Re: [ippm] Benjamin Kaduk's No Objection on draft-ietf-ippm-twamp-yang-11: (with COMMENT)
"t.petch" <ietfa@btconnect.com> Thu, 21 June 2018 11:56 UTC
Return-Path: <ietfa@btconnect.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2E412D7F8; Thu, 21 Jun 2018 04:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4k0MzBhbGj_m; Thu, 21 Jun 2018 04:56:46 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0117.outbound.protection.outlook.com [104.47.2.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06FB313123E; Thu, 21 Jun 2018 04:56:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gkuH1U95/6KQz9/cRc1yUUza4GA033ErlS+ygc1QYcU=; b=CwZf8n3yTk13bU9LnZ6lkgujQThpqEWTloPmP2xNGV/FaQVaNCbne3XHUvYXt5XvhcvJQh05ShlKW96/poKzeXNVkRGaerIaj1Cje3Fc/EIEK/GKwVfPmGoCS2HbSQ/wNf1lUT18humHeCGyf9amgRapQDgLeOWIsidqj76qjOs=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ietfa@btconnect.com;
Received: from pc6 (86.156.84.71) by AM5PR0701MB2964.eurprd07.prod.outlook.com (2603:10a6:203:48::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.10; Thu, 21 Jun 2018 11:56:43 +0000
Message-ID: <032601d40956$9e99bd20$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfa@btconnect.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
Cc: ippm-chairs@ietf.org, draft-ietf-ippm-twamp-yang@ietf.org, ippm@ietf.org
References: <152933869439.3647.15290297683322606646.idtracker@ietfa.amsl.com>
Date: Thu, 21 Jun 2018 12:53:52 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.156.84.71]
X-ClientProxiedBy: LO2P265CA0182.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::26) To AM5PR0701MB2964.eurprd07.prod.outlook.com (2603:10a6:203:48::10)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2054e519-08e4-4a59-16c2-08d5d76e0ec4
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989080)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(5600026)(711020)(2017052603328)(7193020); SRVR:AM5PR0701MB2964;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2964; 3:1NmIhqdA/wlfpYQd/2GvT0QToRtt87whImDyq8Rks61Xmg4nwYF02RHdGZ22JIaSUxAJZF5u5k7qb7CFSk3H8lLnw82pbLGYGZ4t0UCCn58wDXScWwP848+GeddzS30SlMmDhTaKeOMf1+q2OjLRrQyYK/LzURzzG71BanZ/3uDhkpw3yIKJfWuLlqlioBfufMDLf/FeTPEXnZnGkPq+41BTqmZaVxmelofdV3WcTmFKhc00qCe9Z99mc3ITxfzW; 25:pxzdBJwajt3oNIsX5F1D4HxRR4VA7rMVElKhyVKvl7ga87hsAHRd2XQqi3VoTKT0P7IVJFMaW0beJE72GzymJG8nEozR/YTYKMRwyGSz/kiQWZyDIN+RMGjdEZvsIhzEtzupQOevBBLeojwDsBcQ3vSgXM4C3s0NeMqfmDredS+Bq2k56i/GQ53PhMyKwmyglsZhNrybRQA7tPNPVWw154pBYTH+appD6dx6NULciGvOmbsTiugcIxNIq3FM/crirNS06etHUQD+PmAh4F/KFx4zehdaFWYOQGmz+ZKMiy38d6jQyRhlZUeUP5/GE/vtV5bfsY8AN3CWOhIerXcQnA==; 31:noWb2mChrT/fOo7FzVUrwxGeRz5g4jZlXqScUR+VHtiAOee6ozuxBfJbVOuKADlmijcrT1A5H9mawF3Y2jQDqUVMubxeNIqNeuR5fC0Nr++HRRig+Pe6H60xJGgxqJb7YxzZ/PudRbGPYzHNQQ2JF38lPJHYWSZS6MBRjXzwWB48qO737P/ohUC3e9f+yDbc2TdEXgfnrhxDKZQu63YNp0wKXHIo/zDGWQbDMvKmFFA=
X-MS-TrafficTypeDiagnostic: AM5PR0701MB2964:
X-Microsoft-Antispam-PRVS: <AM5PR0701MB2964F74FE4874A784078BE50A2760@AM5PR0701MB2964.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(120809045254105)(192374486261705)(131327999870524)(240460790083961);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:AM5PR0701MB2964; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB2964;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2964; 4:9jidy0vKU/pxqvkaLEGdfyNeWqbHrrNeGfFsn59Gd++6eWQZUPg2e4GkME7UouCGeUX1s2uGYwZAX3Kg+NxOjne8aLl5F2+LKHTfB/1j2ATB9YKcpRF3saxyWWXGug73ykfMRVgijqszrNnG865gpUD94rdXcNAhMGRoShNGMa8LEZs7UDC2O9FSuR6Uz63sw7Mj6OJn4l7orurq69uOectypvIem48nlSRZbnysp1Oj/0tdRLuiiDlhb1mqWoFpuy2HTtX2b6o6G44Q+Lsc+6+jh9ga1FkR1Ftt3CFm4wGqmu3YdLmMIaNsM/3l4P6eUstwxnxYS5aajbxP9z++RYV+XwpHSfNL44aW548A/b40ONIx+NJN3cHtMO2VU8oTvmfsdD5hqRu5lWPLPgFqvqSPX+mpbVJyaw6rmWgXvRXH89I6459eXoC6t/gaPlNc9WvzTJOnkG2JeMSwIJB0kA==
X-Forefront-PRVS: 07106EF9B9
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(396003)(39380400002)(13464003)(199004)(189003)(5660300001)(6496006)(61296003)(105586002)(106356001)(386003)(26005)(52116002)(59450400001)(81686011)(47776003)(76176011)(66066001)(44716002)(62236002)(4720700003)(6666003)(33896004)(478600001)(81816011)(53936002)(97736004)(2171002)(6246003)(305945005)(25786009)(8936002)(7736002)(6116002)(4326008)(3846002)(81166006)(966005)(8676002)(81156014)(230700001)(229853002)(486006)(9686003)(476003)(6306002)(446003)(956004)(23756003)(84392002)(2906002)(50226002)(44736005)(68736007)(50466002)(6486002)(86362001)(186003)(14496001)(16526019)(316002)(1556002)(110136005)(54906003)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0701MB2964; H:pc6; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2964; 23:oepZeb4MleL0ePzvRWB48IhZnn5M56N9DJjqL2eQtYo+1ntwdUA5+qFpHp2gUJY85IhLsRJyBLCwI/ePkMYmNsd3sIThB46pJbiFjw3ZK+ZZtcJFhwuyPeCZIOJgwaFXaauP1U7Q1/MRs6E1Z2ryCb56LmQbhB5V8cjYbFWWvRcdCQ1+npZYLbXnM1d2Qz9DkuMsLy9UwJ0B/BrNRO1qQpY2NSHlSwjdl5/T/MtTKciQKwty6YeAwkE18GOhj5mSL2Ob+KKIsHMkvHlQmpeZyZxM3guObZUxqS7Vmphn2aeiOWe8F0RF60zP4jxIhQqf1rfJRVWdgJqew1RJmu2PbLt9qajcV6uUrF7ilFMLEjDPyaycxO44HgUR0ATizvx5keHr7bgQbLrWbWrSeH/7nMmVU9TROAg6/WJUM2icbezxGdbQNKX9ZsEThoNL+bIBRfvE8JzALKjcxlttiA+exAR8X24tnx/dMgMtPYh6iKLw1NtIfo+ZG+/AMjI4JsUjzs1YHWXxEZvVk5WcpR42Jb9Y/sirSYP6NZsMeV3X7dimZrjacTFuJzYSBjFEo65ZHCjEvOW6gUdRLhdRkkvNVmK4HrpixS2tA+fyv+neq9MmAlQSUpHgvZG0pleBH3eXdJdDUeQoWy/OxVKuhmxg4fGk3ruZpcO6agMzJTs37Dss+9RBREG/dcRJU46ASCdVdtQmTSt9kz5YXxvQZXulwLqmHgs58SH6Ymd3EE1EuIHPrmRCET+tNdiUIXXR+LF4TrFT9il09rxk7tEwltAxKXl34M6WE6xyfwcurmEeZ8w9Zmscfa4yyM4n4Dq4HLgd/MMrrzV9Yjy78sL12n764NHaXDrg6lMkjyvoM98CTWfNLuDRxWg4tF9awrT7IwN7PHLPtx3gF76Cbb/TAOCR846OTDzoM4vsdFNeOZemz9Yduyz9IiAmiWOeK+zy1JYrFTv8joT1Dtim+9lCKObWurgNLYSyOeYE6GV/+OGcE4G084CI+W2NQ5Lh/lIrYMA78awcZw8zXdXXEp0hoZIwVtRg9V+bqXasMuXJvKU82AbzrWz+wCgFkozW2PC9jRsgkfLm+V06t6d6C9aGhtFAwnDNfNkrE2t5dqCzChKKLhcaOWtp/gXSZzXyI33kpRGt9VFNnBGTiVsu9TK7/eXbw3hw+cfqFUquoNAqtJK45n8FyqznefSN/gZT2lnb54+TBlkUqNIQiOu0+Ch8qjgyERbaN+ZPbaWVa9OIHFbkirmpTaf5dpvol0bVx+Wl2kNKW6EzAxnc3/+tbVdSuJLsDaH0l0DW97163ZiTxoh1nq86a1KXgH8CZhbIPcdMwodQVk/EUytLb6uMgQzaiOMAlWsORSBexbzw5+Zb76J6hqBpCvFYAVe2ZjDfs+nmWOR9w2IAMVNDlBylTNvqI4JBssMTKTVT/0o6ImIKvR/+GDAOr1Y2l1HuxwWAmpSOLTv0977yas1estY0aS+D/bJI/SeowcLGIX8pJ34Ic/7nzTA0LCDpPbeeS0NR5Vfr+iUgk+fXCzJS08iCHJvMoQ8F/g==
X-Microsoft-Antispam-Message-Info: QDAVpDDzxnd5gjzmw7I8neRFa7XvTVJjleWOOqMsk00d9WIZaMKdOgfk4hgS8pJVJ0qgQxzKfEaa2C5RGJ4rkX5/1EuvrF+/c8d7D0FiK7MZq6UEfibreg8CDCGRlozyAxchrQyog0gzdFjeO/g5gYRfH0wnxhqtDaZJTgkPTf5nsqpEemignI1v5wePKBH3HWWsp25dXWyxsZFeVZGJyMwh943fEuG5zlzVyxt/xFgkeFeHZ4HWjkPleNd/vnWRgBCSuC8MjynV0KCBR7GtBnWeLWTs1dV+SoW6Tv6A/fcLzGrpsRuaiGK96h1hnYf9DinOsCuH7xPM9m00toPw3Q==
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2964; 6:Qer5Jepw0AmtLDK6zsB110XY+xn7/1HCEJdSmhAk7I13m17kbf0Y9gubcLhgZyldjYwXOJF6S8B0RRhEuP8MxlYyfDBnEGUQ/KMTenaeIOpLHmdNV/o0D+AwtO5oUXuKl2fbo7efH1g9t/J9KtrDVLAtzWNPgjbvjFN/G2ZArcGE38B+1qIFKF/TNpyXEBn22UTMvuJV0fNoycnXQ4RhU+hRfFZvknjiDzAjstIxd4lWeJwPeyFLt9grDC+nPLpV87SdH8zo8GzCRtnqUrJoL8MVJ289ShgXd91aVjSrG1fwMGks3QE78ng4LsybowSOkBXJbrI+CrejYLwCGJKKeGkg31H5w3z+FOCcPPDae6Ze+o7Tz8ILpvlnaVKpjD7etdMaa9A24Q1CP8UusRk8qi497y9GtrQoehZwKkVdHceNuJlZsLX6JuRstjhP1CzquIYf54wJmrjXsdshVHbt4w==; 5:JLjEUURBPd4veoOA2dLw0M+6piOXkvhIrNc7cwb9O3a1cV3WsikvGR9f2+lqF10P1KDB1vbp5fEh8h2jRFTfTmf55dw34NeulSQ0rBmzezIXD2RezVjBDdmJEfIC0c3sPgx5uReR0mKsfQ5l/atAvGgPAoEbS8ILCA2GDoeNJvM=; 24:wCjLPD4no5jv/Jr557PnGyvPc71ejMJQtj6z+u3UJUpAca/zsOej5f84o0MqZeEBmRw2Qu8eESKaNsmQm4+q9Ety+dwtmv53a1H5forgyDk=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2964; 7:IpSizlqMgwUoIrmCYnlfv+NuTbX1BvimVGInbK0VzW1LYfJJCtaBepY2ZAL3S4I2Y4o0O9zYd2eX7GOByDAT8BNbEEBZ+kj+n4UyfFlumzgHADipy+MSKBcjdXF6s8M3dLhGqwbPrDlA0AfDbDpFt2coIAOM+ToJuD0Rsh6sV9+la2cR1Xps1HF/bFVSuivGLxLuQIgqGXyQhTMwUme1ceCZPzCe6hndV2sQvy28VqHRNNQqZROkpMAxIFJAmHIA
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2018 11:56:43.3026 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2054e519-08e4-4a59-16c2-08d5d76e0ec4
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2964
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/HyG8mWz6FtinVCvgP_QUiKAxsqk>
Subject: Re: [ippm] Benjamin Kaduk's No Objection on draft-ietf-ippm-twamp-yang-11: (with COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 11:56:50 -0000
Benjamin Top posting on one minor comment You say > The <secret-key> elements appear to be using base64-encoded values. > Where is it specified that such encoding is used for the binary > values? (I assume this is just my ignorance of a generic standard, > so please enlighten me!) RFC7950 YANG 1.1 9.8.2. Lexical Representation Binary values are encoded with the base64 encoding scheme (see Section 4 in [RFC4648]). Tom Petch ----- Original Message ----- From: "Benjamin Kaduk" <kaduk@mit.edu> To: "The IESG" <iesg@ietf.org> Cc: <ippm-chairs@ietf.org>; <draft-ietf-ippm-twamp-yang@ietf.org>; <ippm@ietf.org> Sent: Monday, June 18, 2018 5:18 PM > Benjamin Kaduk has entered the following ballot position for > draft-ietf-ippm-twamp-yang-11: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ippm-twamp-yang/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Perhaps I am confused and/or misreading things, but the descriptions > of the control-client and session-reflector include discussion of > 'sid' session identifiers as if they were always used, but the mode > bitmap includes a separate bit for negotiation of > 'individual-session-control' for session identifier usage. Is there > some conflict between this mandatory/negotiable distinction, or are > they actually talking about different things? > > Comments below in document order, but please pay special note to the > (potential) need for global uniqueness of key-ids, the PBKDF2 > iteration count, and the list of sensitive nodes to call out in the > security considerations. > > > Section 3.1 > > o Authentication and encryption attributes such as KeyID, Token and > the Client Initialization Vector (Client-IV); see also the last > paragraph of Section 6 in OWAMP [RFC4656] and Randomness > Requirements for Security [RFC4086]. > > I'm confused about what the RFC4656 reference is intended to call > out -- the reliance on AES to be resistant to chosen plaintext, or > the randomly generated challenge from the server, or the existential > forgeries? > > o Information pertaining to the test packet stream, such as the test > starting time, which performance metric is to be used Registry for > Performance Metrics [I-D.ietf-ippm-metric-registry], or whether > the test should be repeated. > > Is there something missing before or around "Registry for > Performance Metrics"? The current text is hard to read. > > Section 3.4 > > Each Session-Reflector is associated with zero or more TWAMP-Test > sessions. For each test session, the REFWAIT timeout parameter which > determines whether to discontinue the session if no packets have been > received (TWAMP [RFC5357], Section 4.2) can be configured. > > nit: I think this would be easier to read if "which > determines...received" was offset by commas or parentheses. > > Read-only access to other data model parameters, such as the Sender > IP address is foreseen. Each test session can be uniquely identified > by the 4-tuple mentioned in Section 3.2. > > Nit: comma after "Sender IP address". > > Section 4.1 > > [...] Specifically, mode-preference-chain lists the > mode and its corresponding priority, expressed as a 16-bit unsigned > integer, where zero is the highest priority and subsequent integers > increase by one. > > I thought I remembered some discussion about this text being unclear > and removing "and subsequent integers increase by one" being > proposed. But I don't see that discussion in an obvious place, so > maybe it was on a different document. > > Note that the list of preferred Modes may set bit position > combinations when necessary, such as when referring to the extended > [...] > > Maybe "may set multiple bits independently" would be more clear? > But it seems that some bit combinations don't make any sense, like > unauthenticated+authenticated -- is there need for more expository > text here? > > [...] The secret-key is the shared secret, a sequence > of octets of arbitrary length whose interpretation is unspecified. > The key-id and secret-key encoding SHOULD follow Section 9.4 of YANG > [RFC7950]. [...] > > Section 9.4 of YANG is for (printable) strings, but the secret-key > is binary -- should this get a Section 9.8 reference as well? > I'm also not sure that leaving it as "arbitrary length" > is great -- if we're using it to derive 16-byte AES keys and 32-byte > HMAC-SHA1 keys, we could at least say "SHOULD contain at least 128 > bits of entropy". > > Section 4.2 > > [...] The Server, being prepared to conduct > sessions with more than one Control-Client, uses KeyIDs to choose the > appropriate secret-key; a Control-Client would typically have > different secret keys for different Servers. key-id tells the Server > which shared-secret the Control-Client wishes to use for > authentication or encryption. > > Does this imply a global uniqueness requirement for key-ids? If so, > that should be called out more clearly. > > Section 4.3 > > | name | > | ctrl-connection-name {ro} | > | fill-mode | > | number-of-packets | > | state {ro} | > | sent-packets {ro} | > | rcv-packets {ro} | > | last-sent-seq {ro} | > | last-rcv-seq {ro} | > +---------------------------+ > > nit: should the "{ro}" on "state" be right-aligned with the others? > > Is there any privacy concern about exposing the parent-connection > 4-tuple? > > Section 5.2 > > In the 'count' leaf, a default value of 10 (corresponding to an > iteration count of 2^10 == 1024 for PBKDF2) is described. This > seems quite low for a PBKDF2 iteration count, by modern standards. > In "normal" cryptographic protocols we would generally be using a > default closer to 32768 == 2^15 (which I see is the default *max* > count value, and there is additional discussion of the issue in the > leaf description for that leaf). Perhaps one could make an argument > that this is just for test setups and the keys and data exchanged > are "not very valuable", but there is always risk of key sharing > across protocols, and my preference is to present the strong > defaults and give users the option to reduce where appropriate. > What are the authors' thoughts here? > > Section 7 > > There are probably more nodes that can get called out as > particularly vulnerable, such as the count and max-count nodes that > can cause a long time to be spent on PBKDF2 iterations, the dscp > markings, the mode bitmask, etc. > > Appendix A > > The <secret-key> elements appear to be using base64-encoded values. > Where is it specified that such encoding is used for the binary > values? (I assume this is just my ignorance of a generic standard, > so please enlighten me!) RFC7950 YANG 1.1 9.8.2. Lexical Representation Binary values are encoded with the base64 encoding scheme (see Section 4 in [RFC4648]). > Am I reading it right that the <count>30</count> means 2^30 (one > billion) PBKDF2 iterations? Has this actually been run in practice? > It seems like it would be painfully slow. > > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm
- Re: [ippm] Benjamin Kaduk's No Objection on draft… Benjamin Kaduk
- Re: [ippm] Benjamin Kaduk's No Objection on draft… t.petch
- Re: [ippm] Benjamin Kaduk's No Objection on draft… Mahesh Jethanandani
- Re: [ippm] Benjamin Kaduk's No Objection on draft… Benjamin Kaduk
- Re: [ippm] Benjamin Kaduk's No Objection on draft… MORTON, ALFRED C (AL)
- [ippm] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk
- Re: [ippm] Benjamin Kaduk's No Objection on draft… Benjamin Kaduk
- Re: [ippm] Benjamin Kaduk's No Objection on draft… Mahesh Jethanandani