Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS and COMMENT)
Kent Watsen <kent+ietf@watsen.net> Wed, 31 January 2024 18:51 UTC
Return-Path: <0100018d60dcbf72-ad305633-3c68-4605-b592-cbb64dc90829-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06415C14F68D; Wed, 31 Jan 2024 10:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KQfWSEcG7na; Wed, 31 Jan 2024 10:51:38 -0800 (PST)
Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BFA9C14F615; Wed, 31 Jan 2024 10:51:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1706727096; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=kFEYDeyYvCTQoQHwMr3Nh+Ok6cDnjecI/2QLF8Gv1Vs=; b=hGkCxE7zRij6AHyQV1wAAEbpcmLKhs7NRu4HSGJZ9Hc6RBseWBGUeDXeItbYKhGF xXjMQVvu8C+7JoDp2BuKnySuqyU8Mrhvz1qWaNk7GLiKpomj4QcOnPpfgxhgQ1stXWk GLJeJaZvVUgpmBO7TNLOps+keBt3YdSvREikM838=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018d60dcbf72-ad305633-3c68-4605-b592-cbb64dc90829-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2B757719-FED8-45DA-80FD-55FD230FF9CC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Wed, 31 Jan 2024 18:51:36 +0000
In-Reply-To: <170656972575.44119.17509720873957231168@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, draft-ietf-netconf-keystore@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>
To: Roman Danyliw <rdd@cert.org>
References: <170656972575.44119.17509720873957231168@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.01.31-54.240.8.83
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/MuGzG5VO-ePYJK6_vpt_5jT3yQk>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 18:51:42 -0000
Hi Roman, Thank you for your valuable comments. Please find responses below. One generally comment. Many times it is unclear to be if you’re asking a question is your way of saying “please update the text to answer this question.” Below I’m mostly just answering your question, without updating text, unless specifically stated. Kent > On Jan 29, 2024, at 6:08 PM, Roman Danyliw via Datatracker <noreply@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-netconf-keystore-30: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > ** Section 4. This section seems to define a workflow and mandatory server > capabilities above and beyond what is typically done by a RESTCONF/NETCONF > using a YANG module. Indeed, that is true. This section ("Encrypting Keys in Configuration") was written because WG members were confused about how built-in keys [see Section 3, "Support for Built-in Keys”] could be used to safeguard secrets. > The introduction of this section says it applies to > backup and restore. Backup/restore is the most-impactful interaction, the the section as a whole applies to individual operations as well (i.e., configuring a single key) > I’m having some trouble a few of the details. > > Section 4.1, “If a KEK is a symmetric key, then the server MUST provide an API > for administrators to encrypt other keys without needing to know the symmetric > key's value.” > > -- When in the backup and restore process is the administrator using this API > and what is the relationship between it’s use and the YANG module? I observe > that the API in question isn’t labeled (in a way I recognized) in the workflow > diagram in Section 4.3. Perhaps the administrator is constructing a YANG-based > configuration by hand and using this API to encrypt a key? Use of said API would be an example of configuring a single key, more so than restoring of keys. That said, please see https://datatracker.ietf.org/doc/html/draft-ietf-netconf-crypto-types-29#section-3.2 and also the "generate-public-key” RPC in the two refs docs: SSH: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-ssh-client-server-34#section-2.1.3 TLS: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-tls-client-server-34#section-2.1.4 Note that both "generate-public-key” RPCs can generate a “hidden” key or an encrypted key. > -- Is the expectation that this API is accessible over the network? Can the > admin only invoke it locally? Are there any controls expected to govern who > gets to invoke this mandatory API? Yes, YANG-driven protocols such as NETCONF/RESTCONF are accessible over a network. It would be a decision for the server’s implementation as to also define, e.g., a CLI command, that could be invoked locally. By controls, I assume you mean “authorization”. Currently, neither of the "generate-public-key” RPCs have an NACM (RFC 8341) flag that would lead to a need for a client to be granted explicit permission to invoke the RPC. The reasoning being that RPC primarily returns an output value (not set config) and a separate protocol operations (e.g., <edit-config>) would be needed to configure the key. That said, that statement isn’t true when a hidden key is generated (hence the word “primarily” in the sentence above). So perhaps it becomes necessary to put a “nam:default-deny-all” statement on the RPCs? Actually, I just noticed a bug (whoops) in the YANG, that being that the RPC neither has an input-param to name the hidden key or an output-param indicating what generated-name to server gave the key. Do you have any opinion as to if an input- or output- parameter should be used? > -- Is the “server” here the NETCONF/RESTCONF server? Does it have to be? I > ask because this text says, “the server”. However, Section 4.2 allows for > generation+encryption “outside of the server” The term “server” is always used to refer to a, e.g., NETCONF, RESTCONF, or possibly CORECONF endpoint. I can’t tell, are you asking for a text change here? > Section 4.2, “Implementations SHOULD provide an API that simultaneously > generates and encrypts a key (symmetric or asymmetric) using a KEK. > > -- (related to the above) Implementations of what? Is this normative guidance > for NETCONF/RESTCONF server now provide additional functionality? I just made this text update: s/implementations/Server implementations/ > ** Section 5.1. > In order to satisfy the expectations of a "keystore", it is > RECOMMENDED that implementations ensure that the keystore contents > are encrypted when persisted to non-volatile memory. > > If this recommendation is NOT followed how would this expectation be satisfied. > Wouldn’t ensuring that the keystore is encrypted be mandatory? Especially if > cleartext passwords are used? Cleartext values aside, the server’s “security boundary” could be defined at the API-level, with no local access possible (e.g., no SSH into the box). In such cases, one could argue that it doesn’t matter if keystore contents are encrypted when persisted to disk. Of course, this isn’t recommended, I’m just trying to answer your question. Please let me know if there is a text-edit you’re hoping for. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Sandra Murphy for the IETF LC SECDIR review and Magnus Nyström for > the early SECDIR review. > > ** Section 4.3, “A MK is commonly a globally-unique built-in (see Section 3) > asymmetric key.” > > -- If the MK is not built-in, the text only suggests “commonly”, how are any of > the promised scalability properties realized? I agree the text waffles. Are you asking for this? OLD: A MK is commonly a globally-unique built-in (see Section 3) asymmetric key. NEW: A MK is a built-in (see Section 3) asymmetric key. Thanks again, Kent
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen