Re: [netconf] ietf crypto types - permanently hidden
Balázs Kovács <balazs.kovacs@ericsson.com> Mon, 29 April 2019 12:24 UTC
Return-Path: <balazs.kovacs@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73A1912012B for <netconf@ietfa.amsl.com>; Mon, 29 Apr 2019 05:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OfHz3th_YoYt for <netconf@ietfa.amsl.com>; Mon, 29 Apr 2019 05:24:49 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on062f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C52A12012A for <netconf@ietf.org>; Mon, 29 Apr 2019 05:24:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SSJSbXR0zj9lEaRTX8WNlkPRP3MOLjvpaEL/oJuFbRQ=; b=gzYzOJpKUjGXtVvHfUt2iHZ48y0x6MDOCzbssUkrcE48ByX8v5ifc8WnQ9rKCZa0+Mc6xKd3fWihxw3inVSMtT9ad/vSrGzkac4h55OnIRsRbjnoRicEvAWOwwcuKy/TL8JiHcjzaEojSMPtsnNIEhgH+neY5d+dIuVcDiKEX9A=
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com (20.177.57.146) by VI1PR07MB5312.eurprd07.prod.outlook.com (20.178.11.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.5; Mon, 29 Apr 2019 12:24:46 +0000
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::dc72:dfff:beb3:3b47]) by VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::dc72:dfff:beb3:3b47%7]) with mapi id 15.20.1856.008; Mon, 29 Apr 2019 12:24:46 +0000
From: Balázs Kovács <balazs.kovacs@ericsson.com>
To: Kent Watsen <kent+ietf@watsen.net>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] ietf crypto types - permanently hidden
Thread-Index: AdTf8DCbvspujhISQkyURJOX9ReFpALufsOAAAVM5oADthG5oAAICCMAAAQfJ4AABQvugADqJOIA
Date: Mon, 29 Apr 2019 12:24:45 +0000
Message-ID: <VI1PR07MB4735FEEE1303E361B3B44FA983390@VI1PR07MB4735.eurprd07.prod.outlook.com>
References: <20190404164929.fsfga7s4izn7ucx5@anna.jacobs.jacobs-university.de> <20190404.194623.1178346313710501110.mbj@tail-f.com> <01dd01d4eb9c$b9a04160$4001a8c0@gateway.2wire.net> <20190405.142201.707949273328784535.mbj@tail-f.com> <413d5725-9c27-e50b-2622-1b0e2f35cdb1@ericsson.com> <VI1PR07MB4735949BE61335ACC8A975E7833C0@VI1PR07MB4735.eurprd07.prod.outlook.com> <0100016a5019d7f9-7f737c63-d07c-4c7f-b12e-c5b19d50eeaf-000000@email.amazonses.com> <20190424180513.gtxmreicd7iydrpr@anna.jacobs.jacobs-university.de> <0100016a510a3038-7671e146-e23f-4bc9-9f93-ea2314b5d4e7-000000@email.amazonses.com>
In-Reply-To: <0100016a510a3038-7671e146-e23f-4bc9-9f93-ea2314b5d4e7-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 659cd67f-827c-4f26-6097-08d6cc9daa75
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:VI1PR07MB5312;
x-ms-traffictypediagnostic: VI1PR07MB5312:
x-microsoft-antispam-prvs: <VI1PR07MB5312FA383B17975DD56896F183390@VI1PR07MB5312.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0022134A87
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(39860400002)(366004)(136003)(396003)(13464003)(189003)(199004)(97736004)(71190400001)(71200400001)(52536014)(64756008)(66556008)(66476007)(76176011)(316002)(4326008)(66446008)(7696005)(76116006)(6436002)(66946007)(5660300002)(73956011)(68736007)(7736002)(53936002)(99286004)(66574012)(45776006)(305945005)(74316002)(25786009)(9686003)(14454004)(229853002)(93886005)(486006)(86362001)(186003)(66066001)(26005)(256004)(14444005)(53546011)(476003)(102836004)(81156014)(8676002)(11346002)(446003)(81166006)(8936002)(6506007)(6246003)(478600001)(55016002)(110136005)(2906002)(33656002)(6116002)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB5312; H:VI1PR07MB4735.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Rnp54ev/pJzJ5wzn4QVZR/iOAJM6EdjHnn4T0X/LxPQ5o6n9PzhgHuhb/17QSS9/3q8G4+jxlaA409GA2z1DpcxErn7Sinhafn0h05N3GUqMy7hwNf6dicIPvPVzUupvTvPGqcCXZxeWWP7I4FhqgD+VbEg3E0A0hwgeIUVAxqr63VLlEZ+r3Y4P0TJ3ik3opkaC+yqFi+7CltxGdpUAkPH0Ls/sFTP9bwVnyFI/koNiyvOoXfKFPlqqwpO3PIVF5waGK9E9r+bWOCFYWzNx8CQX1ecALmiL2MAYjUDTuYUPNNA+g/egM6HaIYyyA7Id/pJxjDLmlAh8xQfaAXoJHAgAjnZXT2hNdL7BMOmXqRJcu2oWL5hsD26RfNMH/IafCRLvWB09jla7zfoVcAm/cgedWKuJqNIHlr+rAztk0sY=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 659cd67f-827c-4f26-6097-08d6cc9daa75
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2019 12:24:45.9985 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5312
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/_1jyBbnAZFYADaQJG-kTooAfSgE>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 12:24:53 -0000
Hi, Kent, I'm fine with your proposals. Regarding subsequent calls to the actions, I agree the safe choice would be to deny them; otherwise, one could run into invalid key pairs (where a certificate was already configured) and authentication failures with network peers (especially in SSH-key-based-authentication case). Br, Balazs > -----Original Message----- > From: Kent Watsen <kent+ietf@watsen.net> > Sent: Wednesday, April 24, 2019 10:30 PM > To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> > Cc: Balázs Kovács <balazs.kovacs@ericsson.com>; netconf@ietf.org > Subject: Re: [netconf] ietf crypto types - permanently hidden > > Hi Juergen, > > > > Perhaps this should say 'implementation specific' instead 'application > > specific'. > > Changed in my local copy. > > > >> My recommendation is to modify the "generate/install-hidden-key" > (renamed to just "generate/install-key") actions to have a flag indicating if > the key should be "permanently hidden" (perhaps by using a TPM) or not, in > which case configuration is created, same as if the client had used <edit- > config>, but without needing to touch the key. > > > > I agree that having a flag to control the behavior is useful and I > > think there should be explicit text how the action fails in case the > > requested action cannot be performed. > > > > I am not sure I understand install-hidden-key. The description says: > > > > "Requests the device to load the specified values into > > a hidden key. The resulting asymmetric key values are > > considered operational state and hence present only in > > <operational>."; > > > > So what is the persistence model of this? Does a key installed with > > install-hidden-key survive reboots? If so, can I delete somehow such a > > hidden key? (Is the answer that this key is tied to the lifetime of > > the list element indirectly using this grouping?) Does invoking > > install-hidden-key twice cause the first installed key to be > > overwritten? Can the install-hidden-key action fail in any way? > > > > This leads to related questions for generate-hidden-key: Does invoking > > this action twice cause an existing key to be overwritten? Can I > > explicitely delete a generated hidden key? Does deleting the list item > > that directly or indirectly uses this grouping delete a hidden key? > > [Disclaimer: the below reflect my understanding of how the current model > works, and does not necessarily reflect if we were to flip things around by > letting the actions generate configuration.] > > The expectation is that the "permanently hidden" keys would persist, > presumably with origin=system. > > In the YANG, the "permanently-hidden" enum only appears in the > "asymmetric-key-pair-grouping" grouping. Consuming data models are > expected to "use" this grouping under a "config true" node. This grouping's > description statement is noteworthy: > > grouping asymmetric-key-pair-grouping { > description > "A private/public key pair. > > The 'algorithm', 'public-key', and 'private-key' nodes are > not mandatory because they MAY be defined in <operational>. > Implementations SHOULD assert that these values are either > configured or that they exist in <operational>."; > ... > } > > Thusly it is expected that the client will create the parent node (e.g., via > <edit-config>) and then invoke either the generate or install hidden key > action. Presumably, the lifetime of the permanently hidden key would be > tied to the lifetime of its parent. > > Regarding what happens when the actions are invoked a second time, it's > not specified. One choice, perhaps the safe choice, would be to deny > subsequent attempts, forcing the client to create a new parent node instead. > If the parent node is in a list, such as in the keystore, then the second key > could be created, with certificates bound to it, before mapping reference to > the old-key to the new-key. However, if the key is not in a list, such as when > using a "local-definition", then in in-place migration, along with service > disruption, would be required. > > Of course, one has to ask how often/likely is it that a client wants to > regenerate the private key. Presumably it would only be due to the concern > that the key had been compromised (which shouldn't happen if > "permanently hidden") or, perhaps, due to a proactive key-rotation policy, > thinking (misguided, I believe, proven false now) that the private key's > entropy expires over time. Regardless, the point is that it seems to be an > action that would seldomly occur and, when/if it does, the effort to create > another parent node (in keystore or a local-definition) might not be a big > deal. > > PS: words such as "expectation" and "presumably" are used above to > indicate a likely need for the text to be more explicit. > > Kent // contributor >
- [netconf] ietf crypto types - permanently hidden Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Balázs Lengyel
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Andy Bierman
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Andy Bierman
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Andy Bierman
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… tom petch
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Martin Bjorklund
- Re: [netconf] ietf crypto types - permanently hid… Rob Wilton (rwilton)
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Juergen Schoenwaelder
- Re: [netconf] ietf crypto types - permanently hid… Balázs Kovács
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen
- Re: [netconf] ietf crypto types - permanently hid… Kent Watsen