[secdir] Secdir early partial review of draft-ietf-netconf-crypto-types-10

Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Tue, 23 July 2019 02:56 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FBF512013E; Mon, 22 Jul 2019 19:56:49 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: netconf@ietf.org, ietf@ietf.org, draft-ietf-netconf-crypto-types.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.99.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Message-ID: <156385060911.22708.13715150809401887999@ietfa.amsl.com>
Date: Mon, 22 Jul 2019 19:56:49 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/nnmvjYbOTrA_gTua7Bs7k081QXs>
Subject: [secdir] Secdir early partial review of draft-ietf-netconf-crypto-types-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 02:56:49 -0000

Review is partially done. Another assignment may be needed to complete it.

Reviewer: Rifaat Shekh-Yusef
Review result: Not Ready

There is the open issue of the proper structure of this YANG model, which was 
discussed with the security ADs and IESG, and still to be discussed with IANA.

Meanwhile, I have the following comments:

Page 6, hash-algorithm_t
Why would you include SHA1 and indicate that it is obsolete? why not just drop it?

Page 8, hash-algorithm-t
Why would the default be 0, i.e. NONE?
I think you should select a minimum algorithm that would be considered acceptable as the default.

page 17, encryption-algorithm-t
Why would you include RC4 algorithms?

page 19, signature-algorithm-t
Why would you include dsa-sha1?

page 40, grouping symmetric-key-grouping, leaf hidden-key { nacm:default-deny-write
If I understand hidden-key, it is a key that is not accessible through this model. 
So, what is this meant to describe?

page 45, grouping symmetric-key-pair-with-cert-grouping, input { leaf subject...
The user of Subject field is discouraged, and the SAN field should be used instead.
Take a look at the following: