[secdir] Secdir last call review of draft-ietf-netconf-sztp-csr-11

Yaron Sheffer via Datatracker <noreply@ietf.org> Wed, 17 November 2021 18:59 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-netconf-sztp-csr.all@ietf.org, last-call@ietf.org, netconf@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <163717559932.18384.2156774121641934785@ietfa.amsl.com>
Reply-To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Wed, 17 Nov 2021 10:59:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/I9GpSAAbZ5yDYp_NJuBbzAX-vj4>
Subject: [secdir] Secdir last call review of draft-ietf-netconf-sztp-csr-11

Reviewer: Yaron Sheffer
Review result: Has Issues

This draft defines a mechanism for a device, when it first starts, to generate
a CSR to get itself provisioned with one or more certificates it needs to
identify itself during its normal operation.

* I was confused that the document starts out describing a generic cert request
mechanism. Then deep into the YANG modules, it turns out that there is guidance
(only?) for very specific types of certs, namely LDevID and IDevID. And the
choice is non-orthogonal: it is unclear what is the guidance for other certs
when using CMC and CMP, and conversely, whether these two certs can be
generated with a PKCS#10 CSR.

* I suggest adding a Security Considerations section about the need for strong
randomness, which is often unavailable to small embedded devices at the early
stages of provisioning. I wish we were more successful with: 
https://datatracker.ietf.org/doc/html/draft-sheffer-dhc-initial-random-00

* Negotiation (?) of the CSR format and supported algorithms is unclear in Sec.
2.2: is it the client that provides the values it supports and the server picks
one? Alternatively, is the list conveyed by the server in the error-info and so
the client knows exactly what is supported? IOW, why include these values at
all in error-info?

* It is not clear from Sec. 2.2 how exactly the client is supposed to associate
one of possibly multiple received certificates to the CSR it just sent out.
Surely it is not expected to grep for the string "Newly-Generated"?

* 2.3: the description of "error-info" still does not specify if the server
should list all CSR format and algorithms it supports.

* Is there really need to support 3 different CSR formats?

* Where does the client indicate which cert is wants to receive based on this
CSR, e.g. "this CSR is for a LDevID"? Is this information embedded in the CSR
itself?

* Is RFC 2986 (published Nov. 2000) the best reference for an
AlgorithmIdentifier? Is there no IANA registry we could reference instead?

* When talking about algorithm matching, I suggest changing "It is an error
if..." into normative text, "The recipient MUST reject...".

* "Details for how to generate a new private key and associate a new identity
certificate are outside the scope of this document." - This is rather
disappointing, since we just RECOMMENDED to regenerate certs periodically (and
given that IOT devices often lack HSMs).

[secdir] Secdir last call review of draft-ietf-ne… Yaron Sheffer via Datatracker
Re: [secdir] Secdir last call review of draft-iet… Kent Watsen
Re: [secdir] Secdir last call review of draft-iet… Yaron Sheffer
Re: [secdir] Secdir last call review of draft-iet… Russ Housley
Re: [secdir] Secdir last call review of draft-iet… Yaron Sheffer
Re: [secdir] Secdir last call review of draft-iet… Russ Housley
Re: [secdir] Secdir last call review of draft-iet… Yaron Sheffer
Re: [secdir] [Last-Call] Secdir last call review … Russ Housley
Re: [secdir] [Last-Call] Secdir last call review … Yaron Sheffer
Re: [secdir] Secdir last call review of draft-iet… Kent Watsen
Re: [secdir] Secdir last call review of draft-iet… Yaron Sheffer
Re: [secdir] [Last-Call] Secdir last call review … Benjamin Kaduk