Re: [secdir] Secdir review of draft-ietf-rtgwg-yang-key-chain-17
Vincent Roca <vincent.roca@inria.fr> Wed, 12 April 2017 06:44 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3AD127275; Tue, 11 Apr 2017 23:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qB-v4L6HkxQv; Tue, 11 Apr 2017 23:44:43 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048B81289C3; Tue, 11 Apr 2017 23:44:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.37,189,1488841200"; d="scan'208,217";a="220157433"
Received: from demeter.inrialpes.fr ([194.199.28.3]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Apr 2017 08:44:39 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Message-Id: <4E48D017-68C1-41C1-A7B8-6F09C22D2859@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_915C8989-7FFA-4504-A7F9-6D4F186E7F28"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 12 Apr 2017 08:44:39 +0200
In-Reply-To: <D51117B0.A8083%acee@cisco.com>
Cc: Vincent Roca <vincent.roca@inria.fr>, IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-rtgwg-yang-key-chain.all@ietf.org" <draft-ietf-rtgwg-yang-key-chain.all@ietf.org>, "Brian Weis (bew)" <bew@cisco.com>
To: "Acee Lindem (acee)" <acee@cisco.com>
References: <7B34A968-7AC9-4CBA-9F84-61AB90EDF65F@inria.fr> <D5111166.A8060%acee@cisco.com> <342F77BA-C6E4-4865-9D98-A2923312D80A@inria.fr> <D51117B0.A8083%acee@cisco.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/phHDEqIXA8boVYSe1om4HEH5sJM>
Subject: Re: [secdir] Secdir review of draft-ietf-rtgwg-yang-key-chain-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 06:44:46 -0000
Hello Acee, Thanks for the update of your document: https://tools.ietf.org/html/draft-ietf-rtgwg-yang-key-chain-18 <https://tools.ietf.org/html/draft-ietf-rtgwg-yang-key-chain-18> I missed it when reading your previous version, but using MD5 and HMAC SHA 1 in the examples of appendix A is a very bad idea that will trigger negative comments from IESG. Please remove them. Furthermore you’ll also be in line with your new recommendations of Section 5. Cheers, Vincent > Le 10 avr. 2017 à 17:14, Acee Lindem (acee) <acee@cisco.com> a écrit : > > Hi Vincent, > > From: Vincent Roca <vincent.roca@inria.fr <mailto:vincent.roca@inria.fr>> > Date: Monday, April 10, 2017 at 11:02 AM > To: Acee Lindem <acee@cisco.com <mailto:acee@cisco.com>> > Cc: Vincent Roca <vincent.roca@inria.fr <mailto:vincent.roca@inria.fr>>, IESG <iesg@ietf.org <mailto:iesg@ietf.org>>, "secdir@ietf.org <mailto:secdir@ietf.org>" <secdir@ietf.org <mailto:secdir@ietf.org>>, "draft-ietf-rtgwg-yang-key-chain.all@ietf.org <mailto:draft-ietf-rtgwg-yang-key-chain.all@ietf.org>" <draft-ietf-rtgwg-yang-key-chain.all@ietf.org <mailto:draft-ietf-rtgwg-yang-key-chain.all@ietf.org>>, "Brian Weis (bew)" <bew@cisco.com <mailto:bew@cisco.com>> > Subject: Re: Secdir review of draft-ietf-rtgwg-yang-key-chain-17 > > Hello Acee, > >> Thanks for your review. > > You’re welcome. > > >> ** Question: when saying: >> >> "When configured, the key-strings can be encrypted using the AES Key Wrap algorithm" >> >> you do not provide any recommendation. I understand it is possible, but is there any good >> reason to recommend it or do you believe the NETCONF access control feature is sufficient? >> Are there environments where recommending it would be meaningful? I'd like to have more >> information. >> This is a bit surprising when I compare with last paragraph where keys are RECOMMENDED >> to be encrypted when stored within network devices. >> >> This was added after a conversation with Brian Weis who I believe is also on the directorate. At this time, we didn’t avail NCAM. As one would surmise, it was for additional security for the key strings themselves. I’m not opposed to removing the feature completely since no one has implemented it and it is somewhat unwieldy to have to distribute the key-encryption password out-of-band. > > I don’t have any opinion on the topic, just asked the question. > Let’s see what our ADs think. > > Note that I meant NCACM (RFC 6536). Yes, lets see the opinions here. I believe that RFC 6536 will be substantially more widely implemented and deployed than RFC 5649. > > >> ** Minor comment: I don't see any good reason to separate paragraphs 2 and 4. >> >> Where? > > I forgot to mention, sorry. I was considering the « Security Considerations » section. > Re-ordering those two closely related paragraphs could make sense. > > Yes – I will combine them. The first two paragraphs are recent boiler plate paragraphs for the “Security Considerations” in all YANG model drafts. > > >> Other comments: >> >> ** section 1.2: it says: >> " o Brackets "[" and "]" enclose list keys." >> There may be a confusion with the term "keys" here (i.e., something different from >> a cryptographic key). >> >> For instance, in section 3.3: >> | +--rw key-chain* [name] >> name is not a cryptographic key. >> >> This is pretty much boiler plate text for YANG model trees. I guess I could add the statement: >> >> “These YANG list keys should not be confused with the key-chain keys." >> > > Yes, in an I-D entirely devoted to key exchanges, using the key term with a totally > different meaning is error prone (it took me some time to identify the point). > > >> ** section 2.2: there's something I don't understand. It says: >> 3. When the send lifetime of the new key becomes valid, the network >> devices within the domain of key chain will start sending the new >> key. >> >> I have the feeling you mean that this new key will start to be used for transmissions >> (instead of "start sending the new key"). Did I misunderstood something? >> >> Absolutely, I will correct this. > > That was a big mistake then. > It’s nice to see that SecDir reviews are useful. > > Cheers, > > Vincent >
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Acee Lindem (acee)
- [secdir] Secdir review of draft-ietf-rtgwg-yang-k… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Acee Lindem (acee)
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-rtgwg-ya… Acee Lindem (acee)