IETF Logo Mail Archive

Re: [netmod] Adoption of: draft-bjorklund-netmod-snmp-cfg-02 (respondby 20120420)

Martin Bjorklund <mbj@tail-f.com> Mon, 16 April 2012 18:28 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCBE521F8724 for <netmod@ietfa.amsl.com>; Mon, 16 Apr 2012 11:28:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RF0JL2nbT9Ds for <netmod@ietfa.amsl.com>; Mon, 16 Apr 2012 11:28:36 -0700 (PDT)
Received: from mail.tail-f.com (de-2007.d.ipeer.se [213.180.74.102]) by ietfa.amsl.com (Postfix) with ESMTP id C7BFB21F85EA for <netmod@ietf.org>; Mon, 16 Apr 2012 11:28:35 -0700 (PDT)
Received: from localhost (c213-100-166-57.cust.tele2.se [213.100.166.57]) by mail.tail-f.com (Postfix) with ESMTPSA id 93A0D12008BF; Mon, 16 Apr 2012 20:28:33 +0200 (CEST)
Date: Mon, 16 Apr 2012 20:28:32 +0200
Message-Id: <20120416.202832.486818825.mbj@tail-f.com>
To: randy_presuhn@mindspring.com
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <002f01cd1bf7$18f9ab60$6b01a8c0@oemcomputer>
References: <20120416084607.GB9989@nsn.com> <002f01cd1bf7$18f9ab60$6b01a8c0@oemcomputer>
X-Mailer: Mew version 6.3.51 on Emacs 23.3 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: netmod@ietf.org
Subject: Re: [netmod] Adoption of: draft-bjorklund-netmod-snmp-cfg-02 (respondby 20120420)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 18:28:36 -0000

Hi,

"Randy Presuhn" <randy_presuhn@mindspring.com> wrote:
> Hi -
> 
> While I suppose it's inevitable that this work will happen, I am
> nonetheless horrified by the way the I-D proposes that keys
> (and worse still, "passwords") be handled.  This approach
> completely undermines the design of USM for preventing
> the compromise of one managed device causing the keys
> for another device to be revealed.  The configuration management
> of keying material needs to be carefully separated from the
> rest, and needs to be done in a way that does not undercut
> the security of *all* managed devices in an administrative domain.

The current draft specifies that only the localized key is ever stored
in the config data store.  I don't understand how that would
undercut the security of all managed devices in an administrative
domain.

Nevertheless, it would be great to discuss alternative solutions to
the problem (configuring keys).

We have a proprietary solution for storing "sensitive information"
like this, and that is to store locally encrypted values.  However,
this requires the encryption key to be stored somehow, and it cannot
be part of the config itself.  Thus, an extra step is needed in order
to replace a device with a backup cofig; first somehow (off line
typically) enter the same passphrase as was used for the old device,
then copy-config the backup.


/martin

v2.23.0 | Report a Bug | By Email