Re: [netconf] latest update to crypto-types and keystore drafts

Kent Watsen <kent+ietf@watsen.net> Tue, 02 July 2019 22:53 UTC

Return-Path: <0100016bb4e4e11b-6cbb1c43-dea2-4c3f-a908-4a9ecfc69589-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65893120128 for <netconf@ietfa.amsl.com>; Tue, 2 Jul 2019 15:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbz-gRw_Hv9E for <netconf@ietfa.amsl.com>; Tue, 2 Jul 2019 15:53:48 -0700 (PDT)
Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB275120106 for <netconf@ietf.org>; Tue, 2 Jul 2019 15:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1562108027; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=uT11wk5eZnDJVUyMZG6xLZBDNvDQNZYJayDJ42eonRY=; b=I3nT5htTDQbtwPC5Jhsomh5ZzDaLcos1v9rdm58JrXwD465fv+k0WcNlhHrtJV68 Yjqp/YnQoasgIZrEzYrqg05lFomLa9gur67z/ZmKe3QgSIxEIpxD8wfgSHGI7iZpqMZ tb6DKvfUyBavg5EH/YhWI5nfVsr3mRWMD7If/M8Y=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100016bb4e4e11b-6cbb1c43-dea2-4c3f-a908-4a9ecfc69589-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_767B268A-7FDA-4EB0-A9F3-0CD6D1BD83DE"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 02 Jul 2019 22:53:47 +0000
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAA49BA5A2@nkgeml513-mbx.china.huawei.com>
Cc: Martin Bjorklund <mbj@tail-f.com>, "netconf@ietf.org" <netconf@ietf.org>
To: Qin Wu <bill.wu@huawei.com>
References: <B8F9A780D330094D99AF023C5877DABAA49BA5A2@nkgeml513-mbx.china.huawei.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.07.02-54.240.8.83
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/_6Wm9nH8EDFaZHx0_OimJTtZq4Q>
Subject: Re: [netconf] latest update to crypto-types and keystore drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 22:53:50 -0000

Hi Qin,

> [Qin]: Not very familiar with this security part, two questions I am curious to know:
> 1.      If the manufacturer generated keys (with 'hidden-key' or 'hidden-private-key') are stored in the factory default datastore, how do we protect manufacturer generated keys from leaking, encryption, signature?

The "secret value" in the manufacturer generated keys would be presented in the configuration as an empty element (no value), as the true value is hidden.


> 2.      Public key and private key pair is usually generated together, if you put private key in factory default datastore, where do we put public key? Rely on TPM hardware to generate public key and put them into operational datastore?

The TPM would generate the key-pair, and then share the public-key with the system.  It's TBD if the public-key would be in <operational>, <factory-default>, or both.


Kent // contributor