Re: [netconf] ietf crypto types - permanently hidden

Martin Bjorklund <mbj@tail-f.com> Fri, 05 April 2019 12:22 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2AD6120410 for <netconf@ietfa.amsl.com>; Fri, 5 Apr 2019 05:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWnBSVtzqMVq for <netconf@ietfa.amsl.com>; Fri, 5 Apr 2019 05:22:04 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 16D1212040F for <netconf@ietf.org>; Fri, 5 Apr 2019 05:22:03 -0700 (PDT)
Received: from localhost (h-4-215.A165.priv.bahnhof.se [158.174.4.215]) by mail.tail-f.com (Postfix) with ESMTPSA id 6A32A1AE0312; Fri, 5 Apr 2019 14:22:01 +0200 (CEST)
Date: Fri, 05 Apr 2019 14:22:01 +0200
Message-Id: <20190405.142201.707949273328784535.mbj@tail-f.com>
To: ietfc@btconnect.com
Cc: j.schoenwaelder@jacobs-university.de, netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <01dd01d4eb9c$b9a04160$4001a8c0@gateway.2wire.net>
References: <20190404164929.fsfga7s4izn7ucx5@anna.jacobs.jacobs-university.de> <20190404.194623.1178346313710501110.mbj@tail-f.com> <01dd01d4eb9c$b9a04160$4001a8c0@gateway.2wire.net>
X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/k7K_h0gin3CeBjMjpbt5A0OJZdA>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2019 12:22:06 -0000

tom petch <ietfc@btconnect.com> wrote:
> 
> ----- Original Message -----
> From: "Martin Bjorklund" <mbj@tail-f.com>
> To: <j.schoenwaelder@jacobs-university.de>
> Cc: <netconf@ietf.org>
> Sent: Thursday, April 04, 2019 6:46 PM
> 
> > Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> > > On Thu, Apr 04, 2019 at 04:23:23PM +0000, Kent Watsen wrote:
> > > >
> > > >
> > > > We have always said no, but the reasoning is unclear.  What are
> the
> > > > specific objections and is there anyway to alleviate them?
> > > >
> > >
> > > If editing of all configuration can be done with a single edit-data
> > > (or edit-config) operation, you simplify the world and you enable
> > > generic implementations.
> > >
> > > Once you build silos of data that can only be manipulated with
> special
> > > purpose operations, you say goodbye to the idea of generic client
> > > libraries.
> >
> > And you can no longer create all required config in one transaction;
> > you have to split it into sending multiple special-purpose actions.
> > Perhaps also in a certain order, that you have to figure out somehow,
> > since config might have refererences to other partf of the config
> > etc.
> >
> > You can no longer restore a backup with just a copy-config.
> 
> Which is exactly what I have seen customers - think military - do.
> 
> Security-related information - userid, passwords, second factor , ...-
> MUST NOT be backed up like everything else - special procedures -
> authentication, encryption -  must be used.

Agreed!  BUT, then it should not be modelled as configuration, imo.

And the current model already handles this case with "hidden" keys.




/martin

> 
> This is security - it matters.
> 
> Tom Petch
> 
> > So I don't think the reasoning is unclear at all.
> >
> > /martin
> >
> > _______________________________________________
> > netconf mailing list
> > netconf@ietf.org
> > https://www.ietf.org/mailman/listinfo/netconf
> 
>