IETF Logo Mail Archive

Re: Kathleen Moriarty's Discuss on draft-ietf-rtgwg-yang-key-chain-20: (with DISCUSS and COMMENT)

Adam Roach <adam@nostrum.com> Wed, 26 April 2017 18:42 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EBB813159D; Wed, 26 Apr 2017 11:42:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OLCeEOeP2WDE; Wed, 26 Apr 2017 11:42:17 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F06BB13159C; Wed, 26 Apr 2017 11:42:16 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v3QIgEfw068777 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 26 Apr 2017 13:42:15 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-rtgwg-yang-key-chain-20: (with DISCUSS and COMMENT)
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: jefftant.ietf@gmail.com, rtgwg-chairs@ietf.org, draft-ietf-rtgwg-yang-key-chain@ietf.org, rtgwg@ietf.org
References: <149322447211.30122.5870367500760951821.idtracker@ietfa.amsl.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <f366eb05-b82c-123e-d0ca-8701fe16a469@nostrum.com>
Date: Wed, 26 Apr 2017 13:42:14 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.0.1
MIME-Version: 1.0
In-Reply-To: <149322447211.30122.5870367500760951821.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/Mn8kc6iAlWUvsw2_s9xr6Os8BnU>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 18:42:18 -0000

On 4/26/17 11:34 AM, Kathleen Moriarty wrote:
> Since the following text int he Security Considerations section is a
> recommendation, IMO it would be better to drop "or otherwise obfuscated"
> from the sentence as encrypting the keys really should be the
> recommendation.  Can we make this update?
>
>     It is RECOMMENDED that keys be encrypted or otherwise obfuscated
> when
>     stored internally on a network device supporting this specification.
>
> If obfuscation is what happens more often in practice, maybe mention this
> as a fallback from the recommendation, but not make them sound
> equivalent?


To be clear -- the current guidance from the security area is to perform 
this kind of encryption, where you have encrypted material living 
side-by-side with the key necessary to decrypt it?

/a

v2.23.0 | Report a Bug | By Email