IETF Logo Mail Archive

Re: [netconf] crypto-types fallback strategy

tom petch <ietfc@btconnect.com> Fri, 04 October 2019 12:10 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305BA120864 for <netconf@ietfa.amsl.com>; Fri, 4 Oct 2019 05:10:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.246
X-Spam-Level:
X-Spam-Status: No, score=0.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zo5rKeEnJ7BC for <netconf@ietfa.amsl.com>; Fri, 4 Oct 2019 05:10:14 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30112.outbound.protection.outlook.com [40.107.3.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85DD112084F for <netconf@ietf.org>; Fri, 4 Oct 2019 05:10:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GvXly9rNLayfdLpetPp8/Y1js9wEXmNL+m6+Q63AIu5UvrfC5zdFXJbGKiBz7EjHwpUz/lKENnf3nPb8vfMqDk072jij6xsdR26999PZbw+p12sfREx2s7hKfw7RH6SWIkFiiVzA0uSCvJIqD9Ab1y0Jhpj8ODKcTKpJetJjn7GsWd1BGIa2XB6eAoHcyKaaghG3paeajlMhIycMgeMaczIt81dh83qy2p8YV6tvVxehChSsEVi5E7VaMYW05yzgmv0RcZRzlQ5jJjBZN5AEq4UcSOXzi4NvYECncoAKNsvLlQSPhlncWId7s9iDgbBoY42X1KANbc4dyTlnz6cRaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=GTx1gEaN+LYDUy/ll24PPIHiK5J4Z0ZFk8Me2XEnQ5gEI8LIFIo44CcK/3UQqexoQDkJy3/z0BKp0dIMdIqU6rBMGQ3ZgQlPRQmCEKFhW8Xx4aOa/SnMyN9D/EFwaJGoC0e9/NQnJkfp0vd0ycIutaFeR2P4NRpr1bRALBo4WaCuQ2z6qesqjVI5nKLjdQ5JcUxZCS6CJg/LEu0UossX+IEmGQ1axkAlKuW+fiXSbr1BRFLSi5qGCPreZINs0FeabVpnqrtSh2LO1VoY2E+IjB+0oapHkfXGPS5fdde5Q0Wp4h29Q/7QSEAOo92uAJse7rw77fb76dYV7+LKasP5XQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=o1eBwR0bw0DNCoFoW5bna7Cs9o5Wba7sriWf7ViZXcwOxELwxQWj/s+SIi1KLhroDuNDZpg/FxDpLGPxY5v7vAGUNlcQHqhHdQg4y39Jfv65NUkk1UwUqP5AXaBj6dCUEkAJlfaGgTB9tbQ3EXoeBgLv7SajzxAJBbpGTP1dFtE=
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com (20.178.91.205) by AM6PR07MB5141.eurprd07.prod.outlook.com (20.177.191.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.21; Fri, 4 Oct 2019 12:10:10 +0000
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142]) by AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142%7]) with mapi id 15.20.2327.004; Fri, 4 Oct 2019 12:10:10 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVeEcpxg99sP1vx0ePyapv0CmMzw==
Date: Fri, 04 Oct 2019 12:10:10 +0000
Message-ID: <01d701d57aac$6160e000$4001a8c0@gateway.2wire.net>
References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <MN2PR11MB4366E914816F6C3D9515A31DB5890@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <MN2PR11MB4366C30CE4650421CE915840B5810@MN2PR11MB4366.namprd11.prod.outlook.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0243.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::15) To AM6PR07MB5944.eurprd07.prod.outlook.com (2603:10a6:20b:90::13)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Microsoft Outlook Express 6.00.2800.1106
x-originating-ip: [86.139.211.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a
x-ms-traffictypediagnostic: AM6PR07MB5141:
x-microsoft-antispam-prvs: <AM6PR07MB51413C3D2E7795227D356773A09E0@AM6PR07MB5141.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 018093A9B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(396003)(346002)(376002)(13464003)(199004)(189003)(44736005)(66946007)(66476007)(66556008)(5660300002)(66446008)(6436002)(64756008)(14496001)(99286004)(14444005)(229853002)(81686011)(486006)(76176011)(81816011)(2906002)(1556002)(14454004)(66066001)(86362001)(8936002)(52116002)(53546011)(6506007)(386003)(44716002)(4326008)(62236002)(476003)(50226002)(8676002)(446003)(25786009)(6486002)(4720700003)(9686003)(186003)(26005)(66574012)(3846002)(6116002)(256004)(81156014)(102836004)(61296003)(6246003)(81166006)(478600001)(6512007)(71190400001)(71200400001)(316002)(305945005)(7736002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR07MB5141; H:AM6PR07MB5944.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CuBPpb43jo0qgCBi2+Q7vCMwpcW6cENTrDVVUB73DQb10Abk8fSfQGhZP1RLVvfyyoTvY+LhnEpFZsicdCo4dnhTy5A7GSXrqaKJ/s4WsdBdPtJekKHNqTaecxAVTp7pWNEr9jYugk/0fcfzpLML9QYkBOR9FTcpTfL7XMNmwaMmcug4lx6vVP4dO38E/dECsIJZu1xtvubyFat4Ng5UJLFYN6R0fBJRP7NDarEi+dStZ6AcJnaQTBzBQkF5s8ksIIA/bv3IyN+wiTqZVg5uiYA11jLEe57J9+mQ5nJngW1BFPikNBIACOYmxd9wur49yhSN8jZ49uyvam4LyNk6HiDy5vJUz5l0liEwjLLUlCf6kDxJld8CzjBTFCVtWTaRhBENLPhuLXBZXpTW+0JMamciZhh+QB8E/qQfZRskhTE=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D0228D97822E264A828D45B55F208EB0@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2019 12:10:10.2473 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N/FeM6M/kkRENh/BsC0zf9V4cNYAcqWY99bFirKaHHITjRWBMKuimRkwCkSNpgrWbr5Yakv79p7kIT3NGTkCMg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5141
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/CuIa_6OwxT45IuP8TLagfQRTI2k>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2019 12:10:16 -0000

<inline tp>

----- Original Message -----
From: "Kent Watsen" <kent+ietf@watsen.net>
Sent: Tuesday, October 01, 2019 5:43 PM

Thanks for pointing that out, Tom.  I was going to say something along
these lines in a response to Juergen.    The net is that partitioning
identities along protocol boundaries is misdirected.  We need to focus
on the algorithms, not the cipher suites.

Going back to the primary goal, we care about is how to use the
"algorithm" field to identify the format of the public and private key
fields.  To this end, the field could be called a "key-format" instead.
There is a secondary goal to pass an "algorithm" parameter into the
'generate-symmetric-key' and 'generate-asymmetric-key' actions, but
maybe the problems can be separated?

In OpenSSL, the commands are:

1) `openssl genrsa -out rsa_private_key.pem 2048` creates an
RSAPrivateKey (from RFC3447)
2) `openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem`
creates a SubjectPublicKeyInfo (from RFC5280)
3) `openssl ecparam -genkey -name prime256v1 -out ec_private_key.pem`
creates an ECPrivateKey (from RFC5915)
4) `openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem`
creates a SubjectPublicKeyInfo (from RFC5280)

OpenSSH, the commands are:

1) `ssh-keygen -t rsa -b 4096 -C "your_email@example.com"` creates an
RSAPrivateKey (from RFC3447) and a proprietary public key file format.
2) `ssh-keygen -t ed25519 -b 4096 -C "your_email@example.com"` creates
an ECPrivateKey (from RFC5915) and a proprietary public key file format.
3) `ssh-keygen -e [-m RFC4716] -f <private-key-file>` exports the public
key format described by RFC 4716.

Disclaimer: (2) is just a guess, based on (1), which I haven't tested
myself yet.


In order to just identify the format, perhaps we use something like the
following, which could be in ietf-crypto-types:  (Note I added
OneSymmetricKey and OneAsymmetricKey formats as well.  That is, with
this approach, it's not an "either-or" tradeoff, both can be defined.)


    /*** all key format types ****/

    identity key-format-base {}
    identity public-key-format { base "key-format-base" }
    identity private-key-format { base "key-format-base" }
    identity symmetric-key-format { base "key-format-base" }


    /**** for private keys ****/

    identity rsa-private-key-format { // used by SSH and TLS
        base "private-key-format";
        description "An RSAPrivateKey (from RFC 3447).";
    }

    identity ec-private-key-format { // used by SSH and TLS
        base "private-key-format";
        description "An ECPrivateKey (from RFC 5915)";
    }

    identity one-asymmetric-key-format {
        base "private-key-format";
        description "A OneAsymmetricKey (from RFC 5958).";
    }

    identity encrypted-private-key-format {
        base "private-key-format";
        description "A CMS EncryptedData structure (RFC 5652) containing
a OneAsymmetricKey (RFC 5958).";
     }


    /**** for public keys ****/

    identity ssh-public-key-format {
        base "public-key-format";
        description "The public key format described by RFC 4716.";
    }

    identity subject-public-key-info-format {
        base "public-key-format";
        description "A SubjectPublicKeyInfo (from RFC 5280).";
    }


    /**** for symmetric keys ****/

    identity symmetric-key-format {
        base "symmetric-key-format";
                description "An OctetString from ASN.1.";
            // Knowing that it is an "OctetString" isn't really helpful.
            // Knowing the length of the octet string would help a
little, as it relates to the algorithm's block size
            // We may want to only (for now) use
"one-symmetric-key-format" for symmetric keys.
            //     ^---- the usability issues Juergen mentioned before
only applies to asymmetric keys?
    }

    identity one-symmetric-key-format {
        base "symmetric-key-format";
        description "A OneSymmetricKey (from RFC6031).";
    }

    identity encrypted-symmetric-key-format {
        base "symmetric-key-format";
        description "A CMS EncryptedData structure (RFC 5652) containing
an OneSymmetricKey (RFC 6031).";
    }


then, the public-key grouping might look like:

  grouping public-key-grouping {
    description
      "A public key and its associated algorithm.";
    leaf key-format {
      nacm:default-deny-write;
      type public-key-format;
      mandatory true;
      description "Identifies the format key's binary data value.";
    }
    leaf public-key {
      nacm:default-deny-write;
      type binary;
      mandatory true;
      description
        "The binary value of the public key.  The interpretation
         of the value is defined by the 'key-format' field.";
    }
  }

and the key-pair grouping might look like:

  grouping asymmetric-key-pair-grouping {
    description
      "A private key and its associated public key.";
    uses public-key-grouping;
    choice private-key-type {
      mandatory true;
      description
        "Choice between key types.";
      leaf private-key {
        nacm:default-deny-all;
        type binary;
        description
          "The binary value of the private key.  The interpretation
           of the value is defined by the 'key-format' field.";
      }
      leaf hidden-private-key {
        nacm:default-deny-write;
        type empty;
        description
          "A permanently hidden key.  How such keys are created
           is outside the scope of this module.";
      }
    }
  }

and the symmetric grouping might look like:

  grouping symmetric-key-grouping {
    description
      "A symmetric key and algorithm.";
    leaf key-format {
      nacm:default-deny-write;
      type public-key-format;
      mandatory true;
      description "Identifies the symmetric key's format.";
    }
    choice key-type {
      mandatory true;
      description
        "Choice between key types.";
      leaf key {
        nacm:default-deny-all;
        type binary;
        description
          "The binary value of the key.  The interpretation
           of the value is defined by the 'key-format' field.";
      }
      leaf hidden-key {
        nacm:default-deny-write;
        type empty;
        description
          "A permanently hidden key.  How such keys are created
           is outside the scope of this module.";
      }
    }
  }



To put an end to this email, recall above it was said that the secondary
goal is to pass an "algorithm" parameter into the
'generate-symmetric-key' and 'generate-asymmetric-key' actions (what
kind of key to generate, right?).   Most of the above regards the key
formats (not algorithms, though the OneSymmetricKey and OneAsymmetricKey
structs do self-identify their algorithms).   I don't have an answer for
this yet, but maybe we can mimic some aspect of the above for it?

Comments?

<tp>

Kent

I am still unclear about the big picture.  Are you saying that the other
lists of algorithms - MAC, hash, signature etc - would no longer be in
this I-D?  Or if they are still there, how are they going to be used

I see the role of what you list above in the client-server modules but
not a usage for the other lists.

Tom Petch

Kent // contributor



> On Oct 1, 2019, at 6:58 AM, tom petch <ietfc@btconnect.com> wrote:
>
> <inline tp>
>
> ----- Original Message -----
> From: "Kent Watsen" <kent+ietf@watsen.net>
> To: "Juergen Schoenwaelder" <J.Schoenwaelder@jacobs-university.de>
> Cc: <netconf@ietf.org>; <wang.haiguang.shieldlab@huawei.com>;
> <rifaat.ietf@gmail.com>
> Sent: Tuesday, October 01, 2019 1:38 AM
>
>> On Sep 27, 2019, at 1:46 PM, Schönwälder, Jürgen
> <J.Schoenwaelder@jacobs-university.de> wrote:
>>
>> On Fri, Sep 27, 2019 at 03:53:51PM +0000, Rob Wilton (rwilton) wrote:
>>> I basically agree with what Martin is saying.
>>
>> So do I.
>
> Hmmm...
>
>>> Either one YANG module containing all of the crypto identities, or a
> few YANG modules as previously suggested.
>>
>> It may make sense to split by security protocol.
>
> That would go some towards addressing Rich's concern.  Presumably we
> would have one module each for SSH  and TLS algorithms.  That said, to
> Rich's concern, there is a constant churn with them.  This churn
> concerns two activities:  the removal and addition of algorithms.
Both
> occur at protocol-version boundaries and, perhaps, other times as
well.
> This suggests to me that we could further refine the identities by
> protocol version, something like this:
>
> In ietf-crypto-types:
>
>    identity base-alg {}
>    identity tls-alg { base "base-alg" }
>    identity ssh-alg { base "base-alg" }
>
> In ietf-tls-1.1-types:
>
>    identity tls-1.1-alg { base "ct:tls-alg" }
>    <a bunch of tls-1.1 identities here>
>
> In ietf-tls-1.2-types:
>
>    identity tls-1.2-alg { base "ct:tls-alg" }
>    <a bunch of tls-1.2 identities here>
>
> etc.
>
> <tp>
>
> Kent
>

v2.23.0 | Report a Bug | By Email