Re: [netconf] type for a PSK's "id" node?

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Tue, 28 July 2020 09:46 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C003C3A09FD for <netconf@ietfa.amsl.com>; Tue, 28 Jul 2020 02:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9gCPgmaBN1J for <netconf@ietfa.amsl.com>; Tue, 28 Jul 2020 02:46:16 -0700 (PDT)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 258753A09FC for <netconf@ietf.org>; Tue, 28 Jul 2020 02:46:14 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2FRBQBZ8h9f/xoBYJlXCYEJhGOBMwq?= =?us-ascii?q?EKpEgnAwLAQEBAQEBAQEBBgEBIwoCBAEBAoRKAoIfASQ4EwIQAQEGAQEBAQE?= =?us-ascii?q?GBAIChkUMg1OBAwEBAQEBAQEBAQEBAQEBAQEBAQEWAkNVEgEeAQEBAQIBIw8?= =?us-ascii?q?BBUEFCwkCGAICJgICRxAGDQEHAQGDIgGCXB8FC5MDmwR2gTKFUoNOgToGgQ4?= =?us-ascii?q?qhkaGNw+BTD+BOA+CWj6CXAEBAgGBMBSDLoJgBJJiomgpB4FagQiBCAQLh0G?= =?us-ascii?q?RDAUKHoJ7iUmEfgaOIZxFlGwCBAIJAhWBaoF7TSRPgmpPFwINlyOFRHICNQI?= =?us-ascii?q?GAQcBAQMJfI5rAYEQAQE?=
X-IPAS-Result: =?us-ascii?q?A2FRBQBZ8h9f/xoBYJlXCYEJhGOBMwqEKpEgnAwLAQEBA?= =?us-ascii?q?QEBAQEBBgEBIwoCBAEBAoRKAoIfASQ4EwIQAQEGAQEBAQEGBAIChkUMg1OBA?= =?us-ascii?q?wEBAQEBAQEBAQEBAQEBAQEBAQEWAkNVEgEeAQEBAQIBIw8BBUEFCwkCGAICJ?= =?us-ascii?q?gICRxAGDQEHAQGDIgGCXB8FC5MDmwR2gTKFUoNOgToGgQ4qhkaGNw+BTD+BO?= =?us-ascii?q?A+CWj6CXAEBAgGBMBSDLoJgBJJiomgpB4FagQiBCAQLh0GRDAUKHoJ7iUmEf?= =?us-ascii?q?gaOIZxFlGwCBAIJAhWBaoF7TSRPgmpPFwINlyOFRHICNQIGAQcBAQMJfI5rA?= =?us-ascii?q?YEQAQE?=
X-IronPort-AV: E=Sophos;i="5.75,406,1589234400"; d="scan'208";a="23226684"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 11:46:12 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A7BgB28x9f/1lIDI1XCR4BAQsSDEC?= =?us-ascii?q?DdG9XMCwKhCqRH5wMCwEDAQEBAQEGAQEjCgIEAQGETAKCHQIkOBMCEAEBBQE?= =?us-ascii?q?BAQIBBgRthVwMhXEBAQEDASMPAQVBBQsJAhgCAiYCAkcQBg0BBwEBgyIBglw?= =?us-ascii?q?kC5MEmwR2gTKFUoNQgToGgQ4qhkaGNw+BTD+BOA+CWj6CXAEBAgGBMBSDLoJ?= =?us-ascii?q?gBJJiomgpB4FagQiBCAQLh0GRDAUKHoJ7iUmEfgaOIZxFlGwCBAIJAhWBaiO?= =?us-ascii?q?BV00kT4JqTxcCDZcjhURBMQI1AgYBBwEBAwl8jmsBgRABAQ?=
X-IronPort-AV: E=Sophos;i="5.75,406,1589234400"; d="scan'208";a="87317238"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 11:46:09 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 06S9k81M032499 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Tue, 28 Jul 2020 11:46:08 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Tue, 28 Jul 2020 11:46:03 +0200
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
References: <0100017371d59ad5-c8aa5683-34d7-4e76-b521-8482f67e33e4-000000@email.amazonses.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <ca17d2d9-67ef-154a-fed9-c29960d863d2@sit.fraunhofer.de>
Date: Tue, 28 Jul 2020 11:46:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <0100017371d59ad5-c8aa5683-34d7-4e76-b521-8482f67e33e4-000000@email.amazonses.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/p9gn6uaYgoBzx0N0dy8u2Ryx-gg>
Subject: Re: [netconf] type for a PSK's "id" node?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 09:46:19 -0000

Hi all,

this might be pretty much "just in time", but let me elaborate a bit here:

After re-exploring the source of PSK Identity (hints), I arrived at PSK 
Identity Encoding again:

> https://tools.ietf.org/html/rfc4279#section-5.1

If that is the PSK "id" that you are looking for, that always involves a 
conversion to UTF8 encoded bytestrings. If that is interoperable with 
the type string here, that is fine, I'd say. Interoperability already is 
a rather painful compromise here in (D)TLS. Please take care to adhere 
to the encoding guidance, therefore. I am not sure, if you want to cover 
identity hints, too:

> https://tools.ietf.org/html/rfc4279#section-5.2


Viele Grüße,

Henk

On 21.07.20 16:44, Kent Watsen wrote:
> Hi Henk,
> 
> I’m trying to close a couple issues on list before the meeting...
> 
> Below you’ll note the "is this the right type?” comment.  Currently the 
> “id” node is type “string”, what type is used by TLS?
> 
> 
> case*psk*{
> if-feature*psk-auth*;
> container*psk*{
> description
> "Specifies the server identity using a PSK (pre-shared
>                or pairwise-symmetric key).";
> uses*ks:local-or-keystore-symmetric-key-grouping*{
> augment"local-or-keystore/local/local-definition"{
> if-feature"ks:local-definitions-supported";
> description
> "Adds an 'id' value when the PSK is used by TLS.";
> leaf*id*{
> typestring; // FIXME: is this the right type?
> description
> "The key id used in the TLS protocol for PSKs.";
>                  }
>                }
>              }
>            }
>          }
> 
> 
> K.
> 
>