Re: [saag] advice on key table YANG module
Ing-Wher Chen <ing-wher.chen@ericsson.com> Tue, 27 October 2015 14:30 UTC
Return-Path: <ing-wher.chen@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D47311A8A71 for <saag@ietfa.amsl.com>; Tue, 27 Oct 2015 07:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FlxVo-7qxDS for <saag@ietfa.amsl.com>; Tue, 27 Oct 2015 07:30:50 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5AC91A8A72 for <saag@ietf.org>; Tue, 27 Oct 2015 07:30:50 -0700 (PDT)
X-AuditID: c618062d-f79ef6d000007f54-2b-562f29b1af28
Received: from EUSAAHC008.ericsson.se (Unknown_Domain [147.117.188.96]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 89.67.32596.1B92F265; Tue, 27 Oct 2015 08:37:21 +0100 (CET)
Received: from EUSAAMB109.ericsson.se ([147.117.188.126]) by EUSAAHC008.ericsson.se ([147.117.188.96]) with mapi id 14.03.0248.002; Tue, 27 Oct 2015 10:30:30 -0400
From: Ing-Wher Chen <ing-wher.chen@ericsson.com>
To: Russ Housley <housley@vigilsec.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Thread-Topic: [saag] advice on key table YANG module
Thread-Index: AdEHa2C3hAv6HkiXTLGDc5zfi/cgWAI63KqAAAAdpwAAGyeIwA==
Date: Tue, 27 Oct 2015 14:30:30 +0000
Message-ID: <BF6E0BD839774345977891C597F8B50C2138A9D9@eusaamb109.ericsson.se>
References: <BF6E0BD839774345977891C597F8B50C213688C7@eusaamb109.ericsson.se> <562E9B0F.2050309@cs.tcd.ie> <68F2376B-4E59-476B-A6FE-099FEBD7A298@vigilsec.com>
In-Reply-To: <68F2376B-4E59-476B-A6FE-099FEBD7A298@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjkeLIzCtJLcpLzFFi42KZXLonQXejpn6YwdFPqhavXtxkt2jYmW8x pb+TyWL63mvsDiwea7uvsnnsnHWX3WPJkp9MHqvufGENYInisklJzcksSy3St0vgyvg37yZz wTTpirt7xBsYv4p2MXJySAiYSLyf1c4CYYtJXLi3nq2LkYtDSOAIo8Satc+hnOWMEo2vz7GD VLEJGEhs+LiFCcQWEehjlLh/qw7EZhaQlWjqOAsWFxYwlujv2QBVYyJxYN0aZgjbSWLxkqtg NouAqsTnm5sZQWxeAV+J6xNPMkIsW8QoMW32ZtYuRg4OTgEHidunskBqGIGu+35qDRPELnGJ W0/mM0FcLSCxZM95ZghbVOLl43+sELaSxKSl51gh6nUkFuz+xAZha0ssW/iaGWKvoMTJmU9Y JjCKzUIydhaSlllIWmYhaVnAyLKKkaO0OLUsN93IYBMjMJaOSbDp7mDc89LyEKMAB6MSD+8H e70wIdbEsuLK3EOMEhzMSiK8Pdn6YUK8KYmVValF+fFFpTmpxYcYpTlYlMR59y+5HyokkJ5Y kpqdmlqQWgSTZeLglGpgTF8W8k/rw8PHZmymMVuL3/9S80vw2b/qobHRy6dzTjVbnQvW/ZF9 dcaBn3PbD8eEz523cFnYriep31V0d+6e/6zF6vgDxTkNs2695GeczhhXHjBnoYBd5f1Nv3yP Zj5evHidn7RV8vxzWVsvydROWef8XJJx59kX7+/MvLBL9ZCd6qLNe8otHe8rsRRnJBpqMRcV JwIA1bfyeKECAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/lhJ6TWbANBGPfVJhHnmt7X1zK40>
Cc: IETF SAAG <saag@ietf.org>
Subject: Re: [saag] advice on key table YANG module
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 14:30:55 -0000
Thanks in advance, Russ. In terms of which version will/should move forward, here's a little more background and some questions for the SAAG mailing list. The two YANG modules are key-chain [1] (based on existing implementations) and key-table [2] (based on RFC 7210 [3]). The two are not identical, but they have the same purpose---to manage routing protocol keys, and so only one is necessary. I'd like some feedback from the mailing list for the following questions: Does the security community care how the keys are managed? Is there a technical reason for keys to be managed and configured exactly as described in RFC 7210? If there is a reason, I'll continue to work on key-table YANG module to address the concerns that came up a few months ago and try to make another argument for choosing key-table. (I have an update that attempts to address some of those concerns, but I haven't submitted it because I'm not sure if it's necessary.) There's a lot of interest in key-chain because there are existing implementations, although all of the implementations date from before the publication of RFC 7210. (This is just my opinion, but because of the existing implementations, key-chain is unlikely to be dropped, unless there's a compelling reason to drop it.) If the current thinking is that key-chain is also a reasonable approach to manage keys and is equivalent to key-table, then it is easier to just improve and standardize key-chain. [1] <https://datatracker.ietf.org/doc/draft-acee-rtg-yang-key-chain/> [2] <http://datatracker.ietf.org/doc/draft-chen-rtgwg-key-table-yang/> [3] <https://tools.ietf.org/html/rfc7210> Thanks, Helen > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: Monday, October 26, 2015 5:32 PM > To: Stephen Farrell; Kathleen Moriarty > Cc: Ing-Wher Chen; IETF SAAG; Alvaro Retana; Deborah Brungard; Alia Atlas > Subject: Re: [saag] advice on key table YANG module > > I'd be willing to hel with the work related to RFC 7210 if that is the one that > will move forward. > > Russ > > > On Oct 26, 2015, at 5:28 PM, Stephen Farrell wrote: > > > > > Hi all, > > > > If folks have input to offer on this one I'm sure the authors would > > appreciate that. > > > > Thanks, > > S. > > > > On 15/10/15 18:03, Ing-Wher Chen wrote: > >> Dear Security ADs, > >> > >> Currently, RTGWG is trying to define a key management YANG module. > >> There are two competing key management YANG modules, one organizes > >> keys into key chains [1], and the other organizes keys as a key table > >> [2] based on RFC 7210 [3]. Several implementations take the first > >> approach, the key chain approach, and they were developed long before > >> the publication of RFC 7210. > >> > >> I was wondering if there is a need to continue both key-chain and > >> key-table YANG modules in parallel? More specifically, is there a > >> need to continue to work on the key-table YANG module? > >> > >> Thanks, Helen > >> > >> [1] > >> <https://datatracker.ietf.org/doc/draft-acee-rtg-yang-key-chain/> > >> > >> [2] > >> <http://datatracker.ietf.org/doc/draft-chen-rtgwg-key-table-yang/> > >> > >> [3] <https://tools.ietf.org/html/rfc7210> > >> > > > > _______________________________________________ > > saag mailing list > > saag@ietf.org > > https://www.ietf.org/mailman/listinfo/saag
- Re: [saag] advice on key table YANG module Stephen Farrell
- Re: [saag] advice on key table YANG module Russ Housley
- Re: [saag] advice on key table YANG module Ing-Wher Chen
- Re: [saag] advice on key table YANG module RJ Atkinson