Re: [netconf] crypto-types fallback strategy

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Mon, 16 September 2019 18:31 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79AEE12003E for <netconf@ietfa.amsl.com>; Mon, 16 Sep 2019 11:31:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOXF6X7QEGfa for <netconf@ietfa.amsl.com>; Mon, 16 Sep 2019 11:31:41 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80054.outbound.protection.outlook.com [40.107.8.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9411D12004A for <netconf@ietf.org>; Mon, 16 Sep 2019 11:31:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TUBx4SENxScn2S0j8WmttOkG1HxFobIBYIO6Gpr5OgGDSFNiENnJpwU9Qr76VNux+yz3F1eEJmUgitagNkaRenOwAsvffIaOv/uMYTthOkBretovudvxgD66Fgz11iLO/nX9hMA5WxuHf0REDPyLX5CcPuccQsfOjV1mDgmz04q5KBs6Ytl4egyVDhFtD+CZP0Yw30rSkbkaMlegY1UXal2P2/8diVy4W4FP+A+AqNkQ3a23O6nXsPK65b7xR/vqpUOzZxDQoLOLv7ZmYtrvYIGZihKUt+h5Jpaapzu4B15uSr1NOmWtZwsDgsx2O3Kuac0ykGaGzCZSCDIkqCeg6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wLb3spDonIjmI2YTdofjE1alovJNlGfMOpGiRWtsADU=; b=iqtI7W4UhVsnp+eX814ekPUqwER/FmkAm5mae8p22MOnmdvIaqvwqA79nLoN0qjUrkN5DDyLMitDbXSPWHBwrCqjqa0yapmoGANIzV2pLSSA2jKJAlmFhyS5WW/MIm4W0mmiSumPAPt4t9ulVdFUfiHfOaAVNDyizyriIsb4mojkrXFN3qJaXKv/gaEQuDksXZaQqREXYy56ha+hRO+G5rJglc0wU9TXs7JkgIHScvhgXpDq8/nslJnmOisjaW3Cf0MziVa8RyGxVsmlf6E59UcV+Ksc3Z4SrgP81TE5F+zhoVhO4qx2dLxlPWxMx3UgWim72lie/bDIgnIVR3dIkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wLb3spDonIjmI2YTdofjE1alovJNlGfMOpGiRWtsADU=; b=eR12x405YQDJ1g253Th7y8qOS0p59mQpDCGf/PIfQhsIdgM+yGG8kVSKEWpNeg1KQ4D4XOQk78UPHdyf93Q/pbDTUMG6Qk8sG3w8xeZB8zxb3waI3VqWclN0QHMfWtkzjk7mNzPzWbHefzKptonNEI53q1NH1u8dDzMVoqv+TlA=
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (10.186.159.71) by VI1P190MB0016.EURP190.PROD.OUTLOOK.COM (10.172.13.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.24; Mon, 16 Sep 2019 18:31:38 +0000
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e]) by VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e%2]) with mapi id 15.20.2263.023; Mon, 16 Sep 2019 18:31:38 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "Salz, Rich" <rsalz@akamai.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "netconf@ietf.org" <netconf@ietf.org>, Russ Housley <housley@vigilsec.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAAOz4CAAAa0gIAE6SQAgAAYUQA=
Date: Mon, 16 Sep 2019 18:31:37 +0000
Message-ID: <20190916183136.w5rvwlmjobfzhbtz@anna.jacobs.jacobs-university.de>
References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <MN2PR11MB4366AE6CF9E03B15EBEA3A39B5B30@MN2PR11MB4366.namprd11.prod.outlook.com> <D6740042-7CD9-466F-911A-BA4339042B5D@akamai.com> <20190913140505.2ivwf34byefaafli@anna.jacobs.jacobs-university.de> <0100016d3b08795d-2e86aef5-b98a-4a15-b8b2-c11cd0d417de-000000@email.amazonses.com>
In-Reply-To: <0100016d3b08795d-2e86aef5-b98a-4a15-b8b2-c11cd0d417de-000000@email.amazonses.com>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR05CA0004.eurprd05.prod.outlook.com (2603:10a6:208:55::17) To VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (2603:10a6:800:12e::7)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc911f0b-3351-4bb2-4bf0-08d73ad41c37
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:VI1P190MB0016;
x-ms-traffictypediagnostic: VI1P190MB0016:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VI1P190MB00161D2D4E475C6A2891723FDE8C0@VI1P190MB0016.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0162ACCC24
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(39850400004)(136003)(346002)(366004)(189003)(199004)(43066004)(71200400001)(71190400001)(4326008)(86362001)(6486002)(1076003)(305945005)(6436002)(53936002)(186003)(66556008)(66446008)(6306002)(6512007)(256004)(476003)(45776006)(446003)(11346002)(8676002)(46003)(478600001)(229853002)(81166006)(81156014)(8936002)(14454004)(7736002)(99286004)(25786009)(486006)(316002)(786003)(6246003)(66946007)(66476007)(64756008)(6116002)(52116002)(5660300002)(54906003)(3450700001)(102836004)(76176011)(386003)(6506007)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P190MB0016; H:VI1P190MB0686.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8tNfrwcZiP4qxmE98N2ey43vyBLdh9rP56+z8i8Spk7Ie/EkrlGrSuLhN2LdNEIfhI5K/5Cdg1UVXLQhxnXNuIoqCsVVAI/tZVwZopTnojHIM8e9jPZsKotejeEr1emgtMLn/UuJuMEGRljogkBKO41oNWghTAwMG5XnHQ5WzPwOLlxjfZ6k97sAIkDpemjFLdAVrZvuwsVAuVm5NhVZWwrKzYs3yFz8nFnrrZ3MIZXEvyTz8CzWRTKjV144bk8T8qRJXvWMCCqw4E8hUXp1wu5Ma/s01Dn9nCzdfceLwKKxcUyYfoUDWvIIcpP6Z6yYRtkS2PY760fXw/YM5G2kErEXZYX+rP6AyNLqjsiqnXabrSRNfTQw81ypSxtk1q7mRjgP9DwnDAHshH3jteBJpLILgqgu0kkjnom9/XxAeKc=
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <C84E6D8160071E448FC0FF0FD9CCEC37@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: bc911f0b-3351-4bb2-4bf0-08d73ad41c37
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2019 18:31:38.0640 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FVZpPFnzm9IDjIpghpwUXaokew/AxCUVmQlupP7S7LuQf9qY+Njdv9p7wCoPURHVfisf3hDba+lf5UYV1sRXVLG8rAgeQ4bEXr5I8FbeDMk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P190MB0016
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4wLKJZEEwDBWo0HabhUaa0v05t4>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 18:31:49 -0000

On Mon, Sep 16, 2019 at 05:04:34PM +0000, Kent Watsen wrote:
> 
> Hi Juergen,
> 
> > Perhaps it is best to not look too much behind the curtain and just
> > talk about using existing names, avoiding to dive into details what
> > these names really are and where they come from. Perhaps we need to
> > move to a more opaque type that can hold names of crypto algorithms
> > and we point to well-known names (i.e., defined in some IANA
> > registries) that apply to certain protocol contexts.
> 
> I use thinking that we'd use numbers only, or more precisely, the ASN.1 OID structure.   An OID's common "name" value is only "needed" for presentation; though it makes using `genarate-asymmetric-key" and `generate-symmetric-key` more complicated, as both actions need to take an "algorithm" parameter.
> 

If there is one thing almost everybody did hate about SNMP, then it is
ASN.1 OIDs. And with OID I mean a sequence of numbers (not any
descriptors or such things). There is a reason why YANG has support
for other naming systems. It feels odd to go back to OIDs.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>