IETF Logo Mail Archive

Re: [netconf] crypto-types fallback strategy

tom petch <ietfc@btconnect.com> Tue, 01 October 2019 10:58 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6D6120137 for <netconf@ietfa.amsl.com>; Tue, 1 Oct 2019 03:58:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.247
X-Spam-Level:
X-Spam-Status: No, score=0.247 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSyzvCGxF7_y for <netconf@ietfa.amsl.com>; Tue, 1 Oct 2019 03:58:35 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20100.outbound.protection.outlook.com [40.107.2.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0077120127 for <netconf@ietf.org>; Tue, 1 Oct 2019 03:58:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OikP/n8JEDd2fQBrgpCFpMYk4Blg2kLu6pjnBRJ36cXoIV/pGEwWL3D+VvubUEeHpRi5JSW6jH19lHnOP4N8PChSY5s3/eQW0Kl/lTnEdcY6nec67xe+iXrDE0I0qHIE3VQG7mPtYd78IXedcuZ6GzeKHLs4JmbR/2J1dvhEBYHvZZRkZl4kjy0MeaUWXeohFHc+AHZ02GIyGc/9sRcHr97JAACis09PO+5dcxjQWpKqm8N96c40//IqoiiFWDdC6mOirehDvmVgzPJ4mCSsye87jqjT5zyOM9r6OvFTp0KVxKhD/DOC/CrvyYFP5sPV3pTChbQLadpxmwMrEqRdqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kASPEowH0XYT404PU6iGZVs2bXClrxh19pToy2uYgsI=; b=VDpgSo/gtGaX9jC2mSfvD3WRvEv9JSJFlryTinJ1AUpvEkCDMnvzSY0xjqfzvwVB60rsb0RtGjl1L9BLwkWD5u1XDOp3Lkp19IyHGzhqa6U6nRbr2mPMW0MCcRT5OS3zFfKqgUVETjdyBtDblJxBNIM6GI6vA+gRCqMIOreVpqtufbBN1KXKhIzzjO//+YX1eVmNE5IeSibTxwH8eiJH2Qo/VkP+drhCs7xtXto1qqpOzQvJVxqoSY/0QjMD/8eJz8FCsVkCtZcl9W8NteoAZsE1/0seJcM2uB0K76cKHm3qzZXCtod+819ohXJ5L25/liikoCCGW53x80kMe7VkhA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kASPEowH0XYT404PU6iGZVs2bXClrxh19pToy2uYgsI=; b=wdvRjY0xoBhpKyyGdU5jnlGWXRjJ2JyYaM2iP5hlYBbdt8B2wYXZFRom9t5UVFO4gUdi4g3W4GCUmSFI49khWP32IUF3AzrGS8eCpPCZ8+KVf7dB1nCECnN6exuZd9COsDUq+4P9gmcw5V5iI9D5AAkntKakvMHx0Hq7PvveYeg=
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com (20.178.91.205) by AM6PR07MB5059.eurprd07.prod.outlook.com (20.177.118.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Tue, 1 Oct 2019 10:58:32 +0000
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142]) by AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142%7]) with mapi id 15.20.2327.004; Tue, 1 Oct 2019 10:58:32 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>, Juergen Schoenwaelder <J.Schoenwaelder@jacobs-university.de>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVeEcpxg99sP1vx0ePyapv0CmMzw==
Date: Tue, 01 Oct 2019 10:58:31 +0000
Message-ID: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net>
References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <MN2PR11MB4366E914816F6C3D9515A31DB5890@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <MN2PR11MB4366C30CE4650421CE915840B5810@MN2PR11MB4366.namprd11.prod.outlook.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: CWLP123CA0111.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:5f::27) To AM6PR07MB5944.eurprd07.prod.outlook.com (2603:10a6:20b:90::13)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Microsoft Outlook Express 6.00.2800.1106
x-originating-ip: [86.139.211.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0f706f79-ca5c-4397-26d6-08d7465e4bbf
x-ms-traffictypediagnostic: AM6PR07MB5059:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <AM6PR07MB5059BAA809138347A9092A51A09D0@AM6PR07MB5059.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0177904E6B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(376002)(346002)(136003)(396003)(366004)(39860400002)(13464003)(51444003)(199004)(189003)(8676002)(66066001)(81166006)(81156014)(61296003)(3846002)(6116002)(9686003)(6512007)(6306002)(66574012)(186003)(4326008)(305945005)(2906002)(7736002)(44736005)(66556008)(66476007)(8936002)(5660300002)(14444005)(256004)(66946007)(99286004)(66446008)(64756008)(6486002)(62236002)(1556002)(229853002)(44716002)(71190400001)(71200400001)(316002)(6436002)(4720700003)(52116002)(81816011)(81686011)(966005)(14496001)(478600001)(76176011)(50226002)(386003)(6506007)(53546011)(6246003)(14454004)(476003)(26005)(486006)(446003)(102836004)(86362001)(25786009)(110136005)(74416001)(7726001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR07MB5059; H:AM6PR07MB5944.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Om+hJGwDUYU422Z0GLG6zryYbXiHiLnyJSxL0TFo+TKIjIwie1+TM7zhNXTOPcUTmuDf13t78rT+TJteZi9BC91YqX6e/bB6UpZKbQwXTjLMklhecKbXu+tIXBOj3PQDpNYQNGTGc36TetH25mPbrQLIffl6tQPlKNTdSBdAWCOJurMW47sW9QkPFykrhX11Tuzwm0Rf50qctMqCuiGY2y3jDLmNtIw0PxQnOAFBT1MYG8KqiG1fs2gyP5TUYujgnwkFEyMEdBp1+FIYhIHlyoCoNY5Old+o3vrF6BE410uIDiC3IShLRZ6wiYcYV7iRVeuQuHpRWs9SkHjewB99jbodmjyjpZxdbJ6SvCaQxtyoxrXpA2lItWM5ZylckZL3wcp/jKrf7I+jhw03RSkKAMbp2mo+YYWYiTYvq5/P7xzXCfqAYRl3Xxm+lrEHGHHGfMmcaKXpAr3ck0Fd/ch+9w==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <32A2B77F812E0D4B80FE3D5F902C9620@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f706f79-ca5c-4397-26d6-08d7465e4bbf
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2019 10:58:31.2350 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1g43MHX0LYpFUsoEVXsavQ5zVjJpbtpqBtN3yLKdGhWYv2Z3QcKL8KLWbGEVfy5nYurTl+SGrlEPyn3DrFEcXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5059
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/vjcP-HWXiYPRYxO9qqdvVPhtKc8>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 10:58:38 -0000

<inline tp>

----- Original Message -----
From: "Kent Watsen" <kent+ietf@watsen.net>
To: "Juergen Schoenwaelder" <J.Schoenwaelder@jacobs-university.de>
Cc: <netconf@ietf.org>; <wang.haiguang.shieldlab@huawei.com>;
<rifaat.ietf@gmail.com>
Sent: Tuesday, October 01, 2019 1:38 AM

> On Sep 27, 2019, at 1:46 PM, Schönwälder, Jürgen
<J.Schoenwaelder@jacobs-university.de> wrote:
>
> On Fri, Sep 27, 2019 at 03:53:51PM +0000, Rob Wilton (rwilton) wrote:
>> I basically agree with what Martin is saying.
>
> So do I.

Hmmm...

>> Either one YANG module containing all of the crypto identities, or a
few YANG modules as previously suggested.
>
> It may make sense to split by security protocol.

That would go some towards addressing Rich's concern.  Presumably we
would have one module each for SSH  and TLS algorithms.  That said, to
Rich's concern, there is a constant churn with them.  This churn
concerns two activities:  the removal and addition of algorithms.  Both
occur at protocol-version boundaries and, perhaps, other times as well.
This suggests to me that we could further refine the identities by
protocol version, something like this:

In ietf-crypto-types:

    identity base-alg {}
    identity tls-alg { base "base-alg" }
    identity ssh-alg { base "base-alg" }

In ietf-tls-1.1-types:

    identity tls-1.1-alg { base "ct:tls-alg" }
    <a bunch of tls-1.1 identities here>

In ietf-tls-1.2-types:

    identity tls-1.2-alg { base "ct:tls-alg" }
    <a bunch of tls-1.2 identities here>

etc.

<tp>

Kent

I am not sure how this can work. TLS has ciphersuites, rather than
algorithms, albeit which are combinations of algorithms.  Taking TLS1.2,
RFC5246, the ciphersuite is a combination of KEX, cipher, MAC leading to
e.g. TLS_RSA_WITH_AES_128_CBC_SHA
(which is MTI).

Separately, it has a signature algorithm and hash algorithm registry
which may be relevant, depending on the ciphersuite; these fit rather
better with the approach of this model.

Looking at the IANA registry of Transport Layer Security Cipher Suites
gives (to me) a good sense of how this has evolved from a base list for
TLS1.2 in RFC5246 with RFC5932 then adding Camellia, RFC5288 AES GCM
while RFC6289 updates the use of ECC, RFC5487 adds PSK with AES GCM,
RFC7251 adds AES-CCM, RFC7905 adds CHACHA20 and so on.  It is a long
list, extended many times.  TLS 1.3 is, so far, a shorter list.

So is your list of all the ciphersuites or multiple lists of the
algorithms that
underpin them?

It comes back to what is going to use this module. Whenever I see TLS, I
see ciphersuites first and foremost, not algorithms.

SSH is different, with KEX method names, authentication method names
encryption algorithm names and so on, with far fewer of them, a better
fit for this model.  But then SSH includes the Diffie-Hellman group in
the KEX name where TLS puts that in an extension - not the
ciphersuite -for TLS1.3 so the concept of a KEX is a bit different.

Tom Petch

Updates only to the specific module would be needed.   The updates would
only need to support new algorithms (not to remove support for legacy
algorithms), as a different mechanism can be used for a server to
advertise which algorithms it actually supports (on a more granular
level).

One issue not addressed is defining the identities for the algorithms
used to encrypt other keys in the keystore.   At least, neither SSH or
TLS are involved.  However, both the keystore and TLS use "ASN.1" and
so, somehow, the keystore may be encrypting with "TLS" (really ASN.1)
keys already... (requires more analysis)


>> If advertising the specific identities is important, then a per
identity if-feature could be used, although I'm not entirely sure that
one feature per identity is really a great option either, but I think
that this would be better than one per module.
>
> Why not instead have a config false list of algorithms supported? Once
> we have solved this problem generically, this list may get deprecated.

I like this idea, but it means that ietf-crypto-types, where this config
false list would be defined, presumably, would then have protocol
accessible nodes and, to the point, may be odd for a "types" module to
define.   Thoughts?  - a "config false" list okay?


Rich, does any of this line of thinking address your concern?  - or
maybe you liked more my previous idea of using IANA registries?

Kent // contributor






------------------------------------------------------------------------
--------


> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
>

v2.23.0 | Report a Bug | By Email