Re: [netconf] ietf crypto types - permanently hidden

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 24 April 2019 18:05 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 977C71201A1 for <netconf@ietfa.amsl.com>; Wed, 24 Apr 2019 11:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxBq5xIFh3W4 for <netconf@ietfa.amsl.com>; Wed, 24 Apr 2019 11:05:17 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4195120226 for <netconf@ietf.org>; Wed, 24 Apr 2019 11:05:16 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 6F8B235E; Wed, 24 Apr 2019 20:05:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id U4QAOmwc0fvE; Wed, 24 Apr 2019 20:05:15 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Wed, 24 Apr 2019 20:05:15 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id 4E233200D5; Wed, 24 Apr 2019 20:05:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id BMtKvMsqc2Vc; Wed, 24 Apr 2019 20:05:15 +0200 (CEST)
Received: from exchange.jacobs-university.de (sxchmb03.jacobs.jacobs-university.de [10.70.0.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id DC443200D3; Wed, 24 Apr 2019 20:05:14 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 24 Apr 2019 20:05:14 +0200
Received: by anna.localdomain (Postfix, from userid 501) id EF4F2300874529; Wed, 24 Apr 2019 20:05:13 +0200 (CEST)
Date: Wed, 24 Apr 2019 20:05:13 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Kent Watsen <kent+ietf@watsen.net>
CC: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= <balazs.kovacs@ericsson.com>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20190424180513.gtxmreicd7iydrpr@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Kent Watsen <kent+ietf@watsen.net>, =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= <balazs.kovacs@ericsson.com>, "netconf@ietf.org" <netconf@ietf.org>
References: <20190404164929.fsfga7s4izn7ucx5@anna.jacobs.jacobs-university.de> <20190404.194623.1178346313710501110.mbj@tail-f.com> <01dd01d4eb9c$b9a04160$4001a8c0@gateway.2wire.net> <20190405.142201.707949273328784535.mbj@tail-f.com> <413d5725-9c27-e50b-2622-1b0e2f35cdb1@ericsson.com> <VI1PR07MB4735949BE61335ACC8A975E7833C0@VI1PR07MB4735.eurprd07.prod.outlook.com> <0100016a5019d7f9-7f737c63-d07c-4c7f-b12e-c5b19d50eeaf-000000@email.amazonses.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0100016a5019d7f9-7f737c63-d07c-4c7f-b12e-c5b19d50eeaf-000000@email.amazonses.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB04.jacobs.jacobs-university.de (10.70.0.156) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XqDIcw4jpOoYpWOcSxRVa3vmGfU>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 18:05:20 -0000

On Wed, Apr 24, 2019 at 04:07:12PM +0000, Kent Watsen wrote:
> 
>         type enumeration {
>           enum permanently-hidden {
>             description
>               "The private key is inaccessible due to being
>                protected by the system (e.g., a cryptographic
>                hardware module).
> 
>                How such keys may be backed-up and restored,
>                if at all, is application specific.

Perhaps this should say 'implementation specific' instead 'application
specific'.

> My recommendation is to modify the "generate/install-hidden-key" (renamed to just "generate/install-key") actions to have a flag indicating if the key should be "permanently hidden" (perhaps by using a TPM) or not, in which case configuration is created, same as if the client had used <edit-config>, but without needing to touch the key.

I agree that having a flag to control the behavior is useful and I
think there should be explicit text how the action fails in case the
requested action cannot be performed.

I am not sure I understand install-hidden-key. The description says:

           "Requests the device to load the specified values into
            a hidden key.  The resulting asymmetric key values are
            considered operational state and hence present only in
            <operational>.";

So what is the persistence model of this? Does a key installed with
install-hidden-key survive reboots? If so, can I delete somehow such a
hidden key? (Is the answer that this key is tied to the lifetime of
the list element indirectly using this grouping?) Does invoking
install-hidden-key twice cause the first installed key to be
overwritten? Can the install-hidden-key action fail in any way?

This leads to related questions for generate-hidden-key: Does invoking
this action twice cause an existing key to be overwritten? Can I
explicitely delete a generated hidden key? Does deleting the list item
that directly or indirectly uses this grouping delete a hidden key?

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>