IETF Logo Mail Archive

Re: [netconf] WGLC on draft-ietf-netconf-over-tls13

Sean Turner <sean@sn3rd.com> Fri, 10 March 2023 17:52 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04314C151547 for <netconf@ietfa.amsl.com>; Fri, 10 Mar 2023 09:52:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vHpD7xgH-7p for <netconf@ietfa.amsl.com>; Fri, 10 Mar 2023 09:52:09 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60254C14CF15 for <netconf@ietf.org>; Fri, 10 Mar 2023 09:52:09 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id y10so6633678qtj.2 for <netconf@ietf.org>; Fri, 10 Mar 2023 09:52:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; t=1678470728; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=D9EVvU5FUeh02hKzqnCkO1Fo6XiMU/xi4cBGkv7ISeU=; b=XWaXnOr/LJ/vGiQlx9mtg7rWIbMtEjiByL9UmhGKMQkvjM2/LTU2wQGspVfRNAA/CK o/aBT4u3XQfo4rdrmEclkGI4puExRUhG6H7C1ru2IxcMVJLvcjPuo73Pdo1pbOBfiAtv F1Q5lHSo5AlWz0T8HwgMeYPVoSFZu+yw92Fmw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678470728; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D9EVvU5FUeh02hKzqnCkO1Fo6XiMU/xi4cBGkv7ISeU=; b=T/lOsiVEW+zXaySm2UEW+qhXVgwW3awrf6EDSmjBpYZ5xN7D6DHc+wMhTbvyZuVJgY 8I4QM4fpaG06e2UvasMsWfH1uoBEfiELPmMca5VBKGcuDkl/ticOSgZNroaba5Kf5fL/ PgTt8L0PpovTQdZVdOX9Ay77So9cPB2mJu9LWleID3y70KgtBGiZwTC3tlKrhluKLThH xbSm1m0uyKIgythOlX/LNu8J7gA5M0TwjRxVr5r7mOHA88/OA2FK4a2+bvAclCqtbAB3 bw2XoViQ80NQ1NQsoasUs+eQVZpK8eB5jqMiszYLpGe1NEKAxngky9kEQ+sax5F39tzm JW6A==
X-Gm-Message-State: AO0yUKVX9RJbMVUx8BiP9PInE063pGLKqxV0QxTNnetNMJR+JFaDM2ds 2nEBrYJ0RtKxk51sNcTEB4osXRUC1bTrRu/tiiU=
X-Google-Smtp-Source: AK7set8B0/39TTpKf4sYfBupqzxAzbJSMURovW/lQMldLuCWoJ9YH9yvm/KuVdcO81tSsY8sIcTLmg==
X-Received: by 2002:a05:622a:1106:b0:3bd:1835:b001 with SMTP id e6-20020a05622a110600b003bd1835b001mr45680809qty.20.1678470728136; Fri, 10 Mar 2023 09:52:08 -0800 (PST)
Received: from smtpclient.apple (pool-68-238-162-47.washdc.fios.verizon.net. [68.238.162.47]) by smtp.gmail.com with ESMTPSA id y26-20020a37f61a000000b007436d0c60ecsm193647qkj.65.2023.03.10.09.52.07 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Mar 2023 09:52:07 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.14\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20230309073916.hqibajbof2jogzdf@anna>
Date: Fri, 10 Mar 2023 12:52:06 -0500
Cc: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>, Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F05FD86-06F4-441F-8D97-02D59BCDABE2@sn3rd.com>
References: <01000185988718f9-8bf57d79-4101-4bfb-a8a9-063e7d56e858-000000@email.amazonses.com> <20230125143234.vrygt7h34codgs2c@anna> <09E3A8B3-91B8-4ACA-8E9C-792E4DBCD62F@sn3rd.com> <32062DC3-D84E-4BAB-9BF1-5B12DFF0D987@sn3rd.com> <20230309073916.hqibajbof2jogzdf@anna>
To: Jürgen Schönwälder <jschoenwaelder@constructor.university>
X-Mailer: Apple Mail (2.3654.120.0.1.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/wpyAltmOm-Lm_ymJQwI8XnKWeWo>
Subject: Re: [netconf] WGLC on draft-ietf-netconf-over-tls13
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 17:52:14 -0000

I opted for the concrete advice because chances are when there is a TLS version > 1.3 the cipher are going to change anyway. I marked that comment as resolved.

I have to note that on further reflection, I think we can’t keep the TLS 1.2 MTI,  and instead have to pick from one of the cipher suites in RFC 9325. We picked TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Rationale being:

1. We probably cannot differ from RFC 9325; it’s a newly minted BCP. I can see why RFC 7589 did - maybe it got into/through the RFC editor’s queue before RFC 7525 did. But now that it’s almost 8 years since RFC 7525 was published, I just can’t think of a reason that will hold water with the IESG.

2. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 has the same primitives as the TLS 1.3 MTI algorithm. I.e., it’s setting up for success.

The MTI algorithm change is really the point we need to agree on either on the list or during the session at IETF 116.

Cheers,
spt

> On Mar 9, 2023, at 02:39, Jürgen Schönwälder <jschoenwaelder@constructor.university> wrote:
> 
> Future proofing is always hard since we do not know the future. I
> meanwhile find concrete advice more effective than generalized advice
> - but I might have answered differently some 20 years ago. ;-)
> 
> That said, I am fine with both versions (with a slight preference for
> concrete advice over generalized advice).
> 
> /js
> 
> On Wed, Mar 08, 2023 at 09:00:43PM -0500, Sean Turner wrote:
>> Jürgen,
>> 
>> I am about to start landing these PRs and just wanted to confirm that what you were thinking about in terms of an “update” to RFC 7589 is captured by:
>> https://github.com/netconf-wg/netconf-over-tls13/pull/11
>> 
>> spt
>> 
>>> On Feb 9, 2023, at 13:32, Sean Turner <sean@sn3rd.com> wrote:
>>> 
>>> Jürgen,
>>> 
>>> Thanks for your review. Responses below.
>>> 
>>> I’ll let these and the other PRs settle for a week before merging.
>>> 
>>> spt
>>> 
>>>> On Jan 25, 2023, at 09:32, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> wrote:
>>>> 
>>>> On Mon, Jan 09, 2023 at 09:54:28PM +0000, Kent Watsen wrote:
>>>>> We are starting a 2 week WGLC on:
>>>>> 	- draft-ietf-netconf-over-tls13-01. 
>>>>> 
>>>>> The document can be found here:
>>>>> 	https://datatracker.ietf.org/doc/draft-ietf-netconf-over-tls13
>>>>> 
>>>>> Please respond on this thread indicating your support or concerns about why this document should/should not be adopted.
>>>>> 
>>>>> We are particularly interested in statement of the form:
>>>>> 	- I have reviewed the draft and found no issues. 
>>>>> 	- I have reviewed the draft and found the following issues …
>>>>> 
>>>>> This WGLC will conclude on Monday, January 23.   
>>>> 
>>>> I have reviewed the document and I believe that what it is technically
>>>> aims to achieve is OK and on track but the document itself is not ready.
>>>> 
>>>> - Does this document formally update RFC 7589? I am aware that updates
>>>> means many different things (extending, depending-on, rewriting
>>>> parts) so I should probably not even ask this question. ;-) But my
>>>> gut feeling is that you really want a formal Updates: RFC 7589 here.
>>> 
>>> We were purposely trying to avoid updating RFC 7589, because we were trying to stay out of picking the MTI protocol. But based on a suggestion in UTA about how to deal with a similar update for syslog, I think we could follow the recommendations in RFC 9325 and not have to get embroiled in a lengthy debate because RFC 9235 is BCP 195:
>>> 
>>> *  Implementations MUST support TLS 1.2 [RFC5246].
>>> *  Implementations SHOULD support TLS 1.3 [RFC8446] and, if
>>> implemented, MUST prefer to negotiate TLS 1.3 over earlier
>>> versions of TLS.
>>> 
>>> The following PR includes the proposed changes:
>>> https://github.com/netconf-wg/netconf-over-tls13/pull/11
>>> 
>>> The change of course opens a can worms. Do we change the TLS1.2 MTI cipher suite? The MTI cipher suites based on this RFC 7589 (and this PR) is TLS_RSA_WITH_AES_128_CBC_SHA. There is no chance that cipher suites makes it through the IESG at this point. We could change it to what’s in RFC 9325. I understand why RFC 7589 did not make the 7525 recommendations a MUST; when RFC 7589 was published, RFC 7525 was pretty new. However, it’s been almost 8 years since then so I am hoping some of the recommendations, 2 of the four recommended in 2015 are still there, are widely supported. If that’s the case then maybe the 1st para should be:
>>> 
>>> Implementations MUST support TLS 1.2 {{RFC5246}}. The mandatory-to-implement
>>> cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Implementations
>>> SHOULD follow the recommendations given in [RFC9325].
>>> 
>>>> - As already noted by others, there is colloquial discussion around
>>>> Section 9.1 of I-D.ietf-tls-rfc8446bis in the document that one
>>>> would not expect in a WG last call document.
>>> 
>>> Yep deleting it. The section kind of did it’s job, i.e., “made you look” :)
>>> The following PR removes it:
>>> https://github.com/netconf-wg/netconf-over-tls13/pull/7
>>> 
>>>> - In the Security Considerations, what does 'please review" really
>>>> mean? Is it required or expected to do what the referenced documents
>>>> say or are these just some reading suggestions that can be ignored?
>>>> I would prefer to see much clearer guidelines, in particular since
>>>> we talk about security.
>>> 
>>> I guess this didn’t bother me as much as some, when I read “the security considerations of RFCxyz apply” that’s pretty much the same thing as "Please review  RFCxyz”. But, I can swap it out for the more common language. Note that because it’s an update, the security considerations actually got a lot shorter because we copied a lot them over. Here’s a PR to address this:
>>> https://github.com/netconf-wg/netconf-over-tls13/pull/10
>>> 
>>>> - Editorial: Fix the following "describes defines" double verb.
>>> 
>>> Please see:
>>> https://github.com/netconf-wg/netconf-over-tls13/pull/9
>>> 
>>>> /js
>>>> 
>>>> -- 
>>>> Jürgen Schönwälder              Constructor University Bremen gGmbH
>>>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
>>>> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
>>>> 
>>>> _______________________________________________
>>>> netconf mailing list
>>>> netconf@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/netconf
>>> 
>> 
> 
> -- 
> Jürgen Schönwälder              Constructor University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://constructor.university/>

v2.23.0 | Report a Bug | By Email