Re: [Netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-zerotouch-25: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Sat, 29 December 2018 19:04 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12EE412008F; Sat, 29 Dec 2018 11:04:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSrSObzAtDGm; Sat, 29 Dec 2018 11:04:02 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820112.outbound.protection.outlook.com [40.107.82.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097A8129AA0; Sat, 29 Dec 2018 11:04:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RguKRE+z2aFn9/Ls3KhVa9ewvMT1l0txt51EMQg00DI=; b=MKVplDeK4qoUuvEEpH5rvpi8yzsnYQnv5zTH6dew73ZdFf5+K3Cg5Pt8bfyqhw1n3s2EIbNmB1BAPayaqa1r/40kpbkXG1t6PSq6FE3dUSfs7irNgA5WONfhxKZCwbamATI158cRmALSfkTEGZNvNkwZRLfCJJ/4CRtl9oC4hkY=
Received: from BN6PR0101CA0003.prod.exchangelabs.com (2603:10b6:405:2a::16) by BL0PR01MB4020.prod.exchangelabs.com (2603:10b6:208:41::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1471.20; Sat, 29 Dec 2018 19:03:59 +0000
Received: from DM3NAM03FT064.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::205) by BN6PR0101CA0003.outlook.office365.com (2603:10b6:405:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.20 via Frontend Transport; Sat, 29 Dec 2018 19:03:59 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT064.mail.protection.outlook.com (10.152.83.1) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.11 via Frontend Transport; Sat, 29 Dec 2018 19:03:58 +0000
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wBTJ3s0T020756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 29 Dec 2018 14:03:57 -0500
Date: Sat, 29 Dec 2018 13:03:54 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Kent Watsen <kwatsen@juniper.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-netconf-zerotouch@ietf.org" <draft-ietf-netconf-zerotouch@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20181229190354.GB57547@kduck.kaduk.org>
References: <154390493154.31734.13025584839857369253.idtracker@ietfa.amsl.com> <F526DA60-77EC-45D6-ADE0-B345020A89BF@juniper.net> <CFE18196-AC39-4BF7-94A9-98AA6ADCAEAB@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CFE18196-AC39-4BF7-94A9-98AA6ADCAEAB@juniper.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(136003)(39860400002)(2980300002)(199004)(189003)(88552002)(186003)(4326008)(126002)(476003)(2906002)(106002)(16586007)(58126008)(36906005)(54906003)(305945005)(246002)(486006)(6246003)(786003)(316002)(229853002)(106466001)(46406003)(14444005)(50466002)(478600001)(26005)(8676002)(47776003)(9686003)(76176011)(55016002)(7696005)(75432002)(86362001)(6666004)(5660300001)(956004)(426003)(104016004)(33656002)(1941001)(6916009)(1076003)(23726003)(97756001)(53416004)(356004)(336012)(446003)(26826003)(11346002)(8936002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4020; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT064; 1:MJcC+nuHbj5dGB5G6v6O/rhoTfy3g5tyQFzFPMXjj0YUMmhQcV8uCuLRGDPPXoY2fILoKiKZ45gM+nE6VakSgxCy14jDPcJJrckTx+joVOrfBJ8OB3U7tTHBoxSG8ai0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6e118a82-7f29-46a3-b789-08d66dc06377
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:BL0PR01MB4020;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4020; 3:ZvP+80ypWr9ltvhsoTyY+AeWbkrIijm1nsctI0M1YKRjbEb0Z1sPrlFFXhmX5nezhfyknTIUvenZjyfhZbgkBy9KZR6Da7cayT05jc6iiMMRAAQOxBO2/1SgPyS1kBy+/XZiwmjEYGOBNqdwqafwsow1vmd6vHRbFMQaRin2cWD9zoRGT/Uuu2gIfbDSrnHRTfPUvCvhYaquQJ5qzzpbiFPul5Er81Sor3pTNlqn5ZSkDzTYMBBcrrWvik+tUPlxjKokQUQF5wQe5+7ngvDLa067YgwcHQaS0Fea2t1b/fMv8uaw8rh5jCifCO/3EBBSuA3X1JaUGCbgEXbGI6XeWg==; 25:cL4+BGn0Xzza3JbMnzQvkyF6j+tQwtmOB6wi0/aUo+PmAgb3TIK/bMivlhzpUhNe3/mE45xR9IwLhXiX+F5Ctnr+VN1RQ6hFLQfZHlsQcRczJSRTuX7iAWCWiE5vG5l8qheKFJmyLhZHrC6rfaFPYFn7+jOcrv1GgvqQs1dsxSSuL8+m9gv/a67B7ZL24siRNUQyysAmAGyF0H/TIIdNvR4cn4tEUssVJixVxR2NmqPISXgTZhTcmnB8GSKWELkDwX8i/YC3Kr0NdOcv29WEgvakKqgMHHQO/C0ogMZdw8cidcenE/kfpXtRtlJ7V/zX3l3pOhNTnzGR+bVyhXXjWA==; 31:RKU0Jyp3ZZWqVqNrmM/rKmiPjlXR96kl0JcvPDAIknmHtTp1laUb5ioEByFjCYmSePIpHmzpJ4Q27DQlKhwOdqRGOM+sirRw/eKB80AZ5I9qmKttALRR/TiJ75qATSl558XeWIHe17F5yybP8koGaH52qiDadxgSt2JpMvsDIviUFGd/vMhhDKg0aWQRI437ozT33/Wpt9Xm8DAvs96TvDTQ/MMrlg5VyYNmuOblDU8=
X-MS-TrafficTypeDiagnostic: BL0PR01MB4020:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4020; 20:rAsX7Mit9vnpTFEoxO6pXsqcT37ylWj4qNDzNY0mtLSFlgbTPFPtXjG9m9bj9wjlsw5CvI4YB6nhOF6o1mzpvklZ2pGXaAApyLcA7/XHeW0xGEasfQU6R7cC0sn0IB+cVL5nlTnqq+XgGaGEoVQX/tEIyw09FzQa0esc9As1BnaoLEkbx26PszJ2F+mqFVqWuAvWAjCNaVM9m6L7ka4qafUBleOXCgsX05dZXRm+BirzZBC+dNPF3nSk807DdlnnB+qBwMvmCyxDdMGi3hkUrzNSGAEhrzzbXkRtUFL8ouTx9uo11BqjM2gzb5UUjetmVcgUYmPDEbBwIZlXY44U/8nhKPVfJ6YLk4FDsrL1bTf05O9Ik+l+d+eBZ6dmvgNJbHHowf2fRhSLscF2CShnRNFFAly8ZFGcAMStljAhcCuJFCLnk9ogQYdmop9k934Zz+6w6KVGTvQ20XidyM+TfYPrr6z4ArRfp8cJyiBfvw/ooBmGtUdEAn1o7Z+Lsik6; 4:ADAsRVwtawCfEc7168xGs1Xr8CHAKu3Gpw3fy4OJZfWQ+8QrUhzxL4vbKQSWQwaGQR3bys2tExo2YGtHhrNUpkxkepLSHxD2BWPVDz7Q9j0XfNVjHVDjrmaR1EEOWjIxgJOk+PcNtsfxRaiFovzttlLo3ihxPdCU5NzN1bZ656wm0mWrasK1tC+WtQtdlDPQj3cif67Y9jFbXP8M08aEmEh+aRJjNNg68kXE6TWxOUQ9dVxljI37xH4Vzwlb0v8Tw/NBGWWOLqKCk5mbBI6bIA==
X-Microsoft-Antispam-PRVS: <BL0PR01MB402007ADF44C01B845A8EE8DA0B00@BL0PR01MB4020.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220055)(2401047)(8121501046)(10201501046)(3002001)(93006095)(93004095)(3231475)(944501520)(52105112)(6041310)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(201702281529075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:BL0PR01MB4020; BCL:0; PCL:0; RULEID:; SRVR:BL0PR01MB4020;
X-Forefront-PRVS: 09011458FC
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4020; 23:TNwuSS7bwWJXXWLmodSgcz0GVJIgEKCw/BOZYLYWFm9j4VZus+4QvnuR0pZ07fYcYuUX0iACbdhMUHFKzir27tvBrz4OxxDYMQ4hfZv++MDx92CRCaQdfnECCFbA68SBpbjJyayscmnujAVb2tSG/ucncIaw5PZknKfms91hGOiJ4Jda8sae/kn9AxNPyMqL47Hic4zF6gctCbvpLWfdwAIt4cpQuNqADhY8P8E2hHWYEtTmM42eBM2R+KAyLZzCnL1mW+D8KKWIZKqQiQfuhdYun2myYKBv+txI5F4RC4GiW6LtS0E/bpx4EGEsM/GmwWrrz9rUVnTgb7oHZkAlVgJbNlkIdQUT3J0ZIEEDSiJEUHQ9stKGegqVf8yY/OT2Y6qvUTiqS0DudvdzHRPMiGkKgy2jtSlPH8lkpP1MHpMmZ5iH43ge+j2YlYKxg0+ATtJ+7CFdrqpyhQ0id+5Vtj9Y8aLhQc8fcd2DpeiZrPkbF8zwS/8lrJdgajLjpZ4xVisDpabgHA09jC9cDf/MXwZArhjhu45CClcjZnXnjcSDQ30DDCX2YhA4Tr0P20H/N8qZw0/tUW1eyFw5/WtVviJyGcVIIf93wbCaPhTTS/N+NGj3jh4mFaef/scggLDuqu9DjOMVybEXou8xgkRgRpOzEfubp4N3dEe1C3kblydnBR/one8yM4tqZIplcgKFGR1+BNHv5nTiC83oe5Nn49IHjvoEljjRUQI5fcc+9LjrskI6yznHfF5MxhwEXhzR3TPqkpdZnXfTf+P9ku4m6zKcBLPhnU86wmBAs1HxmSw0CyTHFZCaUkhulT4KeIxqkwcSPdpVJo1rFIhojt+9/R73Ian/mYu4kRKqBINmaAvY0od9HTJndJJXeF1dDP9nXAggCObik7lyJXALgKG6E+Smm3QriRdHTjdhHlXLplsq6E94dGHv3dH96Koox4rP++YRy4yuh7goG7LppmxHirzwbNirOhghGbaOPTPNSNCdq1ZxNJ1J8CvKEyc3C9XxXHj2FtHNuN0TaVXnRAQAxIJlnqZQiu6SbX9L3pGmMQ4yQDxDDM8/2oSz0XYQAPKoqPT/AJ4OFO4bnB+zV8QgFuoke7+fix4XX0tPqEQZ+7ZQTXK5H+u6F033Xs/MBE0u3X7f9KxJo278FgTgQ3v5WbmYtXzPp4tNy7UHPRfgMmEfF6W3qxOzIT9fowMfI/xsM0bDw7VJ5kb49niVz+w7iV4fEMJweGGT9/mDbjE6R5LHysOkklHJ1/Wll5TrxsOHvGb3ExN42ti8HRX0PvXE7Q==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: W9wDYdGAM5Y4HJU1MaDMEJaScXDWsgLWKXneOh1821VNzlDZswosgqP1s5HLQyvIBnkEzJ8ka0urIYLWP0i/KjSPkhtHXpq5PcXkwOFXExNnsPDeQISZ1xyiFyJp/lFz5JRqP1cmrPyT0Ms6NlubGOdh34+iI0vUFF4GskJ4kkepVMYequrQPjOQpXSBFqum5vEgnrTTyBN5c08rggwYHOha5X5hzUm7WgnMtnYajYiDFYSGEBs57VGaQD6mAxM0bFq4bEm7zIreYNOePatDyNfdECc3LwY78W3oAZtYCZNq37cdMLBKkwLQlNGvf5m9
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4020; 6:sSuSBzM5SzWw2d454tIm06hOoRGRGQa0X19uJAuTXPBoRL0fj8C59WnT61ca/ACRdk75FBowRiIJZiWBWvI7c+w04A+BeWCS4GEJOhSVfLxCd6EDn+O8wam4KrnzjlO2ncOaXIZ/KBW1aUAZmB0qtK35HmpPBVWScOHfxxnucOeE+RgRrQxzNxccNCm87FouD7CnkMSYPDx+rgQHIm5I6pcHztS15z4SJYYPa1OD6aM+DGEyaa/wd8mIanIzeHG6v3eFIlCNvnUNmC3MRYfTyYKhHj3S8sRm5ZRgpMt1S5YDpTGT5hcJ1muDdA5BLd0xiRny+B2ko0nMys79jkC8aO4bNLoO0lghFwB+DJ9X/bXNcI9NV4giQdupMGbtB4VxsWGcVScDyfoVG3h+NgzotJHRxR0NG0gMHBLSLf9cw2wa8gAmT6/Ak0fu4ms9+n0ZU8tJQqttMsRZz7KefvhyZw==; 5:sgLG/bNTwfilwAhGv37oBqB1sjV3s1w0I6CWh2xw7cfSk/jdYA2F/LO2EfEKWQQFrKSgRCQCYohdEtdPJDxEKffw9X/Lys0JxFWCVoH8nTqijVd5jeao1KhPjYNO2V8LZZhUU1lNlWqJ2l7RoNXsu0lM3m7QkMpB6uaxytlzuG0=; 7:Z+zixdt6ke0VUmhQSy1cdNRi6619W7ZsoXiX2Q2SA9H/l+3DmxUYMLe9pI3ta56lTDAqWMZ9P7hbHKAVodd94CYDQOJuap1QGEFJU5k6pIKCIclH7Tet50DqiYSaDHOTawv0lkbSqjAH1LuqvTUWbg==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Dec 2018 19:03:58.5223 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e118a82-7f29-46a3-b789-08d66dc06377
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4020
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/vJ_cXyBZ67bzAOBMETzvFvYQ6R8>
Subject: Re: [Netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-zerotouch-25: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Dec 2018 19:04:06 -0000

On Mon, Dec 10, 2018 at 09:34:34PM +0000, Kent Watsen wrote:
> 
> Hi Ben,
> 
> Regarding this DISCUSS item:
> 
> >>(3) Nonce length
> >>
> >>Section 7.3 describes the nonce leaf:
> >>
> >>         leaf nonce {
> >>           type binary {
> >>             length "8..32";
> >>
> >>There is probably some discussion to be had about the minimum nonce
> >>length (not necessarily in the document itself).  Do you have a 
> >>pointer handy to previous disucsions or do we need to have it now?
> >>(I do see that this is just following RFC 8366, so hopefully this
> >>is an easy question.)
> >
> >
> > I sent email to my RFC 8366 co-authors, as they were behind setting
> > this min nonce length.  I have yet to hear back from them, but will
> > let you know when I do.
> 
> I received the following response from one of my RFC 8366 co-authors:
> 
>   ===start====
>   I think we wanted something that was big enough to have some 
>   reasonable entropy.  But, we didn't want to force receivers to
>   store too much.
> 
>   More than 32-bytes shouldn't be a problem for most receivers, but
>   we wouldn't expect them to accommodate kilobytes.  The registrar
>   may need to store an index over nonce values for some situations.
>   ===stop===
> 
> Does this resolve this DISCUSS item?

I agree that 32 bytes of entropy should be plenty and we don't want to ask
endpoints to store kilobytes.  My uncertainty is more at the other end,
whether 64 bytes is enough for defending against all the possible attacks
that may be in scope.  In general, it's simplest to just require a 128-bit
(or larger) nonce, but there is certainly a reasonable argument to make
that in some cases 64 bits is enough and the difference is important for
the low-end systems.

For example, if we're only concerned about a device possibly generating the
same nonce value twice, and an attacker storing+replaying the old response,
then 64 bits should be enough.  But if the attacker can (even off-path) try
to spoof response and collide the nonce value to trick the device into
accepting the spoofed reply, then 128 bits are needed, for our usual
security margins.

I don't want to insist that you include a discussion of the various attacks
and security margins in this document, which is not really the place for
it.  But it might be good to recommend at least 16 bytes of nonce (or even
make the minimum bound 16 bytes, if appropriate).

My apologies for not making the concern more clear in the original ballot
position, especially with the long delay cycle for responses.

-Benjamin