Re: [netconf] ietf crypto types - permanently hidden

Kent Watsen <> Thu, 02 May 2019 16:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CDACF120426 for <>; Thu, 2 May 2019 09:19:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TR-f8fVLInz8 for <>; Thu, 2 May 2019 09:19:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C655712042C for <>; Thu, 2 May 2019 09:19:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;; t=1556813962; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=YDuhKhbVclgFuGQ1KgACexAIbE4qAy+47nw1yb31iU8=; b=VVRxDMq38jPx1atjWKQo/OQI2ur3GRZ0+ZGRyASVxLpKasGgTHAUHLosJvUzeWUb CtcQP4ZSaRUVa3L9kAYJajWOLkbCVq00m8F3xtWI+cTh8nhldrkY5nw5BMlbXnqqADr c+BJe2qPVP7z+xZaqq7VDAiS+SgD+CRDeyuKyAzA=
From: Kent Watsen <>
Message-ID: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_161F4D0A-F3F5-4399-8ABB-A7DA6BF8DA84"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Thu, 02 May 2019 16:19:22 +0000
In-Reply-To: <>
Cc:, "" <>
To: Martin Bjorklund <>
References: <> <> <> <>
X-Mailer: Apple Mail (2.3445.102.3)
X-SES-Outgoing: 2019.05.02-
Archived-At: <>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 May 2019 16:19:31 -0000

>> In enum permanently-hidden:
>>  OLD:
>>       The private key is inaccessible due to being protected by the
>>       system (e.g., a cryptographic hardware module).
>>  NEW:
>>       The private key is inaccessible due to being protected by the
>>       system (e.g., a cryptographic hardware module).  Since hidden
>>       keys are only ever reported in <operational>, the value
>>       'permanently-hidden' never appears in <intended>.
> Ok, but perhaps s/<intended>/conventional configuration datastores/?

Fixed in my local copy.

>> Note that this statement was added because Juergen asked about how
>> hidden keys could be removed/replaced.  We iterated towards not
>> wanting to support the "replace" case
> But why?  If an operator wants to replace, why should the list entry
> first be deleted and then created and then the key can be generated?
> This seems like a CLR to me. <>

> Ok, I see.  I think the text needs some clarification; make it more
> explicit.  It needs to say that if a "permanently-hidden" private key
> exists in <operational> under a parent config true node and this
> parent node is deleted, the private key is supposed to be (MUST be?)
> deleted from the system as well.

Added, with a MUST.

> A remove-hidden-key action can be problematic b/c if you forget to
> call this action and then delete the config, presumably you have
> lingering keys in the system that you can't remove.

I don't think this is true.  Even if an asymmetric key only exists in <operational> (i.e., the corresponding "config true" parent node is deleted), it seems that a 'remove-hidden-key' could still remove it.  In fact, this is the most consistent thing, to have an 'action' act on values in <operational>.

Kent // contributor