Re: [netconf] Paul Wouters' Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS)
Paul Wouters <paul.wouters@aiven.io> Sun, 04 February 2024 15:13 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAB96C14F6E2 for <netconf@ietfa.amsl.com>; Sun, 4 Feb 2024 07:13:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HVnwcunFGSD for <netconf@ietfa.amsl.com>; Sun, 4 Feb 2024 07:13:03 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B680CC14F5EA for <netconf@ietf.org>; Sun, 4 Feb 2024 07:13:03 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-51137c8088dso2967517e87.1 for <netconf@ietf.org>; Sun, 04 Feb 2024 07:13:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1707059581; x=1707664381; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=b3ywzNVS63z8R2YyRgtRH9pjK5WZKJ6JPJIvZJOWV38=; b=CIeik5q1M8F9g7QaAYNNf4rZ9CHyKV9wdp0Zn0u2dvsl0Y3gdCl6lCZw+R2ylTd1JV QU1OMSSmI6hrDyenrMJfjSINd3KD1yffswKMtS0m3mPgwKAoR6UeWx60Y19OQw0WqBOT 5cOu+iOjH9iLPc575QkhCfEpgMcBjekAcunjM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707059581; x=1707664381; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b3ywzNVS63z8R2YyRgtRH9pjK5WZKJ6JPJIvZJOWV38=; b=kixD2lNv9mOegdu6+Kg/5HLqDgpInp9/bKsGLfZSjKSE4qHHT54typConSA8Q58a1e Muk2ghcEj9iBbWVXwzbwmNgOCAhB6/ciL19zKLodnqSNl3j3a+xKhkYN6rs7J2Pw1jE3 tk4eJ0TtwvoYc6l+BjllV0Sjkl9DizWx4vzk7l4z6fMTkkHO4N1ZSMZUtJBWbas7FCud nvFFXafLACR+2VGa8EOi8eKBWS1zjdAihseCcakoH15G3VfO+kUrOTGRIR3Xy/GODQaf 9DiBdJe90L7UEntcGrk6DFaeCvJMzJ2mmkj0UOtcftEGN7PuWE5rlDF112ulWKfABvsa tXyQ==
X-Gm-Message-State: AOJu0YzVN6jaDvefJEXENoLeJ87PJSBL6Fu/oJpn6zPePi5mXMo4mlde uUKrwLwzslTCuo1NQRVIOeA+oEJiNSswVlrZC+qCeK/mtNppXsguNzXEF05Trw4=
X-Google-Smtp-Source: AGHT+IH9Rm+0EfGWAgnqHDQq7Brd5aTbcoLhut+/XxQbIe4efazgJ73DtVPsVnE+dWzrVHjc2UvEYA==
X-Received: by 2002:a05:6512:2c94:b0:511:4a6e:862b with SMTP id dw20-20020a0565122c9400b005114a6e862bmr1461835lfb.43.1707059581250; Sun, 04 Feb 2024 07:13:01 -0800 (PST)
X-Forwarded-Encrypted: i=0; AJvYcCWsnhUax9kP/n3QL5oroLiK21n//UCPxmoFXiY+EBvbwtVjatiwhyKOlOpqzw1Sx2dDPtkVVHbFLrCKiTQp44jaMjrHVnQZRKIDD5E8T4VyZoVmNIjmqlRQWgajFfsTtOWZpg2iFAi21wUQGppUtbrs1pqLAO4GYGO6Oj0Kqa+OjO0Ydy7oMt4FPI9IwL73ADBGtkQ0wmrXtmY/HGVgRH9kY9lIBqeruGSuQMJW
Received: from smtpclient.apple ([74.122.52.94]) by smtp.gmail.com with ESMTPSA id g9-20020a170906348900b00a3522154450sm3288371ejb.12.2024.02.04.07.13.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 04 Feb 2024 07:13:00 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-DA7B588F-0267-4339-869C-AC92B87866AA"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul.wouters@aiven.io>
Mime-Version: 1.0 (1.0)
Date: Sun, 04 Feb 2024 10:12:48 -0500
Message-Id: <0214D269-0D5E-4A2A-A9D5-A722744440D3@aiven.io>
References: <0100018d6ab71c20-86eb941d-aad5-4f0e-bde5-7f40f4e60318-000000@email.amazonses.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netconf-keystore@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, Qin Wu <bill.wu@huawei.com>, Mahesh Jethanandani <mjethanandani@gmail.com>
In-Reply-To: <0100018d6ab71c20-86eb941d-aad5-4f0e-bde5-7f40f4e60318-000000@email.amazonses.com>
To: Kent Watsen <kent+ietf@watsen.net>
X-Mailer: iPhone Mail (21D50)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ukmUy44cIvYNl2SqXosqyAM6VR0>
Subject: Re: [netconf] Paul Wouters' Discuss on draft-ietf-netconf-keystore-30: (with DISCUSS)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Feb 2024 15:13:08 -0000
Looks good, thanks. I guess the cert name is an arbitrary string than to reference the certificate by? Paul Sent using a virtual keyboard on a phone > On Feb 2, 2024, at 11:46, Kent Watsen <kent+ietf@watsen.net> wrote: > > Hi Paul, > > Thank you for your review. > Please find responses below. > > Kent > >>> On Jan 31, 2024, at 9:58 PM, Paul Wouters via Datatracker <noreply@ietf.org> wrote: >>> >>> Paul Wouters has entered the following ballot position for >>> draft-ietf-netconf-keystore-30: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >>> for more information about how to handle DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> I support Roman's discuss with respect to the backup/restore procedure. Perhaps >>> limit it to say that a global KEK could be used to facilitate this, but not go >>> into details on how this would work with diagrams? >> >> I’m hoping that my response to Roman was convincing. >> >> I think that this section can be fixed by adding text to provide any clarifications needed. >> >> >> Similar to draft-ietf-yang-crypto-types: >> >> | +--rw certificates >> | | +--rw certificate* [name] >> | | +--rw name string >> >> Certificate identity is either done by entire DN, The Common Name (CN) RDN, >> or by a list of subjectAltName (SAN) entries. Can the latter be expressed >> here? Should a type be introduced? ("CN", "DN", "SAN") ? Should the type be >> a list as 1 certificate can have multiple identities via multiple SAN entries. >> >> See also: >> >> +--rw end-entity-cert-with-key* [name] >> +--rw name >> | string > > The same comment was made by Éric. > > I’m trying to not require the “name” be any particular value found in a cert. > > The documentation could suggest cert-values as good candidates, but maybe that’s too obvious? > > >> Section 4.1: >> >> A server MUST possess (or be able to possess, in case the KEK has >> been encrypted by yet another KEK) a KEK's cleartext value so that >> it can decrypt the other keys in the configuration at runtime. >> >> Perhaps "MUST possess access to KEK or API using the KEK"? A server might >> be using a TEE and not really have the KEK itself, but it can send a decryption >> job to an API inside the TEE that could use the KEK and return the decrypted >> key. In this case, the server does sort of "possess" the key but never its >> "cleartext value". > > Completely agree - great suggestion! > > OLD: > - <t>A server MUST possess (or be able to possess, in case the KEK has > - been encrypted by yet another KEK) a KEK's cleartext value so that it > - can decrypt the other keys in the configuration at runtime.</t> > > NEW: > + <t>A server MUST possess access to the KEK or an API using the KEK, > + so that it can decrypt the other keys in the configuration at runtime.</t> > > > >> Section 4.2: >> >> Implementations SHOULD provide an API that simultaneously generates and >> encrypts a key (symmetric or asymmetric) using a KEK. >> >> Should that say "(symmetric or private asymmetric)" ? > > It could, but I found the result more confusing. e.g., do we refer to the generated-key or the KEK that may be symmetric or asymmetric? I found that removing that text allowed for a better flow without losing much; that any kind of key can be encrypted by any other kind of key is defined in the YANG module. So this is what I came up with: > > OLD: > <t>Implementations SHOULD provide an API that simultaneously generates > - and encrypts a key (symmetric or asymmetric) using a KEK. Thus the > cleartext value of the newly generated key may never be known to the > administrators generating the keys.</t> > > NEW > <t>Implementations SHOULD provide an API that simultaneously generates > + a key and encrypts the generated key using a KEK. Thus the > cleartext value of the newly generated key may never be known to the > administrators generating the keys.</t> > > Good? > > >> Section 5.1: >> >> In order to satisfy the expectations of a "keystore", it >> is RECOMMENDED that implementations ensure that the keystore >> contents are encrypted when persisted to non-volatile memory. >> >> I would probably add "and ensure keystore contents that have been decrypted in >> volatile memory are zeroized when not in use". > > Hmmm, but the section title is "Security of Data at Rest”… > > Okay, I changed the title to “Security of Data at Rest and in Motion”. > I also added your text, and dropped the middle paragraph. > > The diff is convoluted, but the final result is this: > > <section title="Security of Data at Rest and in Motion"> > <t>The YANG module defined in this document defines a mechanism called a > "keystore" that intends to protect its contents from unauthorized > disclosure and modification.</t> > <t>In order to satisfy the expectations of a "keystore", it > is RECOMMENDED that implementations ensure that the keystore > contents are encrypted when persisted to non-volatile memory, > and ensure that the keystore contents that have been decrypted > in volatile memory are zeroized when not in use.</t> > </section> > > Fixed? > > FYI, zeroisation is also discussed in the "crypto-types" draft here: > https://datatracker.ietf.org/doc/html/draft-ietf-netconf-crypto-types-29#section-3.9 > > > Thanks again, > Kent > >
- [netconf] Paul Wouters' Discuss on draft-ietf-net… Paul Wouters via Datatracker
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Paul Wouters