Re: [netconf] crypto-types and keystore comments

Martin Bjorklund <mbj@tail-f.com> Thu, 14 November 2019 13:48 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC37C1200EF for <netconf@ietfa.amsl.com>; Thu, 14 Nov 2019 05:48:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mGmZBG_n78K for <netconf@ietfa.amsl.com>; Thu, 14 Nov 2019 05:48:09 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id C2E6B1200EC for <netconf@ietf.org>; Thu, 14 Nov 2019 05:48:09 -0800 (PST)
Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 80B0C1AE0312; Thu, 14 Nov 2019 14:48:08 +0100 (CET)
Date: Thu, 14 Nov 2019 14:47:38 +0100
Message-Id: <20191114.144738.728144006347516638.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016e6a250215-e89c9f24-60d9-419d-bc24-221786cb6f85-000000@email.amazonses.com>
References: <0100016e69e99e3c-893fbfb4-3dc8-4725-b7ef-87bbf491dc2c-000000@email.amazonses.com> <20191114.140135.2027227966816173737.mbj@tail-f.com> <0100016e6a250215-e89c9f24-60d9-419d-bc24-221786cb6f85-000000@email.amazonses.com>
X-Mailer: Mew version 6.8 on Emacs 25.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/3f0S9aEAoL7o8B9pdtWuVlijSZ8>
Subject: Re: [netconf] crypto-types and keystore comments
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 13:48:12 -0000

Kent Watsen <kent+ietf@watsen.net> wrote:
> 
> Hi Martin,
> 
> 
> >> The issue presents itself when configuring the "server-identity" in
> >> ietf-ssh-server, whether a local definition or a reference to a key in
> >> the keystore.  A "must" expression could be used to constrain the
> >> supported key-formats allowed.  Our modules could hardcode this for
> >> all implementations
> > 
> > Ok.  This is worth exploring imo.
> 
> I added FIXME comments into all of ietf-[ssh/tls]-[client/server].
> 
> 
> 
> >>> You're using a normal config false list for this (which is fine), but
> >>> I don't think you can use a single global list like this.
> >> 
> >> I don't understand this statement.
> > 
> > My point is really just that a single global list like this is not
> > sufficient.   It doesn't matter if "feature" has problems; a single
> > global config false list is not sufficient for what you're trying to
> > do.
> 
> True.  But how can we define a way to get a list per instance?  Should
> there be a "config false" list wherever the "algorithm" node appears
> (i.e., put the list into the crypto-type groupings having the
> algorithm node?)

I don't know, probably.  Do we really want that?  Probably not.

This is exaclty why I suggested earlier that we don't spend time
trying to solve this problem at all now.  I'd rather not put in
something that we know doesn't really work.

> >> Not true or, rather, the intention is to support native encoding
> >> formats, including DER vs PEM, and CMS vs multi-part PEM.
> > 
> > But that would be different key-format identities, right?  
> 
> I think so, yes.
> 
> > The issue
> > here is about what the specfic format is for ssh-public-key-format.
> > The format I suggest is also already used in RFC 7317, as was pointed
> > out before by someone else.
> 
> That is the binary encoding for the on-the-wire public key.  Yes, for
> the binary encoding, this is a great option.  But I thought a goal was
> to try to use native tool formats when possible. Not that we want to
> hardcode to OpenSSH, but `man ssh-keygen`:
> 
>      -m key_format
>              Specify a key format for the -i (import) or -e (export)
>               conversion options.  The supported key formats are:
>               ``RFC4716'' (RFC 4716/SSH2 public or private key),
>               ``PKCS8'' (PEM PKCS8 public key) or ``PEM'' (PEM
>               public key).  The default conversion format is
>               ``RFC4716''.  Setting a format of ``PEM'' when
>               generating or updating a supported private key
>               type will cause the key to be stored in the legacy
>               PEM private key format.
> 
> 
> >>>> That said, if you refer to the link I provided at top, it is my belief
> >>>> that the "key-format" node may be extended to support alternate
> >>>> encodings (e.g., DER vs PEM and, potentially, CMS vs multi-part PEM).
> >>>> To this end, perhaps we could support both the 4716 and 4253 formats.
> >>> 
> >>> Do we really want to go there?  This is already quite complex, and
> >>> having a multitude of optional formats for the same thing may make
> >>> things even more complex, to understand and get right.
> >> 
> >> Binary formats (e.g., DER) are fundamental, but some raised usability
> >> concerns
> > 
> > Do you have a pointer to this?
> 
> There was an email from Juergen a few months back.

But that was based on a misunderstanding.  (or you mean something
else)

> >> , hence the exploration.  As for complexity, how do we know
> >> until we try?
> > 
> > I think we _are_ trying now...
> 
> Fair, but there's yet to be a concrete proposal for how to support,
> e.g., multi-part PEM encoding and, in particular, how it is
> distinguished from the PEM encoding of the equivalent CMS.  Presumably
> it's just another identity, but there maybe more to it...
> 
> 
> Kent // contributor
> 


/martin