Re: [netconf] ietf crypto types - permanently hidden

Balázs Kovács <balazs.kovacs@ericsson.com> Fri, 03 May 2019 06:10 UTC

Return-Path: <balazs.kovacs@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64EE312006D for <netconf@ietfa.amsl.com>; Thu, 2 May 2019 23:10:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X76EXo4xpRua for <netconf@ietfa.amsl.com>; Thu, 2 May 2019 23:10:05 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10068.outbound.protection.outlook.com [40.107.1.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B389120059 for <netconf@ietf.org>; Thu, 2 May 2019 23:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZvU54oRMGYmsb1ZGM6GyDoQLsRq4+fNFRcEXG6eZ4Os=; b=WJnzJptgt5Clu5KHn/qSCL4nQaKJOim5lds44wFfBS6L2lQISB152RH4C3Bih/VS5+EnM5QKwExcoEd4pq3jYGY7qGCUE1EctsU6QeJ2aQoGZzOZgVo0gE0B+MOFAftd54EM/1mcI69i1Cu9mPqkNcTU7NrW9z6VlljI/Mglq1U=
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com (20.177.57.146) by VI1PR07MB5568.eurprd07.prod.outlook.com (20.178.80.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.11; Fri, 3 May 2019 06:09:57 +0000
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::dc72:dfff:beb3:3b47]) by VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::dc72:dfff:beb3:3b47%7]) with mapi id 15.20.1856.008; Fri, 3 May 2019 06:09:57 +0000
From: =?iso-8859-1?Q?Bal=E1zs_Kov=E1cs?= <balazs.kovacs@ericsson.com>
To: Kent Watsen <kent+ietf@watsen.net>, Martin Bjorklund <mbj@tail-f.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] ietf crypto types - permanently hidden
Thread-Index: AdTf8DCbvspujhISQkyURJOX9ReFpALufsOAAAVM5oADthG5oAAICCMAAAQfJ4AABQvugADqJOIAAAiERYAAKAZY4AABZSwAAAGYSwAACr5PgABUQnkAAAzoyAAAHLnpkA==
Date: Fri, 3 May 2019 06:09:57 +0000
Message-ID: <VI1PR07MB473550063330EE25D65642E083350@VI1PR07MB4735.eurprd07.prod.outlook.com>
References: <0100016a6e2130be-ee556dd0-e993-459f-be28-65fe1f74ece8-000000@email.amazonses.com> <20190430.144930.844252169549242587.mbj@tail-f.com> <0100016a6f64a438-50e97747-d12b-429b-8147-8bf6ed82bdac-000000@email.amazonses.com> <20190502.120944.41224357089248496.mbj@tail-f.com> <0100016a7957dd62-0c25451b-3a69-4a08-b4e6-d7ad22e5227d-000000@email.amazonses.com>
In-Reply-To: <0100016a7957dd62-0c25451b-3a69-4a08-b4e6-d7ad22e5227d-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com;
x-originating-ip: [2a02:ab88:2cb8:5600:149b:bf3c:db30:aae6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 47bde480-27fe-47c5-254e-08d6cf8df80c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:VI1PR07MB5568;
x-ms-traffictypediagnostic: VI1PR07MB5568:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <VI1PR07MB55688B79EAF5D05EF4D6F12683350@VI1PR07MB5568.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0026334A56
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(136003)(376002)(346002)(39860400002)(199004)(189003)(71200400001)(486006)(8936002)(4326008)(53936002)(6436002)(54896002)(6306002)(81156014)(81166006)(74316002)(71190400001)(8676002)(316002)(478600001)(9686003)(476003)(25786009)(5660300002)(7736002)(46003)(2906002)(606006)(236005)(11346002)(9326002)(86362001)(446003)(76176011)(110136005)(7696005)(55016002)(66476007)(66946007)(33656002)(6246003)(66574012)(53546011)(6506007)(14454004)(68736007)(45776006)(102836004)(14444005)(186003)(52536014)(6116002)(256004)(966005)(229853002)(73956011)(790700001)(99286004)(66556008)(64756008)(66446008)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5568; H:VI1PR07MB4735.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: XEyxCOJ7kpBY4tkUS3rF5tNqtpHdkqcxTvrMzMqZpi5ABUvfd5/Ux6RosJaq5+kvIc0kdSUlpXK1FZlAv9jhhUG0BOGMGaZJqz9/Xpb8SsGJEtq5rs+d9r6IB797OjKM5JAwRbVOM0q6OhUp2xcrd7qjlDomZalT7MWQ+FExYiEDUw0a/9MUSVldxuGTFFjMsqIMmyJkrTmk/A+L5UGJw8BzmViriJAJRxo3x2lbDCObEvohNCJxR4TKkagDFdzuuk/nOGHQyETGl5B8Ffb0/JxFq/Qzi1LI7aEeTpqbpuFRForMNhF8p8c2oR5tbq/p+dbupFlLt9TYJ/whCbZQGEBSZTKev8Ja1RMVtKLZUZQOnL8O0F3DBQnu5rjZ8xduo1HtJRjyAzBCLU9jASVovxBCOUGrmdx/1/nFzSbOH9w=
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB473550063330EE25D65642E083350VI1PR07MB4735eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 47bde480-27fe-47c5-254e-08d6cf8df80c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 May 2019 06:09:57.7468 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5568
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/pIBK-B60rcDX9dguEn8DIoCjynk>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 06:10:09 -0000

Hi,

But why?  If an operator wants to replace, why should the list entry
first be deleted and then created and then the key can be generated?
This seems like a CLR to me.

https://mailarchive.ietf.org/arch/msg/netconf/ZwXll9BtAv61EvVXtFDLLzTkljE

I might back off from this one. I guess mismatched key pairs can occur with regular configuration case too, so it all depends on the operator to provide the right pair, and it should be the operator's decision to do a graceful key switch by creating a new key instance or do an instant renewal on the same instance. If the peer device does not have to be reconfigured, the renewal on same instance could be a better choice.

Br,
Balazs

From: Kent Watsen <kent+ietf@watsen.net>;
Sent: Thursday, May 2, 2019 6:19 PM
To: Martin Bjorklund <mbj@tail-f.com>;
Cc: Balázs Kovács <balazs.kovacs@ericsson.com>;; netconf@ietf.org
Subject: Re: [netconf] ietf crypto types - permanently hidden


In enum permanently-hidden:
 OLD:
      The private key is inaccessible due to being protected by the
      system (e.g., a cryptographic hardware module).
 NEW:
      The private key is inaccessible due to being protected by the
      system (e.g., a cryptographic hardware module).  Since hidden
      keys are only ever reported in <operational>, the value
      'permanently-hidden' never appears in <intended>.

Ok, but perhaps s/<intended>/conventional configuration datastores/?

Fixed in my local copy.


Note that this statement was added because Juergen asked about how
hidden keys could be removed/replaced.  We iterated towards not
wanting to support the "replace" case

But why?  If an operator wants to replace, why should the list entry
first be deleted and then created and then the key can be generated?
This seems like a CLR to me.

https://mailarchive.ietf.org/arch/msg/netconf/ZwXll9BtAv61EvVXtFDLLzTkljE




Ok, I see.  I think the text needs some clarification; make it more
explicit.  It needs to say that if a "permanently-hidden" private key
exists in <operational> under a parent config true node and this
parent node is deleted, the private key is supposed to be (MUST be?)
deleted from the system as well.

Added, with a MUST.



A remove-hidden-key action can be problematic b/c if you forget to
call this action and then delete the config, presumably you have
lingering keys in the system that you can't remove.

I don't think this is true.  Even if an asymmetric key only exists in <operational> (i.e., the corresponding "config true" parent node is deleted), it seems that a 'remove-hidden-key' could still remove it.  In fact, this is the most consistent thing, to have an 'action' act on values in <operational>.


Kent // contributor