IETF Logo Mail Archive

[netconf] The maintenance of the algorithm identifiers in draft-ietf-crypto-types

Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Thu, 25 April 2019 03:22 UTC

Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 989BB120105 for <netconf@ietfa.amsl.com>; Wed, 24 Apr 2019 20:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LhEWh8g_vYQ for <netconf@ietfa.amsl.com>; Wed, 24 Apr 2019 20:22:55 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6796A12008F for <netconf@ietf.org>; Wed, 24 Apr 2019 20:22:55 -0700 (PDT)
Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 239154B5C7E8B3C4EEBD for <netconf@ietf.org>; Thu, 25 Apr 2019 04:22:53 +0100 (IST)
Received: from lhreml702-chm.china.huawei.com (10.201.108.51) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 25 Apr 2019 04:22:52 +0100
Received: from lhreml702-chm.china.huawei.com (10.201.108.51) by lhreml702-chm.china.huawei.com (10.201.108.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 25 Apr 2019 04:22:52 +0100
Received: from SINEML702-CAH.china.huawei.com (10.223.161.52) by lhreml702-chm.china.huawei.com (10.201.108.51) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Thu, 25 Apr 2019 04:22:52 +0100
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.204]) by SINEML702-CAH.china.huawei.com ([169.254.255.221]) with mapi id 14.03.0415.000; Thu, 25 Apr 2019 11:22:47 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: The maintenance of the algorithm identifiers in draft-ietf-crypto-types
Thread-Index: AdT7E8hZAPIgEzoMT+CWvaCRHboBxw==
Date: Thu, 25 Apr 2019 03:22:46 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E3CB0F5@SINEML521-MBX.china.huawei.com>
Accept-Language: en-SG, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.37.82]
Content-Type: multipart/alternative; boundary="_000_0AE05CBFB1A6A0468C8581DAE58A31309E3CB0F5SINEML521MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/OLTTOvHZ_6Pk-ush_j7xJOlGe4g>
Subject: [netconf] The maintenance of the algorithm identifiers in draft-ietf-crypto-types
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 03:22:57 -0000

Hello, everyone.

Recently there are some discussions in i2nsf group over the crypto algorithm identifiers defined in the draft-ietf-cryoto-types.
Please refer to the email thread below for the discussion there:
https://mailarchive.ietf.org/arch/msg/i2nsf/XZevQcuifa_PN6OeZMLaMch3mAo

The basic concerns in the email is as follows:

1.       Crypto-types contains a generic list of crypto algorithms. Some of them are not supported by IPSec, how should they handle this.

a.       Somebody suggest to include a subset of the supported algorithms in their draft. I think it is a good idea.

2.       Some deprecated algorithm are needed by their draft.

a.       Some expert suggested to define those identifiers by them own within their draft. I think this is a feasible solution.

For the above issue, I think we can add some text in draft-ietf-crypto-types to guide users from other group how to handle the above two issues.

Beside that,  in the future, some new algorithms might be added and some algorithms will be deprecated, we have to figure out how to made the algorithm list defined by crypto-types flexible.

If you have any suggestion, please post it on the mailing list.

Let's discuss and find a feasible solution to it.

Best Regards.

Haiguang

v2.23.0 | Report a Bug | By Email