Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-crypto-types-29: (with DISCUSS and COMMENT)
Kent Watsen <kent+ietf@watsen.net> Sat, 03 February 2024 18:23 UTC
Return-Path: <0100018d7035991b-7da29e6e-5767-41ec-87ed-60ad776850eb-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA01EC14F6EC; Sat, 3 Feb 2024 10:23:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WORTLQG-wzWe; Sat, 3 Feb 2024 10:22:58 -0800 (PST)
Received: from a48-110.smtp-out.amazonses.com (a48-110.smtp-out.amazonses.com [54.240.48.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5152BC14F68B; Sat, 3 Feb 2024 10:22:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1706984577; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=9SO/g8eemdk1vsUwM6unUaBab52Ij3yVZTCmQyz6mzk=; b=jfa44VnJNiWL9dO5JTQHdlXV0CcckDSSm+HmpaO7NzK2XlDHsxKgZ6k9fQ0rI9bl wEnFPM/LV+v9O3UdqoAYJ51b4rDVxiiOa0PzlPf/SAXxjn2oXX/UMHfDXlAy+GBbd/G 7rRa38DD3mM5YlixefOIGi73WSh1bpW7e1fZnon4=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Kent Watsen <kent+ietf@watsen.net>
In-Reply-To: <CAN8C-_JcTnXb6Tpkvs_QCAAdgWmGwNdh=qgevScA_rcYXr9VUA@mail.gmail.com>
Date: Sat, 03 Feb 2024 18:22:57 +0000
Cc: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, draft-ietf-netconf-crypto-types@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID: <0100018d7035991b-7da29e6e-5767-41ec-87ed-60ad776850eb-000000@email.amazonses.com>
References: <170656963762.34041.922180093314268674@ietfa.amsl.com> <0100018d607eee07-04a9a8b6-3256-42d4-95e7-e9636b953246-000000@email.amazonses.com> <CAN8C-_Jw+xSdRcH5O4SVzbEL3d8zObKG0ZLpXict4yyV9+gu4g@mail.gmail.com> <0100018d655024ef-519c91c9-6fd1-4131-ab42-b81b34a01ee4-000000@email.amazonses.com> <CAN8C-_JcTnXb6Tpkvs_QCAAdgWmGwNdh=qgevScA_rcYXr9VUA@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.02.03-54.240.48.110
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/le-qlwj0nVCQhi63zs3rfDmi8BE>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-crypto-types-29: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 18:23:03 -0000
Hi Orie, > On Feb 1, 2024, at 10:46 AM, Orie Steele <orie@transmute.industries> wrote: > > If it were possible to conform to one of the existing words, I think that > would be preferable, but I don't know if that is achievable at this point. > > I think explaining that "hidden" is used to describe keys that are "not > exportable", and "not extractable", would be helpful, especially to readers > who come with familiarity with those terms. > > Modifying your suggestion from above: > > "A hidden key is not exportable, and not extractable, > and therefore, it is of type 'empty' as its value is > inaccessible via management interfaces. Hidden keys > may be referenced by configuration to indicate which > key a server should use for a cryptographic operation. > How such keys are created is outside the scope of this > module."; > > The reason would be for folks searching for those keywords, just as I > searched for "hidden" in 800-57. I used this text suggestion - thanks! > OS Kent > > > On Thu, Feb 1, 2024 at 9:36 AM Kent Watsen <kent+ietf@watsen.net> wrote: > >> Hi Orie, >> >> Thanks for joining the conversation. >> >> On Jan 31, 2024, at 12:50 PM, Orie Steele <orie@transmute.industries> >> wrote: >> >> It sounds like "hidden" is being used as a substitute for "non >> extractable" or "non exportable", through the use of software or hardware >> isolation. >> >> >> That characterization seems fair/accurate. >> >> >> I searched >> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf >> briefly, and could not find a better term. >> >> >> Thank you for searching, I didn’t think to because the word seemed like >> common English. >> >> >> Web crypto and Android use the term "extractable" >> >> - https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey/extractable >> - >> https://developer.android.com/privacy-and-security/keystore#SecurityFeatures >> >> Apple uses the term "exportable" >> >> - >> https://developer.apple.com/documentation/security/1643698-seckeycopyexternalrepresentation >> >> >> Interesting, but we’d want the negated forms of these words, so maybe >> inextricable or unexportable? >> Yet neither of these seem as short or straightforward as “hidden” - >> thoughts? >> >> >> OS >> >> >> Kent >> >> >> >> On Wed, Jan 31, 2024 at 11:09 AM Kent Watsen <kent@watsen.net> wrote: >> >>> Hi Roman, >>> >>> Thank you for your valuable comments. >>> Please see below for responses. >>> >>> Kent >>> >>> >>>> On Jan 29, 2024, at 6:07 PM, Roman Danyliw via Datatracker < >>> noreply@ietf.org> wrote: >>>> >>>> Roman Danyliw has entered the following ballot position for >>>> draft-ietf-netconf-crypto-types-29: Discuss >>>> >>>> When responding, please keep the subject line intact and reply to all >>>> email addresses included in the To and CC lines. (Feel free to cut this >>>> introductory paragraph, however.) >>>> >>>> >>>> Please refer to >>> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >>>> for more information about how to handle DISCUSS and COMMENT positions
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Orie Steele
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Orie Steele
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Roman Danyliw
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen