Re: [netconf] Document Shepherd Review of draft-ietf-netconf-keystore
Kent Watsen <kent+ietf@watsen.net> Thu, 20 October 2022 00:00 UTC
Return-Path: <01000183f2b0e808-e44e80a7-def3-4289-811f-9b50e31b0c3b-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B42A9C1524DA; Wed, 19 Oct 2022 17:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mc4QcEFSG-1O; Wed, 19 Oct 2022 17:00:32 -0700 (PDT)
Received: from a48-92.smtp-out.amazonses.com (a48-92.smtp-out.amazonses.com [54.240.48.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEFE7C14CF0D; Wed, 19 Oct 2022 17:00:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1666224023; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=PenLObCEmLDbycl2wSo8wUyEFXkGQBf8dlq4huGM/io=; b=ljOlPhs6aJVbL60U6TyZCZSEvzJwHglcKkbNqwsv27rztcNJNUQgwFNBDrZfrNH6 p0I0s6oixuVxbfXsyRxX+z+Is/Sw4d41O4xh5f1l7/kxeVMBThxek6w4SIYPTvmC/k2 tWm5+HGfTz7FaJVwXW+S97MMRBRBrYc5qzIAFrjY=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000183f2b0e808-e44e80a7-def3-4289-811f-9b50e31b0c3b-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_55825AE9-102D-494F-9B78-721215D0A536"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Thu, 20 Oct 2022 00:00:23 +0000
In-Reply-To: <2a891e188b3e4b97a3222e9fbc0f73a6@huawei.com>
Cc: "netconf@ietf.org" <netconf@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>
To: Qin Wu <bill.wu=40huawei.com@dmarc.ietf.org>
References: <2a891e188b3e4b97a3222e9fbc0f73a6@huawei.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2022.10.20-54.240.48.92
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/gnGWKgyYRYYbLhc4ZJTj6srakgI>
Subject: Re: [netconf] Document Shepherd Review of draft-ietf-netconf-keystore
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 00:00:36 -0000
Hi Qin,
> As part of WGLC process, I am assigned as document shepherd for draft-ietf-netconf-keystore.
Thank you for your valuable comments!
> Thank for your hard work on this document. Here is my review
> on the latest version of trust anchor work.
Please find my responses to your comments below, and see the just-posted updated draft..
Kent
> 1. Section 1
> What is Public half? Can you provide reference or defintion for public half.
I replaced "the public half" with "its public half", where "its" refers to "asymmetric key", to make it a bit clearer.
FWIW, In asymmetric cryptography, there is a key-pair (public and private), each of which can be being one half of a matching key-pair. Makes sense?
> 2. Section 1, last paragraph
> How keystore utilities or HSM is related to TPM?
Rewrote paragraph to:
Implementations may utilize zero or more operating system level
keystore utilities (e.g., "Keychain Access" on MacOS) and/or cryptographic
hardware (e.g., TPMs).
To a) clarify "utilities" and b) align the text with the preceding paragraph.
FWIW, a TPM and HSM are nearly identical, the biggest difference being that the TPM is typically soldered onto a motherboard whereas an HSM is a removable device. Both come under the category of "cryptographic hardware".
> Where keystore utilities or HSM is defined? Is this something relate to TEE (Trust Execution Environment)
See previous comment.
> 3. Section 1.1
> Do we need to add figure name for the figure depicted in section 1.1
> When we say this document presents one or more YANG modules…, I am wondering whether we present one module or multiple modules, or we want to emphasize this document defines only one YANG module, which is ietf-keystore?
Please see my response to your same comment on the "trust-anchors" draft.
> 4.Section 1.3 said:
> "
> The term "key" may be used to mean one of three things in this draft:
> 1) the YANG-defined "asymmetric-key" or "symmetric-key" node defined
> in this draft, 2) the raw key data possessed by the aforementioned
> key nodes, and 3) the "key" of a YANG "list" statement. This draft
> attempts to always qualify types '2' and '3' using, "raw key value"
> and "YANG list key" where needed. In all other cases, an unqualified
> "key" refers to a YANG-defined "asymmetric-key" or "symmetric-key"
> node
>
> "
> Thank for clarification for this, I am not clear how these three type keys are distinguished from each other? Based on the context?
There is context, for sure but, before, sometimes a paragraph would refer to an unqualified "key" and that was confusing folks. Makes sense?
> 5. Section 2.1.3.3 said:
> "
> * A "choice" statement is used to expose the various options. Each
> option is enabled by a "feature" statement.
> "
> Use feature for each case under choice statement seems redundant to me
To clients, yes, but here the feature statement is used by the *server* to define which of the options exist. These serve different purposes. Makes sense?
>
> 6. Section 2.1.3.5
> s/soley/solely
Fixed.
> 7. Section 2.1.3.6 said:
> "
> * A "choice" statement is used to expose the various options. Each
> option is enabled by a "feature" statement.
> "
> Use feature for each case under choice statement seems redundant to me.
See above.
> 8. Section 4.1, paragraph 2 said:
> "
> If a KEK is a symmetric key, then the server MUST provide an API for
> administrators to encrypt other keys without needing to know the
> symmetric key's value.
> "
> This sentence seems to contradict to the last paragraph in this section
> i.e.,
> "
> A server MUST possess (or be able to possess, in case the KEK has
> been encrypted by yet another KEK) a KEK's cleartext value so that it
> can decrypt the other keys in the configuration at runtime.
> "
> Server doesn't need to know symmetric key's value when encrypting other keys.
> but server need to know symmetric key's value or KEK's cleartext when decrypting other keys.
> I am not security expert, please double check this.
The first paragraph regards administrators (clients), the second paragraph regards server-implementation. Note that the 2nd paragraph's use of the word "server" extends to any cryptographic hardware it may utilize.
>
> 9. Section 5.1
> Can you provide a reference to data in motion vs data at rest
> Is Data in motion related to migrating configuration to a second server in section 4.3?
I replaced "rest" with "data at rest (e.g., on disk)", so that it's clear in context.
FWIW, "motion" refers to "on the wire" movement, whereas "rest" refers to a persisted state.
>
> 10. Section 5.3 said:
> "
> The NACM
> "default-deny-all" extension has not been set for any data nodes
> defined in this module.
>
> | Please be aware that this module uses the "cleartext-key" and
> | "cleartext-private-key" nodes from the "ietf-crypto-types"
> | module [I-D.ietf-netconf-crypto-types], where said nodes have
> | the NACM extension "default-deny-all" set, thus preventing
> | uncontrolled read-access to the cleartext key values.
>
> "
> I am confused that whether NACM “default-deny-all” is used or not used in this document?
> When we say this module uses the "cleartext-key" and "cleartext-private-key" nodes from the "ietf-crypto-types"
> therefore "cleartext-key" and "cleartext-private-key" nodes has been inherited from other module and can also
> be seen as nodes in this module, no?
You are correct. I changed the paragraph to read as follows, and removed the "aside":
Some of the readable data nodes defined in this YANG module may be
considered sensitive or vulnerable in some network environments. It
is thus important to control read access (e.g., via get, get-config,
or notification) to these data nodes. These are the subtrees and
data nodes and their sensitivity/vulnerability:
* The "cleartext-key" node:
The "cleartext-key" node, imported from the "symmetric-key-
grouping" grouping defined in [I-D.ietf-netconf-crypto-types]
is additionally sensitive to read operations such that, in
normal use cases, it should never be returned to a client. For
this reason, the NACM extension "default-deny-all" was applied
to it in [I-D.ietf-netconf-crypto-types].
* The "cleartext-private-key" node:
The "cleartext-private-key" node defined in the "asymmetric-
key-pair-grouping" grouping defined in
[I-D.ietf-netconf-crypto-types] is additionally sensitive to
read operations such that, in normal use cases, it should never
be returned to a client. For this reason, the NACM extension
"default-deny-all" is applied to it in
[I-D.ietf-netconf-crypto-types].
Thanks for catching this one!
Once everything settles, please update the Shepherd write-up posted to Datatracker to reflect an "all good" report (assuming that is true).
Thanks again,
Kent