Re: [netconf] crypto-types fallback strategy
Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Fri, 13 September 2019 14:05 UTC
Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61199120047 for <netconf@ietfa.amsl.com>; Fri, 13 Sep 2019 07:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FROM_EXCESS_BASE64=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jg9qD5qFpooE for <netconf@ietfa.amsl.com>; Fri, 13 Sep 2019 07:05:09 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0630.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E3612002F for <netconf@ietf.org>; Fri, 13 Sep 2019 07:05:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AbBXvLKx4QAoOnsJZfi9/uvE6/j2/t67xnB3Ze07IwqmIZ7UumT9qxZVhFOc54v5Vg38Puh+CnUiiU5GL7tOcUwXYrAW9NRyVqFcJIlRqtrTy9bPcpIi/pgBmW8cCC851wJf++a0gK5s2/oR4/J/sf/iWzEdZQ1e/jnaySxcQw7n/xbUrQUyxBWKRZ7STqjgmLmsiJZp784g+PdYVFBqua+H5NMdCFK68Vlmy99DRYau/DyUAG78cSoPM7RM3dIhSnmuaxw2adeiIvKwyh7UaF9fSUOvoSBftpWgfGZnQVVvaofbjQ/SNX8zeRgsFaoNTHadEesz/79LKPh/9qY9cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeVAlvYx+nkte2NO1apJW1F3RqUjEVBHT3RL+06ArmA=; b=VrTV9YK5QGEFwPRRD+42n500TFGtL6CeA8phKn4owOcoYt3qwfgl5rtDojdNT70qyfYKay1rs4agr7veJIqPIjc0ZkSFBLQbiIaozj8oo+qULxnF13Zuif5tsnQpczupn6ma5VK7bjBK2ieIjfjnkHrxkchGrSqCXcy0VO2ao+uM5pZdC1LGBdjzSruxudqgOphK39jHPBpCwklYFtzQXVFdb3IWaVU6jPwVBhuz/y625eYYRGouE9iUosxAel8KSVU5BZneIjlgK+7nCOP3JuZ6+7o4XMwx9SIEn7HBGZVg7maxJnPS/w/pAuI7PChkVU6KBHqKURaDyHENZALSVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeVAlvYx+nkte2NO1apJW1F3RqUjEVBHT3RL+06ArmA=; b=cH70gcQ7tZ60/O0i/LOWh+6HjaWQUeWzGi64oM/D0sQtFuIF7orwA4TTYbr0BZeCFMyBxSSXss5YCvTHs3K+34+kqUxH1DlJ7RnCnifPsQ7bIUEVmYQgqOazxTECsDoUpnxF/myHMobF2KRKa0Q4LqUYYgE/fm6cIOJOpRb6hNE=
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (10.186.159.71) by VI1P190MB0238.EURP190.PROD.OUTLOOK.COM (10.172.80.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Fri, 13 Sep 2019 14:05:06 +0000
Received: from VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e]) by VI1P190MB0686.EURP190.PROD.OUTLOOK.COM ([fe80::d48a:ffa3:4fff:141e%2]) with mapi id 15.20.2263.021; Fri, 13 Sep 2019 14:05:06 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: "Salz, Rich" <rsalz@akamai.com>
CC: "Rob Wilton (rwilton)" <rwilton@cisco.com>, Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>, Russ Housley <housley@vigilsec.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAAOz4CAAAa0gA==
Date: Fri, 13 Sep 2019 14:05:06 +0000
Message-ID: <20190913140505.2ivwf34byefaafli@anna.jacobs.jacobs-university.de>
References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <MN2PR11MB4366AE6CF9E03B15EBEA3A39B5B30@MN2PR11MB4366.namprd11.prod.outlook.com> <D6740042-7CD9-466F-911A-BA4339042B5D@akamai.com>
In-Reply-To: <D6740042-7CD9-466F-911A-BA4339042B5D@akamai.com>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM4PR0202CA0021.eurprd02.prod.outlook.com (2603:10a6:200:89::31) To VI1P190MB0686.EURP190.PROD.OUTLOOK.COM (2603:10a6:800:12e::7)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 54a49956-3eb5-45af-cc33-08d73853614f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1P190MB0238;
x-ms-traffictypediagnostic: VI1P190MB0238:
x-ms-exchange-purlcount: 3
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VI1P190MB0238EEE8B089442821A4F367DEB30@VI1P190MB0238.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0159AC2B97
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(396003)(366004)(376002)(136003)(346002)(199004)(189003)(486006)(7736002)(316002)(76176011)(52116002)(186003)(66946007)(8936002)(6306002)(6512007)(99286004)(46003)(1076003)(4326008)(6916009)(5660300002)(66476007)(66556008)(64756008)(66446008)(25786009)(86362001)(478600001)(14454004)(966005)(2906002)(229853002)(3450700001)(71190400001)(6436002)(71200400001)(6486002)(6246003)(6116002)(43066004)(85202003)(476003)(6506007)(54906003)(386003)(305945005)(85182001)(8676002)(81166006)(81156014)(11346002)(446003)(53936002)(786003)(102836004)(256004)(777600001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P190MB0238; H:VI1P190MB0686.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 05I9n3grvbgft70qOt4oSTqRiiS43FpzFBESdl+cWfBmuSePqCdNGjqOY5LFQ98VSlCqQUFU3aXG10clQsXoYMQNHoVKK1xfb11B7/0WdGIm1cyhXv/9SmbqRaC57qSDUVizsqViasFkXDFVzC5h9NwvJVOYuEPZKlPN91mUmaeg1S3QJ3m/IhpGPt4g9GGTwLGxAv47Dz1viYlCNA3uyPBd7nL/HIBGlahQBWlwwiR0CMUSQWOTD0JsELZs+kFzr9cKIIonOX9p8E62gjpyHnRcxTFLw+zdTmj/G32g0T5v134HZjPQFXMf2udmlJw3tqBqX//xeRzfOB9dEdmQuCXDAtABa/JRovxxEAQXXd1Y9hW5LGbDe1aZBMBPVv2Se8ujYB9W2ajOezuQrkmvxn9ml8sa8WO+Ihekr/tyVHk=
Content-Type: text/plain; charset="utf-8"
Content-ID: <E3AB64FFEE3CDD469F6AB23A94826002@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 54a49956-3eb5-45af-cc33-08d73853614f
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2019 14:05:06.3205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p4YcNZK6PcuhbOemygP0qTL7vviHrlHgbyPIyG76L2fEbB3lCwOwapnVkIvGRFJkpety/EJJZp/ovjSE+kI4Orf8Ud+ma6CdPnzS7seJdL0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P190MB0238
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ryruFlLvUxDkB9l3hIuT6qV447Y>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 14:05:13 -0000
On Fri, Sep 13, 2019 at 01:41:05PM +0000, Salz, Rich wrote: > > Every OID definition I’ve seen has a name, often both a short name and a long name. Look at https://oid-info.com There is also a URN syntax for OID’s. The widely-used OpenSSL has a built-in mapping; see https://github.com/openssl/openssl/blob/master/crypto/objects/objects.txt . > This can get nasty. There are interpretations of what OIDs and associated 'names' are but in good old ASN.1 things often look quite different. Even the dotted numeric notation 1.3.6.1 is an IETF invention, not an ASN.1 notation. The OID URN notation is actually using a sequence of numbers (see RFC 3061). In ASN.1, you would write an OID value as { iso(1) org(3) dod(6) iana(1) } and you can associate 'descriptors' to the numbers but they are scoped to the branching level and I think they only need to be unique within the usage context. The above does not define that 'dod' always resolves to 1.3.6, or more correctly, to { iso(1) org(3) dod(6) }. In fact, { iso(1) org(3) foo(6) } is just as good. In some context the uniqueness issue has been addresses by using ASN.1 module names as prefixes with different notational markup and so on. The crypto people seem to bypass this issue by creating long descriptors that hopefully have a low probability to clash and they seem to treat these descriptor as registered names, which from an ASN.1 perspective they are not. Perhaps it is best to not look too much behind the curtain and just talk about using existing names, avoiding to dive into details what these names really are and where they come from. Perhaps we need to move to a more opaque type that can hold names of crypto algorithms and we point to well-known names (i.e., defined in some IANA registries) that apply to certain protocol contexts. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- [netconf] FW: crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Holland, Jake
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] [Taps] crypto-types fallback strate… tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Wang Haiguang
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund