IETF Logo Mail Archive

Re: [Netconf] WG Last Call Comments ondraft-ietf-netconf-reverse-ssh-03.txt

t.petch <ietfc@btconnect.com> Wed, 14 May 2014 09:17 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C7E1A0291 for <netconf@ietfa.amsl.com>; Wed, 14 May 2014 02:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PLxlVhnUZAhV for <netconf@ietfa.amsl.com>; Wed, 14 May 2014 02:17:23 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0663.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::663]) by ietfa.amsl.com (Postfix) with ESMTP id C5F2F1A027C for <netconf@ietf.org>; Wed, 14 May 2014 02:17:22 -0700 (PDT)
Received: from DBXPRD0610HT005.eurprd06.prod.outlook.com (157.56.252.181) by DBXPR07MB063.eurprd07.prod.outlook.com (10.242.147.22) with Microsoft SMTP Server (TLS) id 15.0.944.11; Wed, 14 May 2014 09:16:53 +0000
Message-ID: <021c01cf6f54$e6ed96a0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Kent Watsen <kwatsen@juniper.net>, "Bert Wijnen (IETF)" <bertietf@bwijnen.net>
References: <201403251517.LAA15291@adminfs.snmp.com> <CF58ED17.65F0C%kwatsen@juniper.net> <533D47CF.30402@bwijnen.net> <01f401cf5342$4d48d740$4001a8c0@gateway.2wire.net> <032f01cf6524$71cb2340$4001a8c0@gateway.2wire.net> <5368C366.8070509@bwijnen.net> <023701cf69d5$abcfb320$4001a8c0@gateway.2wire.net> <CF8FD96F.6E752%kwatsen@juniper.net> <007201cf6a9c$aa76f980$4001a8c0@gateway.2wire.net> <CF929D94.6F4D4%kwatsen@juniper.net> <00da01cf6dd5$ce36e740$4001a8c0@gateway.2wire.net> <CF9664F8.6F7B6%kwatsen@juniper.net>
Date: Wed, 14 May 2014 10:10:43 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.252.181]
X-ClientProxiedBy: DBXPR07CA001.eurprd07.prod.outlook.com (10.255.191.159) To DBXPR07MB063.eurprd07.prod.outlook.com (10.242.147.22)
X-Forefront-PRVS: 0211965D06
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(51704005)(377454003)(13464003)(164054003)(77156001)(93916002)(86362001)(99396002)(14496001)(83072002)(85852003)(92566001)(92726001)(1941001)(19300405004)(50986999)(88136002)(87976001)(15202345003)(87286001)(81686999)(23756003)(89996001)(81816999)(76176999)(64706001)(74502001)(81542001)(81342001)(31966008)(15975445006)(61296002)(20776003)(47776003)(101416001)(76482001)(80022001)(66066001)(44736004)(77982001)(50226001)(46102001)(74662001)(42186004)(4396001)(33646001)(84392001)(50466002)(62236002)(79102001)(44716002)(102836001)(62966002)(83322001)(21056001)(19580405001)(19580395003)(74416001)(7726001)(562404015); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR07MB063; H:DBXPRD0610HT005.eurprd06.prod.outlook.com; FPR:; MLV:nov; PTR:InfoNoRecords; MX:1; A:0; LANG:;
Received-SPF: None (: btconnect.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
X-OriginatorOrg: btconnect.com
Archived-At: http://mailarchive.ietf.org/arch/msg/netconf/sEw0eMs9LsWbZzH_I-5bi-K5Zvk
Cc: netconf@ietf.org
Subject: Re: [Netconf] WG Last Call Comments ondraft-ietf-netconf-reverse-ssh-03.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 09:17:26 -0000

----- Original Message -----
From: "Kent Watsen" <kwatsen@juniper.net>
To: "t.petch" <ietfc@btconnect.com>; "Bert Wijnen (IETF)"
<bertietf@bwijnen.net>
Cc: <netconf@ietf.org>
Sent: Monday, May 12, 2014 5:37 PM

Hi Tom,

>This is where we start to part company.  A host key is a host key, it
is
>public, it is generated for me as part of a key pair for use in public
>key cryptography.  Of itself, it conveys nothing, no verification, no
>validation, no identification.
>
>It only acquires value when it can be tied into an identity or
>identifier, which X.509 certificates do.  Or it can preconfigured into
>the NMS (the key or a fingerprint thereof) but is the act of
configuring
>that gives the key some value, there is nothing inherent in the key.


RFC 4251 section 4.1 on "Host Keys" extends the definition to include
certificates too.

>You say in the I-D that this does not scale, but that is true of
>(almost) everything.  If you use X.509 certificates, then they bind the
>key to an identity; guess what, that identity has to be configured into
>the NMS, so if configuring raw keys does not scale then neither do
X.509
>certificates:-(

Yes, the NMS needs to be programed with the identity of the CA, but that
one CA can vouch for any number of devices.   This *is* scalable, from
the
NMS's POV.   What is potentially not scalable, is the need to provision
each device with a signed certificate, as the naïve solution would again
be per-device, though it has the up-side that the
certificate-provisioning
could be delegated to a 3rd-party, leveraging PKI to its fullest.
However, any solution that needs the device to be "touched" before being
put into commission is not ideal.  The  only no-touch solution I know of
is for the device to already have a signed-certificate when released
from
its manufacturer's factory.  This is the strategy is codified in the
zero-touch draft.


<tp>
Kent,

No, we are still not meeting anywhere in the middle.

It seems to me that you are proposing that all devices share the same
private key and so the same public key (in which case the choice of CA
seems irrelevant).

AFAICT, anything else requires that the NMS is configured with some
identifier for each and every device, which could be the public key,
could be something that appears in the subjectAltName, could be the IP
address (although I think not for 'call home') etc.

I see you describing this per device configuration as 'does not scale'
but I see no other way.

As
http://www.rfc-editor.org/rfc/rfc5592.txt
says "this requires the client
   to know the host's public key a priori and to verify that the correct
   key is being used."
which is the sort of thing I would expect to see, in the absence of
X.509 certificates.  With certificates, then you know the subjectAltName
a priori.  Either way, you configure the NMS for every device.

Tom Petch

>The only thing that scales is Trust On First Use, which I think too
>flaky for us to recommend.  Manual acceptance when a key is first used
>is more secure, but, arguably, scales no better.

Agreed, TOFU is not ideal.



>We have been here before - look at RFC5592, which basically says
>'preconfigure host keys' to which I would now add 'or else use
>certificates', RFC6125 etc.
>
>So my section 5 (skating over PGP use) would be more like
>
>"When the management system accepts a new incoming TCP connection on
the
>NETCONF over SSH Call Home port, it starts the SSH client protocol. As
>the SSH client, it MUST authenticate the SSH server, by both
identifying
>the network element and verifying its SSH host key.
>
>When not using call home, the management system initiates the TCP
>connection and so may place some reliance on the fact that the device
>that responds is the one that it is configured to communicate with.
>With call home, the network element initiates the TCP connection and no
>reliance can be placed on the source IP address of the TCP connection.
>Identifying the remote peer by its source IP address, as recommended in
>[RFC6187] is NOT RECOMMENDED in the case of call home, unless the
>network takes steps to validate IP source addresses.
>
>The management system may be configured with the host keys of the
>network elements, or fingerprints thereof, and these MAY be used as an
>identifier.
>
>The management system MAY request manually verification of a host key
or
>a fingerprint thereof the first time the network element connects, and
>any time the host key changes thereafter.
>
>Digital certificates, such as those in X.509 version 3 (X.509v3) bind a
>public key to a digital identity [RFC5280] and are used in many
>environments for identity management.  This approach is discussed in
>more detail in [5539bis]; this approach is RECOMMENDED."


This text is almost the same as what is there now.  One thing different
is
I don't see the word "scale" anymore.   So you want 5539bis to say PKI
is
scalable and hence particularly suitable for NMS and then have this
draft
reference it for that fact?   You didn't provide text for 5539bis, so
I'm
just guessing, is there anything else?


Thanks,
Kent

v2.23.0 | Report a Bug | By Email