Re: [Isms] Status of IESG-review changes for draft-ietf-isms-dtls-tm
"David Harrington" <ietfdbh@comcast.net> Wed, 05 May 2010 23:08 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: isms@core3.amsl.com
Delivered-To: isms@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EEC963A6AE9 for <isms@core3.amsl.com>; Wed, 5 May 2010 16:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[AWL=-0.198, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FFXa0N1i5Smo for <isms@core3.amsl.com>; Wed, 5 May 2010 16:08:13 -0700 (PDT)
Received: from qmta14.westchester.pa.mail.comcast.net (qmta14.westchester.pa.mail.comcast.net [76.96.59.212]) by core3.amsl.com (Postfix) with ESMTP id 188393A68D4 for <isms@ietf.org>; Wed, 5 May 2010 16:07:58 -0700 (PDT)
Received: from omta23.westchester.pa.mail.comcast.net ([76.96.62.74]) by qmta14.westchester.pa.mail.comcast.net with comcast id Dmix1e0021c6gX85Ez7ldS; Wed, 05 May 2010 23:07:45 +0000
Received: from Harrington73653 ([67.189.235.106]) by omta23.westchester.pa.mail.comcast.net with comcast id Dz7l1e0042JQnJT3jz7lWU; Wed, 05 May 2010 23:07:45 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Wes Hardaker' <wjhns1@hardakers.net>, isms@ietf.org
References: <sdaase140y.fsf@wjh.hardakers.net>
Date: Wed, 05 May 2010 19:07:41 -0400
Message-ID: <097301caeca7$c385a650$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <sdaase140y.fsf@wjh.hardakers.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: Acrskm/ibENq1r8mQTadYg+AVXwmMwACgCNQ
Cc: iesg@ietf.org
Subject: Re: [Isms] Status of IESG-review changes for draft-ietf-isms-dtls-tm
X-BeenThere: isms@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/isms>
List-Post: <mailto:isms@ietf.org>
List-Help: <mailto:isms-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 23:08:14 -0000
Hi, > This is a very important and well written document, and before > baloting a YES vote I would like to clarify a few issues: > I agree this is a well-written document, except those portions copied from my document ;-) > > 3.1.2 DISCUSS 2) In Section 7: > ------------------------------- > > Quoting the draft: > > snmpTlstmCertSANAny OBJECT-IDENTITY > STATUS current > DESCRIPTION "Maps any of the following fields > using the > corresponding mapping algorithms: > > Type Algorithm > ------------+------------------------ > rfc822Name > snmpTlstmCertSANRFC822Name > dNSName > snmpTlstmCertSANDNSName > iPAddress > snmpTlstmCertSANIpAddress > > The first matching subjectAltName value > found in the certificate of the > above types > MUST be used when deriving the > tmSecurityName." > ::= { snmpTlstmCertToTSNMIdentities 5 } > > Does the table prescribe the order in which various > subjectAltName types are checked? > > + WH: No, each "mapping algorithm" can prescribe it's own > method of searching in order to keep the table generic. > In fact, the table doesn't (by design) talk about > subjectAltNames themselves and that's left up to the mapping > objects that define how to map certificate contents into > SNMPv3 securityNames. > > + Alexey: I might be missing something. This choice allows > different implementations to do different things. This > doesn't seem to encourage interoperability. > > + WH: I'm sorry if I've inadequately explained things. > Interoperability is definitely assured because all the > mapping algorithms we're defining in the document have > deterministic results. > > So, using this example taken straight from the appendix we > have the following mapping set up: > > snmpTlstmCertToTSNID = 1 > (chosen by > ordering preference) > snmpTlstmCertToTSNFingerprint = HASH > (appropriate fingerprint) > snmpTlstmCertToTSNMapType = snmpTlstmCertSANAny > snmpTlstmCertToTSNData = "" (not used) > snmpTlstmCertToTSNStorageType = 3 (nonVolatile) > snmpTlstmCertToTSNRowStatus = 4 (createAndGo) > > This says that if the incoming connection contains a public > key in the verification tree that matches the HASH then it > should use the 'snmpTlstmCertSANAny' mapping algorithm > (which is assigned a unique OID within the MIB tree so it > can't be confused by another conflicting definition). > > So, looking up the rules for snmpTlstmCertSANAny we find: > > Maps any of the following fields using the > corresponding mapping algorithms: > > Type Algorithm > ------------+---------------------------- > rfc822Name snmpTlstmCertSANRFC822Name > dNSName snmpTlstmCertSANDNSName > iPAddress snmpTlstmCertSANIpAddress > > The first matching subjectAltName value found in the > certificate of the above types MUST be used when > deriving the tmSecurityName. > > The last paragraph clearly indicates we take the *first* SAN > of the above types in order to do the mapping with. So if > the certificate in use had 300 different SANs but the first > was a rfc822Name containing alexey.melnikov@isode.com then > that is the value that every implementation MUST pick in > order to meet the standard. There is no ambiguity about > what happens if you follow all the rules for the > configuration specified in the MIB. > > The only extensibility is that future standards or > enterprises can define their own mapping algorithms, > assigned to their own unique OIDs that can be used in the > snmpTlstmCertToTSNMapType column. We're actually expecting > at some point in the future within the IETF to define a > standard for mapping (deterministically of course) the > kerberos principal from an otherName field. (But since that > doesn't exist now, it can't be used yet.) > > Make more sense? > > + David Harrington: > > I think the text you quote is not deterministic because it > says the tmSecurityName is derived, but doesn't specify how > the derivation is done: > > > The first matching subjectAltName value found in the > > certificate of the above types MUST be used when > > deriving the tmSecurityName. > > You do not specify a 1:1 identity mapping MUST be > used. Something derived is usually different than the > original. So if the subjectAltName was "David Harrington", I > could derive a tmSecurityName of "David", "Harrington", or > "David Harrington H73653" and still meet the definition you > quote. And if this was used in a securityName in a MIB > module, and read by a remote operator, it would not be > apparent that agent A's "David" was the same principal as > agent B's "Harrington". > > And I have to agree that if everybody gets to define their > own additional algorithms for derivation, even if they are > registered by OID, that doesn't lend itself to > interoperability. Is "IETF Review" required for every > algorithm so the algorithm is at least published publicly? > > + WH: Well, it does. But if you missed it then more text is > needed to clarify it further. > > In particular: > > DESCRIPTION "Maps any of the following fields using the > corresponding mapping algorithms: > > Type Algorithm > > > Note that the mapping algorithm is specified in the second > column, and each of those mapping algorithms are > deterministic in nature (we worked hard to make sure that > all case-sensitivity, etc, was dealt with in the > sub-algorithms). > > If you're concerned about the above not being enforced > properly then I'll add the following new text (surrounded be > ***s) to ensure compliance. > > DESCRIPTION "Maps any of the following fields using the > corresponding mapping algorithms: > > Type Algorithm > > ------------+---------------------------- > rfc822Name > snmpTlstmCertSANRFC822Name > dNSName > snmpTlstmCertSANDNSName > iPAddress > snmpTlstmCertSANIpAddress > > The first matching subjectAltName > value found in the > certificate of the above types > MUST be used when > deriving the tmSecurityName. > ***The mapping algorithm > specified in the 'Algorithm' > column MUST be used to > derive the tmSecurityName.***" > > Does that appropriately address your concerns with respect > to the "determinsticness" of the mapping? > > + WH: Regarding everyone defining their own algorithms: this > is nothing new to the IETF or to SNMPv3. We already allow > USM users, standards bodies and developers to define their > own security algorithms (i.e., auth and priv) via a > specified OID usable in the usmUserTable. If you want an > IETF standardized algorithm, you likely need to publish it > via IETF process and get an assignment in the MIB tree > from IANA. However, if you work at a device-vendor and > want to create your own then it's sort of up to you to get > it right. E.G. Supposedly there is an OID that was > created to allow interoperable 3DES encryption between > certain SNMP stacks that supported that > enterprise-specific assigned encryption > identifier. Knowing the people that defined how it was > supposed to work, I'm sure they got it right and > interoperability problems haven't resulted. However, there > was nothing stopping them in the USM wording that required > IETF review for them to publish said OID. Nor do I think > there should be. We also allow enterprise-specific > security-model identifiers to be defined, but yet we don't > mandate IETF-review for them to start implementing or > publishing documentation about them. How is this > different? > > The important aspect in my mind is that if two > implementations implement a mapping algorithm registered > at an OID and there are no flaws in the language that > define the OID then will interoperability succeed? The > answer is certainly yes. If the definition or the > implementation is flawed then interoperability will > certainly fail, just as it would for USM auth/priv > algorithms and SNMPv3 security model algorithms. > > + Alexey: > > Sorry, I've missed the text about ordering. > > However there is another more subtle problem with this > approach. My understanding is that many TLS APIs don't > necessarily allow to iterate through subjectAltName types in > the order are specified in the certificate. It is more > common to have APIs that return SAN of a specific type. So > this choice really makes it hard for applications to > implement the mapping. > > + WH: > > I'm not sure about all the stacks. If this is true I > suppose making the Any algorithm optional is the only way to > recover. We're implementing this using OpenSSL and it seems > to return stuff in order, but I'll double check that > tomorrow. > > If other popular TLS X.509 manipulation stacks don't allow > for this we have the choice of: > > 1) Deleting the snmpTlstmCertSANAny entirely. > (I don't favor this one at all) > > 2) Making the snmpTlstmCertSANAny optional. > (My preference) > > 3) Requiring everyone to implement it :-) > > + Alexey: > > I generally feel you have too many choices for > extracting identity > from certificates. I think this is David's point as well. > And when you add algorithms that combine multiple > other choices in a > certain way, you increase the number of choices. > > But anyway, I think I need to think more about this > and we should > discuss this with the rest of IESG. > > + WH: > > It should be noted that the WG had this exact discussion (in > Sweden) and the WG members were of the opinion that we > needed the "Any" option for ease of configuration. I'm > reluctant to change the current behavior given these past > discussions. > > The output is deterministic so there is no issue with > interoperability unless the APIs can't handle it. > I still have concerns about interoperability. I think we'll talk about this during the telechat tomorrow. > 3.2.1 CLOSED In Section 3.1.2, the last sentence of the last > paragraph: > -------------------------------------------------------------- > ---------- > > Implementations SHOULD offer configuration settings for > mapping algorithms to SNMPv3 security levels. > If we say it SHOULD, then shouldn't we provide the appropriate tables in the MIB module? I am not certain what such a mapping would look like. > > 4.2.3 CLOSED Forgive my ignorance regarding SNMP/SMI, but I > can't seem > -------------------------------------------------------------- > --------- > to find a definition of "transport domain"; is it a DNS domain > name, a trust domain, or something else? (It seems to be more > like an address type.) It might help to make this clearer in > the definitions of the snmpTLSTCPDomain and snmpDTLSUDPDomain > transport domains. > > document you had read. I'll put in a reference to RFC2579 Actually, 3417 is probably the preferred reference. dbh
- [Isms] Status of IESG-review changes for draft-ie… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… David Harrington
- Re: [Isms] Status of IESG-review changes for draf… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… David Harrington
- Re: [Isms] Status of IESG-review changes for draf… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… Juergen Schoenwaelder