Re: [netmod] Adoption of: draft-bjorklund-netmod-snmp-cfg-02 (respondby 20120420)
"Randy Presuhn" <randy_presuhn@mindspring.com> Mon, 16 April 2012 18:55 UTC
Return-Path: <randy_presuhn@mindspring.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E75D11E809D for <netmod@ietfa.amsl.com>; Mon, 16 Apr 2012 11:55:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.092
X-Spam-Level:
X-Spam-Status: No, score=-100.092 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVZhQ9aaZNIN for <netmod@ietfa.amsl.com>; Mon, 16 Apr 2012 11:55:44 -0700 (PDT)
Received: from elasmtp-banded.atl.sa.earthlink.net (elasmtp-banded.atl.sa.earthlink.net [209.86.89.70]) by ietfa.amsl.com (Postfix) with ESMTP id 9D93321F85B6 for <netmod@ietf.org>; Mon, 16 Apr 2012 11:55:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=SmgeyVGjHS66Wtnekok4/N9t/td4v36i1rpCLW2uLgy1dW7RZyZSmFABTjKSASTn; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [99.187.237.246] (helo=oemcomputer) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <randy_presuhn@mindspring.com>) id 1SJr5T-0000OJ-DH for netmod@ietf.org; Mon, 16 Apr 2012 14:55:43 -0400
Message-ID: <000401cd1c02$aedace60$6b01a8c0@oemcomputer>
From: Randy Presuhn <randy_presuhn@mindspring.com>
To: netmod@ietf.org
References: <20120416084607.GB9989@nsn.com><002f01cd1bf7$18f9ab60$6b01a8c0@oemcomputer> <20120416.202832.486818825.mbj@tail-f.com>
Date: Mon, 16 Apr 2012 11:56:49 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
X-ELNK-Trace: 4488c18417c9426da92b9037bc8bcf44d4c20f6b8d69d8882951211ce6890f88b99e300c5c6fdcf19776b971966cde5a350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 99.187.237.246
Subject: Re: [netmod] Adoption of: draft-bjorklund-netmod-snmp-cfg-02 (respondby 20120420)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 18:55:45 -0000
Hi - > From: "Martin Bjorklund" <mbj@tail-f.com> > To: <randy_presuhn@mindspring.com> > Cc: <netmod@ietf.org> > Sent: Monday, April 16, 2012 11:28 AM > Subject: Re: [netmod] Adoption of: draft-bjorklund-netmod-snmp-cfg-02 (respondby 20120420) ... > The current draft specifies that only the localized key is ever stored > in the config data store. I don't understand how that would > undercut the security of all managed devices in an administrative > domain. Allowing a password (rather than a (localized) key) to be delivered to a (potentially compromised) managed device undercuts the security of all managed devices in the administrative domain. One of the reasons for using localized keys is to prevent the managed devices from being able to have a way to figure out the keys of other devices. I should allow a device to see a password only if I am willing to entrust the security of my entire network to that device. > Nevertheless, it would be great to discuss alternative solutions to > the problem (configuring keys). > > We have a proprietary solution for storing "sensitive information" > like this, and that is to store locally encrypted values. However, > this requires the encryption key to be stored somehow, and it cannot > be part of the config itself. Thus, an extra step is needed in order > to replace a device with a backup cofig; first somehow (off line > typically) enter the same passphrase as was used for the old device, > then copy-config the backup. Another security property of USM that the proposal loses is that with USM, even if the key update occurs in the clear, an evesdropper won't know what the new key is unless the evesdropper already knew the old key. I'm sure the folks who do key storage will have lots of ideas about how to implement something on the neconf client side, but the point is that the netconf server, if that is understood as the managed device, should never be given a password rather than a (localized) key. Randy
- [netmod] Adoption of: draft-bjorklund-netmod-snmp… David Kessens
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Randy Presuhn
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Martin Bjorklund
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Randy Presuhn
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Martin Bjorklund
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Randy Presuhn
- Re: [netmod] Adoption of: draft-bjorklund-netmod-… Wes Hardaker