Re: [netconf] ietf crypto types - permanently hidden

Martin Bjorklund <mbj@tail-f.com> Thu, 02 May 2019 06:31 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01E3A120052 for <netconf@ietfa.amsl.com>; Wed, 1 May 2019 23:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23eph49RqwUD for <netconf@ietfa.amsl.com>; Wed, 1 May 2019 23:31:55 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id D3B9A120006 for <netconf@ietf.org>; Wed, 1 May 2019 23:31:54 -0700 (PDT)
Received: from localhost (h-4-215.A165.priv.bahnhof.se [158.174.4.215]) by mail.tail-f.com (Postfix) with ESMTPSA id CA8A71AE0449; Thu, 2 May 2019 08:31:51 +0200 (CEST)
Date: Thu, 02 May 2019 08:31:51 +0200 (CEST)
Message-Id: <20190502.083151.1810372041148955048.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: j.schoenwaelder@jacobs-university.de, netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016a7642264b-768e94ec-95fd-400a-9837-73b14528737f-000000@email.amazonses.com>
References: <20190430161223.cwqfsyyxbtnkqbl7@anna.jacobs.jacobs-university.de> <20190501.230622.158012882760210627.mbj@tail-f.com> <0100016a7642264b-768e94ec-95fd-400a-9837-73b14528737f-000000@email.amazonses.com>
X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=utf-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/UxXxMDRxtyXCA7PcJKXkacaskcg>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 06:31:57 -0000

Hi,

Kent Watsen <kent+ietf@watsen.net>; wrote:
> 
> 
> > What I object to is a third use case, where the action would modify
> > the config with the generated keys.
> 
> What is your proposal for how to address the best practice and, in some cases, 
> government requirement, that a private key never exists outside of a device 
> (controlled backups aside)?

Use the current "generate-hidden-key".  Note that the proposed 3rd
alternative does not address this requirement, since the private key will be
part of the normal config, and thus can be read by anyone (with the right
access).

> From https://revocent.com/best-practices-for-securing-private-keys: <https://revocent.com/best-practices-for-securing-private-keys:>
> 
>     "It’s crucial that the generation of the key be done on the same
>      system and the same local filesystem as the storage location.
>      Generating the key on a server and then transferring the key
>      back to the local system and storing it just adds multiple
>      points of vulnerability.  Why would you want to increase the
>      chance of your private key being compromised?"
> 
> 
> Additionally, SC-12(3) of NIST 800-53 says:   (note: the word
> "produce" is key here) 
> 
>     "Produce, control, and distribute asymmetric cryptographic keys
>      using [Selection: NSA-approved key management technology and
>      processes; approved DoD PKI Class 3 certificates; prepositioned
>      keying material; approved DoD PKI Class 3 or Class 4
>      certificates and hardware security tokens that protect the
>      user’s private key; certificates issued in accordance with
>      organization-defined requirements]."
> 
> 
> Many networking devices include an SSL-protected web-interface.
> 
>     1) Typically the interface is initially secured via a
>          self-signed certificate, which causes the browser to
>          display a nagging message when connecting, thus prompting
>          remediation.
> 
>     2) Almost all products include an ability to upload the 2-tuple
>          of a private key and a signed certificate.  This resolves
>          the self-sign cert issue, but the best practice and
>          government compliance concerns are not addressed.
> 
>     3) The better products have an ability to:
>           a) let the device generate the private key
>           b) let the device generate a certificate signing request
>              using its private key
>           c) upload to the device a certificate generated by an
>              external CA signing the CSR.   
>           [FWIW, Juniper's SRX device introduced this ability in 2011.]
> 
> The current model supports (2), as well as (3b) and (3c), we're just
> missing (3a),
> which is what the original `generate-asymmetric-key` action was for.

There must be some misunderstanding.  IMO, the current
"generate-hidden-key" clearly supports 3a.  The device generates the
key when this action is invoked.

> FWIW, from a product perspective, supporting (3a) is more important
> then supporting `generate-hidden-key` or `install-hidden-key` (so
> long as manufacturer-generated hidden keys are still supported,
> e.g., for IDevID certificates).  While client-generated
> permanently-hidden keys is goodness, it's not widely implemented.



/martin