementation need to know the "AlgorithmIdentifier"? Or (since we supply the public key with the private key) can or does the Babel implementation pick this up from the associated public key?

Thx,
Barbara

[babel] Babel DTLS and YANG STARK, BARBARA H
Re: [babel] Babel DTLS and YANG Mahesh Jethanandani
Re: [babel] Babel DTLS and YANG Donald Eastlake
Re: [babel] Babel DTLS and YANG Donald Eastlake