Re: [netconf] [secdir] Secdir early partial review of draft-ietf-netconf-crypto-types-10
Watson Ladd <watsonbladd@gmail.com> Tue, 23 July 2019 03:16 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAEFC12003E; Mon, 22 Jul 2019 20:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02rVA72uOH46; Mon, 22 Jul 2019 20:16:18 -0700 (PDT)
Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21445120091; Mon, 22 Jul 2019 20:16:15 -0700 (PDT)
Received: by mail-lj1-x241.google.com with SMTP id m23so39495089lje.12; Mon, 22 Jul 2019 20:16:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CGVFJmEl3lbnKEHvV6Er0ndwtckAG+UVXPBsMmiVEi0=; b=d+F8rL0doDJPAA8xtxxZ8umFQMmZCq7ckLnhg4UrT4E5lgjVeVmmKSvbcdGA+UDXXG mMBpqsBldkquDJyHmfrxXDZ42vGOkf3QKJJ2tB5VdHEF/uFclAJ8wdnLU/+4HtDaX8a6 VvNoarxUPzdO41jMyXdw9oyyEHeUGNVZvzR32d9watNUqVWclc74cqVevhWicLyDf6Sg t+jIENI4Z2IWEF1Ivgw2RiudUot+iyOM/sP/BavwEVp7vDKTL6WGD37bOkSIZm+QMAI7 yvPVXdNG+HYNARpYcwoFFtG5QUV4XlWm1mYPyACgKRJurL29c+ezxW7gJIMUhNo1WJOi 7OTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CGVFJmEl3lbnKEHvV6Er0ndwtckAG+UVXPBsMmiVEi0=; b=V65CpFTFJuJFNW0TGxpSjw5Fy644vFRA3Lbzkp3ZqZYZvKop2qvDqj0RyPxCBFJMuW dEdIZEzmyqaVSAoIig1t5H3lLyRnIsELODRMXzBfZ/00q1CWwoy1Ixj+F4sjX1X0a2BE XmK8NDoqhzqUQ6c7NZHwTpXEN44ORzM1PBpjQWsA9bNMvV5anOfbIyFBC7vl3Jp7KovB PNTnO2p51njzY08qhevS+WSK/wtYka9wI2tWmTL1nRf8slI4vDVLK63ES7eGfTFo6ILW DKRP7rau8d777Jlg4rQuS4R35eQ9MG0pndTGVVXqaE2e3Glyi+kMzDk+FVzPg+BxvHTN nOSw==
X-Gm-Message-State: APjAAAVasLHeMeY3SdDoUKf/OJbUhGKn0Tt2kSbFdPkD3s2dL8+5nBP4 PLWfD9AD7mMOnY/cODWjhZwP4mmxXTQjhw/Le3Q=
X-Google-Smtp-Source: APXvYqwWVE5i/t7ELDQ7tPX4XAAcl5LyMkUUXkARyynapHSOY6ZMgk96zFYAvVXyYgDsNCMctiVCw/Xq4nZ9dhdRP54=
X-Received: by 2002:a2e:8602:: with SMTP id a2mr36327259lji.206.1563851773207; Mon, 22 Jul 2019 20:16:13 -0700 (PDT)
MIME-Version: 1.0
References: <156385060911.22708.13715150809401887999@ietfa.amsl.com>
In-Reply-To: <156385060911.22708.13715150809401887999@ietfa.amsl.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 22 Jul 2019 20:16:01 -0700
Message-ID: <CACsn0cnaia-oKaNT7qC6QTTjaJeB+OYbZjHHB1PN7vhGwuzhPw@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: secdir <secdir@ietf.org>, draft-ietf-netconf-crypto-types.all@ietf.org, netconf@ietf.org, "<ietf@ietf.org>" <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/fxtQymhsNxuHtQWD7bILDKL2UcU>
Subject: Re: [netconf] [secdir] Secdir early partial review of draft-ietf-netconf-crypto-types-10
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 03:16:20 -0000
On Mon, Jul 22, 2019 at 7:57 PM Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> wrote: > > > Review is partially done. Another assignment may be needed to complete it. > > Reviewer: Rifaat Shekh-Yusef > Review result: Not Ready > > There is the open issue of the proper structure of this YANG model, which was > discussed with the security ADs and IESG, and still to be discussed with IANA. > > > Meanwhile, I have the following comments: > > Page 6, hash-algorithm_t > Why would you include SHA1 and indicate that it is obsolete? why not just drop it? > > Page 8, hash-algorithm-t > Why would the default be 0, i.e. NONE? > I think you should select a minimum algorithm that would be considered acceptable as the default. Along those lines why is RSA-1024 in there? The asymmetric algorithm doesn't differentiate between encryption and signing or other more exotic things, which I guess is defensible but raises some potential gotchas. We also have an IANA registry for AEAD schemes: why not use that? This would have avoided some omissions such as AES-SIV mode. Lastly one nit: it's elliptic curve not elliptical curve.
- [netconf] Secdir early partial review of draft-ie… Rifaat Shekh-Yusef via Datatracker
- Re: [netconf] [secdir] Secdir early partial revie… Watson Ladd