Re: [netconf] FIXMEs in ietf-crypto-types and client/server models
Kent Watsen <kent+ietf@watsen.net> Sat, 09 November 2019 02:35 UTC
Return-Path: <0100016e4e047907-659bf6cd-db99-4284-9e0a-8d52a10266e9-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA3212011F for <netconf@ietfa.amsl.com>; Fri, 8 Nov 2019 18:35:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QognBhRo8yeS for <netconf@ietfa.amsl.com>; Fri, 8 Nov 2019 18:35:48 -0800 (PST)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06FD11200F6 for <netconf@ietf.org>; Fri, 8 Nov 2019 18:35:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1573266946; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=T8LKgfck7QZY+U8A0eFQ4IW0YN1DquhD4xE4YyrH/wc=; b=epLn6mbnJrqeaF8hPReE6GvHiFnoV5BK0IDIpO+PE491Q0RBKAUePaA1++Ls+JTc JpPTWFdfaNsOB7oqVxQiNbrYTz4hYKWotcxa+cxBFdUlbkwnqwLS2MIggymTSWuXJES EO2e4kR2W6suz7H9WWUCWlD/8KPc6xg0rBhDl9/w=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100016e4e047907-659bf6cd-db99-4284-9e0a-8d52a10266e9-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1CC348F2-E305-4EFF-9B6D-91C8058A0238"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sat, 09 Nov 2019 02:35:46 +0000
In-Reply-To: <2b0daa52-10e4-566b-6e66-760dbd47c24b@sit.fraunhofer.de>
Cc: Balázs Kovács <balazs.kovacs@ericsson.com>, "netconf@ietf.org" <netconf@ietf.org>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <AM0PR07MB5187A1438941A29D28CE3486837E0@AM0PR07MB5187.eurprd07.prod.outlook.com> <0100016e3ed10fbb-8a5a44a9-6df6-4ac1-9b56-8dbf61ec64cc-000000@email.amazonses.com> <2b0daa52-10e4-566b-6e66-760dbd47c24b@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.11.09-54.240.8.96
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XYgID4QXMQ5UcXbJTIn3nqfVN4I>
Subject: Re: [netconf] FIXMEs in ietf-crypto-types and client/server models
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 02:35:50 -0000
Hi Henk,
> Under the assumption that the trust stores will be used for TLS (maybe potential other things), I am not sure if the YANG module is an appropriate place to make some (maybe implicit?) "mandatory-to-implement" decisions. If there can be (and I think effectively there should be, but I do not know the appropriate place for them) prescriptive statements here, I would recommend the following proposals for the use with TLS:
I understand the sentiment expressed, but the details are muddy. I presume the below are the clarifications, but even they are not clear to me... ;^)
> 1.) With respect to the format of the "raw" pub-key, I propose that the structure defined in section 3 of RFC 7250 MUST be used.
Is this what you have in mind?
OLD:
typedef raw-public-key {
type binary;
description
"The binary key data for a raw public key.
FIXME: specify how it is formatted.";
}
NEW:
typedef raw-public-key {
type binary;
description
"A SubjectPublicKeyInfo structure, as specified in RFC
5280, encoded using ASN.1 distinguished encoding rules
(DER), as specified in ITU-T X.690.";
reference
"RFC 7250:
Using Raw Public Keys in Transport Layer Security
(TLS) and Datagram Transport Layer Security (DTLS).
RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile.
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
If so, then I think Balazs's idea to use ks:local-or-keystore-asymmetric-key-grouping is a good one, as it ultimately becomes a SubjectPublicKeyInfo structure for the public-half, and a one of a few different kinds of structures for the private half.
> 2.) With respect to cipher suite and interoperability, I propose to make RFC 7151 and RFC 4492 (basically the NIST curve and its format extensions) mti for raw pub-key and to point to RFC 7250 for guidance & to make RFC6635 mti for psk.
Can you propose the draft-text you have in mind?
> 3.) With respect to key identities, I propose that raw pub-key identities as specified in RFC 6920 and a minimum hash length enabled by mode sha-256-120 MUST be used & to support and recommend the use of Identity Hints (section 5.2. in RFC 4279) for PSKs and refer to the corresponding security considerations (section 7 in RFC 4279).
Can you propose the draft-text you have in mind?
> My first question - on a technical level: do these proposals in the context of using TLS sound reasonable to the group?
This is hard to answer without the understanding the change to the YANG module
> My second question - on a semantic level: do these normative requirements belong here?
You mean in the YANG module? Where else might they be located?
> My third question - on a noob level :) If they belong here, where would these mandatory requirements be spelled out?
In the YANG modules, we strive to define as much normative information as possible using YANG statements for automation but, when necessary, resort to "description" statements to define things. But I think you know this already, so maybe you're asking a different question?
> Viele Grüße,
>
> Henk
PS: all the above regards RPKs, but how should PSK be defined?
OLD:
typedef psk {
type binary;
description
"The binary key data for a PSK (pairwise-symmetric or
pre-shared key). FIXME: specify how it is formmated.";
}
NEW:
???
Is there any reason to not use a presumed ks:local-or-keystore-symmetric-key-grouping, that would ultimately become either an OctetString or a OneSymmetricKey?
Kent // contributor
- [netconf] FIXMEs in ietf-crypto-types and client/… Balázs Kovács
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Kent Watsen
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Henk Birkholz
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Balázs Kovács
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Kent Watsen
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Kent Watsen
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Balázs Kovács
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Balázs Kovács
- Re: [netconf] FIXMEs in ietf-crypto-types and cli… Kent Watsen