Re: [netconf] latest update to crypto-types and keystore drafts
Martin Bjorklund <mbj@tail-f.com> Wed, 26 June 2019 08:56 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 254CA12022E for <netconf@ietfa.amsl.com>; Wed, 26 Jun 2019 01:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UU0lY7spFt-j for <netconf@ietfa.amsl.com>; Wed, 26 Jun 2019 01:56:10 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id AE935120225 for <netconf@ietf.org>; Wed, 26 Jun 2019 01:56:10 -0700 (PDT)
Received: from localhost (h-4-215.A165.priv.bahnhof.se [158.174.4.215]) by mail.tail-f.com (Postfix) with ESMTPSA id 603CC1AE0351; Wed, 26 Jun 2019 10:56:08 +0200 (CEST)
Date: Wed, 26 Jun 2019 10:56:08 +0200
Message-Id: <20190626.105608.121899679021225720.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016b68794a39-0d934910-4b4b-4801-8d56-27f678081e93-000000@email.amazonses.com>
References: <0100016b68794a39-0d934910-4b4b-4801-8d56-27f678081e93-000000@email.amazonses.com>
X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/kHjsaffV1PwrLe_rX9w5ez_zCFo>
Subject: Re: [netconf] latest update to crypto-types and keystore drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 08:56:14 -0000
Hi, Kent Watsen <kent+ietf@watsen.net> wrote: > > I started off trying to create a variation of "#2" but, as got into > it, I realized that *encrypting* the keys would solve most problems. > Note that we really don't want "hidden" keys at all, as them not being > part of configuration causes backup/restore problems. What we want > are values that can be treated like config, but are non-sensical > without the decryption key. Values MAY be encrypted using a > manufacturer-generated key (which locks the value to the device), or a > key generated by a *privileged* admin, which opens up the possibility > for the key to float between devices. > > Specifically, imagine the following: > > Precondition: > 1) devices are shipped from manufacturer with a hidden asymmetric key > in <operational> > > Post-SZTP Onboarding: > 2) privileged admin copies manufacturer generated key from > <operational> to <running> The device could also store this key (or rather just the name) in its factory configuration. I don't think the public key and alg needs to go into the config. Or in general, if the key is configured as hidden, I think it should NOT have a public key and alg in the config (can be ensured with "must"). However, they must be present in the operational state. > 3) privileged admin encrypts a well-known (secret to the organization) > symmetric key using the public key from the manufacturer generated > asymmetric key, and stores the result (i.e., <edit-config> into > keystore. Ok. However, if the device doesn't have a hidden manufacturer-supplied key from step 1 (no tpm), it would be useful if the admin could install this symmetric key so that it becomes hidden. But that action is no longer present in the model. Or does this model *require* the device to have such a key? If no tpm exists, then it can exist on disk? > Device Swap: > 4) if replacing a device, load previous configuration. Since all keys > should be encrypted to the same symmetric key, it should load without > error. Before loading the previous config, the admin must do steps 2-3 on the new device, right? > [note: one issue here with the secret symmetric key itself > being loaded again, but since it was encrypted using to old device's > manufacturer generated asymmetric key, the logic should be able to > handle it.] Hmm, can you elaborate? It seems to me to be a problem; it needs to be re-installed so that it is encrypted with the new device's public key. > Runtime: > 5) whenever a regular admin wishes to use a new key, they call the > generate-symmetric-key or generate-asymmetric-key RPC, requesting the > device to generate a key for them, encrypting the result using the > secret organization key. > 6) The RPC output returns the key value (encrypted). > 7) The regular admin uses e.g., <edit-config> to store the key into > <running>. > > > Use cases: > 0: normal (just NACM-protected) keys: supported. > 1: manufacturer-generated permanently hidden keys: supported. > 2: device-generated keys: supported. > 3: device-generated keys in config: supported > 4: permanently hidden keys: not recommended nor directly > supported, but one could always encrypt a key with the > device's public key, thus generating a key that only the > device can decrypt, and hence effectively permenently > hidden. > > > Please let me know soon if you object to any aspect of this or, > better, support it, as I need to update the remaining drafts to > reflect these changes at some point soon. Also, if we go this route, this draft (keystore) needs more text, and also explain the use cases described above. Then there are some details, e.g. why do we have identity asymmetric-key-algorithm { description "Base identity from which all asymmetric key encryption Algorithm."; } vs identity encryption-algorithm { description "A base identity for encryption algorithm."; } Why isn't the latter called "symmetric-key-algorithm"? /martin > > > Below are the change log entries. > > crypto-types: > > o Removed the 'generate-key and 'hidden-key' features. > > o Added grouping symmetric-key-grouping > > o Modified 'asymmetric-key-pair-grouping' to have a 'choice' > statement for the keystone module to augment into, as well as > replacing the 'union' with leafs (having different NACM settings. > > o Diffs: > https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-crypto-types-08 > <https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-crypto-types-08> > > > keystore: > > o Replaced typedef asymmetric-key-certificate-ref with grouping > asymmetric-key-certificate-ref-grouping. > > o Added feature feature 'key-generation'. > > o Cloned groupings symmetric-key-grouping, asymmetric-key-pair- > grouping, asymmetric-key-pair-with-cert-grouping, and asymmetric- > key-pair-with-certs-grouping from crypto-keys, augmenting into > each new case statements for values that have been encrypted by > other keys in the keystore. Refactored keystore model to use > these groupings. > > o Added new 'symmetric-keys' lists, as a sibling to the existing > 'asymmetric-keys' list. > > o Added RPCs (not actions) 'generate-symmetric-key' and 'generate- > asymmetric-key' to *return* a (potentially encrypted) key. > > o Diffs: > https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-keystore-11 > <https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-keystore-11> > > > > > Kent // contributor > > > > > >
- [netconf] latest update to crypto-types and keyst… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Martin Bjorklund
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Martin Bjorklund
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Martin Bjorklund
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Qin Wu
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Balázs Kovács
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Balázs Kovács
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Balázs Kovács
- Re: [netconf] latest update to crypto-types and k… Kent Watsen
- Re: [netconf] latest update to crypto-types and k… Balázs Kovács