[netconf] Paul Wouters' Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS)
Paul Wouters via Datatracker <noreply@ietf.org> Thu, 01 February 2024 02:58 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C7ABCC14F6B5; Wed, 31 Jan 2024 18:58:20 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-keystore@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, bill.wu@huawei.com, mjethanandani@gmail.com, bill.wu@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <170675630080.23323.7814071664943481478@ietfa.amsl.com>
Date: Wed, 31 Jan 2024 18:58:20 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/1d77eWLkCBQWJ69WOPEk7AOumJ0>
Subject: [netconf] Paul Wouters' Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2024 02:58:20 -0000
Paul Wouters has entered the following ballot position for draft-ietf-netconf-keystore-30: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I support Roman's discuss with respect to the backup/restore procedure. Perhaps limit it to say that a global KEK could be used to facilitate this, but not go into details on how this would work with diagrams? Similar to draft-ietf-yang-crypto-types: | +--rw certificates | | +--rw certificate* [name] | | +--rw name string Certificate identity is either done by entire DN, The Common Name (CN) RDN, or by a list of subjectAltName (SAN) entries. Can the latter be expressed here? Should a type be introduced? ("CN", "DN", "SAN") ? Should the type be a list as 1 certificate can have multiple identities via multiple SAN entries. See also: +--rw end-entity-cert-with-key* [name] +--rw name | string Section 4.1: A server MUST possess (or be able to possess, in case the KEK has been encrypted by yet another KEK) a KEK's cleartext value so that it can decrypt the other keys in the configuration at runtime. Perhaps "MUST possess access to KEK or API using the KEK"? A server might be using a TEE and not really have the KEK itself, but it can send a decryption job to an API inside the TEE that could use the KEK and return the decrypted key. In this case, the server does sort of "possess" the key but never its "cleartext value". Section 4.2: Implementations SHOULD provide an API that simultaneously generates and encrypts a key (symmetric or asymmetric) using a KEK. Should that say "(symmetric or private asymmetric)" ? Section 5.1: In order to satisfy the expectations of a "keystore", it is RECOMMENDED that implementations ensure that the keystore contents are encrypted when persisted to non-volatile memory. I would probably add "and ensure keystore contents that have been decrypted in volatile memory are zeroized when not in use".
- [netconf] Paul Wouters' Discuss on draft-ietf-net… Paul Wouters via Datatracker
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Paul Wouters