IETF Logo Mail Archive

Re: [netconf] crypto-types fallback strategy

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Fri, 13 September 2019 14:05 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61199120047 for <netconf@ietfa.amsl.com>; Fri, 13 Sep 2019 07:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FROM_EXCESS_BASE64=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jg9qD5qFpooE for <netconf@ietfa.amsl.com>; Fri, 13 Sep 2019 07:05:09 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0630.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E3612002F for <netconf@ietf.org>; Fri, 13 Sep 2019 07:05:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AbBXvLKx4QAoOnsJZfi9/uvE6/j2/t67xnB3Ze07IwqmIZ7UumT9qxZVhFOc54v5Vg38Puh+CnUiiU5GL7tOcUwXYrAW9NRyVqFcJIlRqtrTy9bPcpIi/pgBmW8cCC851wJf++a0gK5s2/oR4/J/sf/iWzEdZQ1e/jnaySxcQw7n/xbUrQUyxBWKRZ7STqjgmLmsiJZp784g+PdYVFBqua+H5NMdCFK68Vlmy99DRYau/DyUAG78cSoPM7RM3dIhSnmuaxw2adeiIvKwyh7UaF9fSUOvoSBftpWgfGZnQVVvaofbjQ/SNX8zeRgsFaoNTHadEesz/79LKPh/9qY9cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeVAlvYx+nkte2NO1apJW1F3RqUjEVBHT3RL+06ArmA=; b=VrTV9YK5QGEFwPRRD+42n500TFGtL6CeA8phKn4owOcoYt3qwfgl5rtDojdNT70qyfYKay1rs4agr7veJIqPIjc0ZkSFBLQbiIaozj8oo+qULxnF13Zuif5tsnQpczupn6ma5VK7bjBK2ieIjfjnkHrxkchGrSqCXcy0VO2ao+uM5pZdC1LGBdjzSruxudqgOphK39jHPBpCwklYFtzQXVFdb3IWaVU6jPwVBhuz/y625eYYRGouE9iUosxAel8KSVU5BZneIjlgK+7nCOP3JuZ6+7o4XMwx9SIEn7HBGZVg7maxJnPS/w/pAuI7PChkVU6KBHqKURaDyHENZALSVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeVAlvYx+nkte2NO1apJW1F3RqUjEVBHT3RL+06ArmA=; b=cH70gcQ7tZ60/O0i/LOWh+6HjaWQUeWzGi64oM/D0sQtFuIF7orwA4TTYbr0BZeCFMyBxSSXss5YCvTHs3K+34+kqUxH1DlJ7RnCnifPsQ7bIUEVmYQgqOazxTECsDoUpnxF/myHMobF2KRKa0Q4LqUYYgE/fm6cIOJOpRb6hNE=
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (10.186.159.71) by VI1P190MB0238.EURP190.PROD.OUTLOOK.COM (10.172.80.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Fri, 13 Sep 2019 14:05:06 +0000
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e]) by VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e%2]) with mapi id 15.20.2263.021; Fri, 13 Sep 2019 14:05:06 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: "Salz, Rich" <rsalz@akamai.com>
CC: "Rob Wilton (rwilton)" <rwilton@cisco.com>, Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>, Russ Housley <housley@vigilsec.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAAOz4CAAAa0gA==
Date: Fri, 13 Sep 2019 14:05:06 +0000
Message-ID: <20190913140505.2ivwf34byefaafli@anna.jacobs.jacobs-university.de>
References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <MN2PR11MB4366AE6CF9E03B15EBEA3A39B5B30@MN2PR11MB4366.namprd11.prod.outlook.com> <D6740042-7CD9-466F-911A-BA4339042B5D@akamai.com>
In-Reply-To: <D6740042-7CD9-466F-911A-BA4339042B5D@akamai.com>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM4PR0202CA0021.eurprd02.prod.outlook.com (2603:10a6:200:89::31) To VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (2603:10a6:800:12e::7)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 54a49956-3eb5-45af-cc33-08d73853614f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1P190MB0238;
x-ms-traffictypediagnostic: VI1P190MB0238:
x-ms-exchange-purlcount: 3
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VI1P190MB0238EEE8B089442821A4F367DEB30@VI1P190MB0238.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0159AC2B97
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(396003)(366004)(376002)(136003)(346002)(199004)(189003)(486006)(7736002)(316002)(76176011)(52116002)(186003)(66946007)(8936002)(6306002)(6512007)(99286004)(46003)(1076003)(4326008)(6916009)(5660300002)(66476007)(66556008)(64756008)(66446008)(25786009)(86362001)(478600001)(14454004)(966005)(2906002)(229853002)(3450700001)(71190400001)(6436002)(71200400001)(6486002)(6246003)(6116002)(43066004)(85202003)(476003)(6506007)(54906003)(386003)(305945005)(85182001)(8676002)(81166006)(81156014)(11346002)(446003)(53936002)(786003)(102836004)(256004)(777600001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P190MB0238; H:VI1P190MB0686.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 05I9n3grvbgft70qOt4oSTqRiiS43FpzFBESdl+cWfBmuSePqCdNGjqOY5LFQ98VSlCqQUFU3aXG10clQsXoYMQNHoVKK1xfb11B7/0WdGIm1cyhXv/9SmbqRaC57qSDUVizsqViasFkXDFVzC5h9NwvJVOYuEPZKlPN91mUmaeg1S3QJ3m/IhpGPt4g9GGTwLGxAv47Dz1viYlCNA3uyPBd7nL/HIBGlahQBWlwwiR0CMUSQWOTD0JsELZs+kFzr9cKIIonOX9p8E62gjpyHnRcxTFLw+zdTmj/G32g0T5v134HZjPQFXMf2udmlJw3tqBqX//xeRzfOB9dEdmQuCXDAtABa/JRovxxEAQXXd1Y9hW5LGbDe1aZBMBPVv2Se8ujYB9W2ajOezuQrkmvxn9ml8sa8WO+Ihekr/tyVHk=
Content-Type: text/plain; charset="utf-8"
Content-ID: <E3AB64FFEE3CDD469F6AB23A94826002@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 54a49956-3eb5-45af-cc33-08d73853614f
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2019 14:05:06.3205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p4YcNZK6PcuhbOemygP0qTL7vviHrlHgbyPIyG76L2fEbB3lCwOwapnVkIvGRFJkpety/EJJZp/ovjSE+kI4Orf8Ud+ma6CdPnzS7seJdL0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P190MB0238
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ryruFlLvUxDkB9l3hIuT6qV447Y>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 14:05:13 -0000

On Fri, Sep 13, 2019 at 01:41:05PM +0000, Salz, Rich wrote:
> 
> Every OID definition I’ve seen has a name, often both a short name and a long name.  Look at https://oid-info.com  There is also a URN syntax for OID’s. The widely-used OpenSSL has a built-in mapping; see https://github.com/openssl/openssl/blob/master/crypto/objects/objects.txt .
> 

This can get nasty. There are interpretations of what OIDs and
associated 'names' are but in good old ASN.1 things often look quite
different. Even the dotted numeric notation 1.3.6.1 is an IETF
invention, not an ASN.1 notation. The OID URN notation is actually
using a sequence of numbers (see RFC 3061). In ASN.1, you would write
an OID value as { iso(1) org(3) dod(6) iana(1) } and you can associate
'descriptors' to the numbers but they are scoped to the branching
level and I think they only need to be unique within the usage
context. The above does not define that 'dod' always resolves to
1.3.6, or more correctly, to { iso(1) org(3) dod(6) }. In fact, {
iso(1) org(3) foo(6) } is just as good. In some context the uniqueness
issue has been addresses by using ASN.1 module names as prefixes with
different notational markup and so on. The crypto people seem to
bypass this issue by creating long descriptors that hopefully have a
low probability to clash and they seem to treat these descriptor as
registered names, which from an ASN.1 perspective they are not.

Perhaps it is best to not look too much behind the curtain and just
talk about using existing names, avoiding to dive into details what
these names really are and where they come from. Perhaps we need to
move to a more opaque type that can hold names of crypto algorithms
and we point to well-known names (i.e., defined in some IANA
registries) that apply to certain protocol contexts.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email