IETF Logo Mail Archive

Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-crypto-types-29: (with DISCUSS and COMMENT)

Kent Watsen <kent+ietf@watsen.net> Fri, 09 February 2024 00:01 UTC

Return-Path: <0100018d8b2ac50d-f59fa3d6-6f0d-4091-a030-f79e3a1632b0-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B21FC14F684; Thu, 8 Feb 2024 16:01:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLz5JZjbPa_P; Thu, 8 Feb 2024 16:00:59 -0800 (PST)
Received: from a48-92.smtp-out.amazonses.com (a48-92.smtp-out.amazonses.com [54.240.48.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B28D4C14F600; Thu, 8 Feb 2024 16:00:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1707436852; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=tz68P431o3E+0sanslpYyKRwvpi1x+UuJqSyjG1mJ/Y=; b=jA9+ViCqMLWsEo1w+TApuSnggCJwJWHHx3h3XXtRltzf48GlfcQqsbBOjYwLdqnk 4GgJp7OfBSfsvTE9Vy/UE6ajzIQCLF+pkSqEFR3Q5dFjrpaoZwM6gOGsd8wGMxqtINq ZZGaP7zMiw1T7X1yo3y6/J1LKu7eYEb5FBFmlU4s=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018d8b2ac50d-f59fa3d6-6f0d-4091-a030-f79e3a1632b0-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3D159B09-0D4A-46D8-9AC5-22B67830572C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Fri, 09 Feb 2024 00:00:52 +0000
In-Reply-To: <BN2P110MB1107B45FA9BD7BEA8001BC8BDC44A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-netconf-crypto-types@ietf.org" <draft-ietf-netconf-crypto-types@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
To: Roman Danyliw <rdd@cert.org>
References: <170656963762.34041.922180093314268674@ietfa.amsl.com> <0100018d607eee07-04a9a8b6-3256-42d4-95e7-e9636b953246-000000@email.amazonses.com> <BN2P110MB1107B45FA9BD7BEA8001BC8BDC44A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.02.09-54.240.48.92
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/shMGj5Vt_ys_Li-mFWgyk6fNDuA>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-crypto-types-29: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 00:01:00 -0000

Hi Roman,

Thank you for accepting my responses and clearing your DISCUSS position.
Please find more comments below.

Kent


> On Feb 8, 2024, at 2:27 PM, Roman Danyliw <rdd@cert.org> wrote:
> 
> Hi Kent!
> 
> Thanks for your detailed response and for producing -30.  I've cleared my DISCUSS position.  One response below to a COMMENT ...
> 
>> -----Original Message-----
>> From: iesg <iesg-bounces@ietf.org> On Behalf Of Kent Watsen
>> Sent: Wednesday, January 31, 2024 12:09 PM
>> To: Roman Danyliw <rdd@cert.org>
>> Cc: The IESG <iesg@ietf.org>; draft-ietf-netconf-crypto-types@ietf.org;
>> netconf-chairs@ietf.org; netconf@ietf.org
>> Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-crypto-
>> types-29: (with DISCUSS and COMMENT)
> 
> [snip]
> 
>>> ** Section 3.5.
>>>  When accessing key values, it is desireable that implementations
>>>  ensure that the strength of the keys being accessed is not greater
>>>  than the strength of the underlying secure transport connection over
>>>  which the keys are conveyed.  However, comparing key strengths can be
>>>  complicated and difficult to implement in practice.
>>> 
>>> I don’t understand the guidance in this section.  I would have
>>> benefited from clarity in the following areas.
>>> 
>>> -- Explain the impact of using keys whose strength exceeds the
>>> underlying transport connection (i.e., it doesn’t offer more security)
>>> 
>>> -- The verb “accessing” is confusing.  Let’s say that an
>>> implementation notices a discrepancy between key strength, what is it
>> supposed to do?
>>> 
>>> -- The last sentence (“However, comparing ...) seems to acknowledge
>>> (correctly) that this advice might not be practical.  Is the WG sure the text is
>> needed?
> 
> I appreciate the revised text.  I'm still no clear on what action implementations should take on detection of the mismatch.

Section 3.5 is the "Strength of Keys Conveyed” consideration.

Hmmm, I suppose this consideration is more directed at the servers than the clients.
If a key of greater strength is conveyed over a transport of lesser strength, I’d suspect that the key should be destroyed, as its strength is no longer assured - agreed?

That said, see next comment...



>>> ** Section 3.5.
>>>  That said, expert Security opinion suggests that already it is
>>>  infeasible to break a 128-bit symmetric key using a classical
>>>  computer, and thus the concern for conveying higher-strength keys
>>>  begins to lose its allure.
>>> 
>>> Recommend removing this generic statement.  There would be a variety
>>> of reasons operators might choose to use symmetric keys in excess of
>>> 128-bits, policy being one of them.
>> 
>> I’m happy to remove Section 3.5 (Strength of Keys Conveyed) entirely.
>> 
>> IDK if there is any value to keeping it.   I only added it because it is something
>> I remembered from a past life.  No one ever asked me to add this Section...
>> 
>> Is my understanding from your "Is the WG sure the text is needed?” above that
>> you lean towards removing Section 3.5?
> 
> Exactly.  I didn't find the guidance actionable.

Section 3.5 removed (thus above comment is mute)

PS: this is going to mess-up the Section-numbers.


>>> ** Section 3.6
>>>  Implementations SHOULD only use secure transport protocols meeting
>>>  local policy.  A reasonable policy may, e.g., state that only
>>>  ciphersuites listed as "recommended" by the IETF be used (e.g.,
>>>  [RFC7525] for TLS).
>>> 
>>> -- Would there be instances where implementation would use secure
>>> transport that _doesn’t_ meet local policy?
>> 
>> Shouldn’t be, but maybe a rouge new employee doesn’t know it ;)
>> 
>> Is your point that we should s/SHOULD/MUST/ here?
> 
> Yes, exactly.

This section (Use of Recommended Ciphersuites) was removed in -30 per another review comment.

Essentially, there is no need for this document to repeat guidance must appear in other documents, e.g., those the regard the protocols themselves, not just the configuration of client/server stacks...

Thus I’m unable to take any action here.

> 
>>> -- RFC7525 has been obsoleted.  s/RFC7525/RFC9325/
>> Updated - thanks!
> 
> Roman

Kent

v2.23.0 | Report a Bug | By Email