IETF Logo Mail Archive

Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-netconf-crypto-types-20

Valery Smyslov <valery@smyslov.net> Tue, 14 September 2021 14:59 UTC

Return-Path: <valery@smyslov.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B703B3A2286; Tue, 14 Sep 2021 07:59:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnUQG0Hf_Dpg; Tue, 14 Sep 2021 07:59:10 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BB503A2283; Tue, 14 Sep 2021 07:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=47gA+hWFoLHTjdm6+pfpW4RNupWbuhPomkIwcka+ucU=; b=x04nv6+mfy0hwmhNHVkaTtUPRE 3plGppB5ujVUxhXZySP2Yyi6KAi/DP4ldXGSnsxhjR0DL+LVbw6JrtHKZjSkn03TuQhezPjar9D05 2+M+mECGq2RgESGoa+j19Lfr/9jmWUEMqIRZUzknloPy4SwRoKelYVv2FiEIqql7G+Le5YMvUgtG+ gQwr70wv5LHNAqNO/utJpgT1g5EaEvoN3/1kp+lkR1Cr2tCDocAxxI7SaE0KyhuJ639vtxpA8qG8g 3M9Vfy1BjATVKdoWYG1R10WaBMm7rmCRVSf2tlTvnzxvkhSeDppUeeAIFY3Ou/C05oWP+JJxP97PH rw1Iolfw==;
Received: from [93.188.44.204] (port=53574 helo=buildpc) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1mQ9to-0005Zr-So; Tue, 14 Sep 2021 10:59:05 -0400
From: Valery Smyslov <valery@smyslov.net>
To: 'Kent Watsen' <kent+ietf@watsen.net>
Cc: secdir@ietf.org, draft-ietf-netconf-crypto-types.all@ietf.org, netconf@ietf.org
References: <162982978380.3381.17549750696257276827@ietfa.amsl.com> <0100017b8819bf19-1f20d528-72e4-462c-884a-6c29eff0769b-000000@email.amazonses.com> <017c01d79b5e$a00a0000$e01e0000$@smyslov.net> <0100017b89613006-504db539-c16c-4c87-8772-2b6676e9c295-000000@email.amazonses.com> <034d01d79e3d$a5b5d5b0$f1218110$@smyslov.net> <0100017be4ba7624-b2b8c900-5ee4-431a-b902-422a4576bd62-000000@email.amazonses.com>
In-Reply-To: <0100017be4ba7624-b2b8c900-5ee4-431a-b902-422a4576bd62-000000@email.amazonses.com>
Date: Tue, 14 Sep 2021 17:59:03 +0300
Message-ID: <0cc201d7a979$10ab7cd0$32027670$@smyslov.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0CC3_01D7A992.35FBC210"
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQGndKy5sGszK4BuDx47nymU5VnBUwHC5W7jAisjdPUBQDIbDgLhFR17AQVyoUeru16T8A==
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/waZt-eFm7lv1cMlGGf2didBhDC4>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-netconf-crypto-types-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2021 14:59:15 -0000

Hi Kent,

 

Hi Valery,

 

Reducing to just the open bits…

 

Is your concern that the certificate’s content would be visible to the administrators?  Is your comment on end-entity certificates (containing personally-identifying information), more than trust-anchor-certificates?

 

          Yes, it’s mostly on end-entity certificates, however there may be quite a lot of interesting private information besides certificates.

 

          If this information is only visible to the administrators and the used management protocols must have mutual authentication, then it’s probably not a big deal. I would have still added a sentence about privacy of the stored data (i.e. that persons, that are allowed to access this data are able to learn quite a lot of private information from it). I don’t insist though, it’s up to you.

 

I added the following to Section 3.8 (The "ietf-crypto-types" YANG Module).

 

             The "cert-data" node:

                   The "cert-data" node, defined in both the "trust-anchor-cert-grouping"
                    and "end-entity-cert-grouping" groupings, is additionally sensitive to
                    read operations, as certificates sometimes convey personally identifying
                    information (especially end-entity certificates).  However, as it is
                    commonly understood that certificates are "public", the NACM extension
                    "nacm:default-deny-write" (not "default-deny-all") has been applied. It
                    is RECOMMENDED that implementations adjust read-access to certificates
                    to comply with local policy.

Is this okay?

 

          Yes, thanks.

 

Separately, I thought about if there are any other values in the module that may have privacy concerns but was unable to locate any.

 

          certificate-signing-request?

 

 

Of course, CSRs contain similar information as certs but, from the “crypto-types” module perspective, CSRs are never *configured*, as they are only conveyed in dynamic RPCs, and therefore the readability of them from any other than the originator is negligent.  Hence I do not believe that extending the comment above to CSRs is warranted.  Thoughts?

 

          OK, thanks for the explanation.

 

 

 

 

Section 3.5.
While I understand and support the idea, expressed in this section, I think that
the way it is expressed makes it difficult to follow in practice. In general, it's
not always obvious how to estimate the "strength" of the underlying secure transport.
For this reason it's not clear for me how it is supposed to "compare" the 
"strength" of the transport with the "strength" of the keys being transported.

 

 

All comments from this point to the end regard the Security Consideration "Strength of Keys Conveyed” (was "Strength of Keys Configured”).  I rewrote the section as follows.  Can you please check for accuracy?

 

      Strength of Keys Conveyed


           When accessing key values, it is desireable that implementations
            ensure that the strength of the keys being accessed is not greater
            than the strength of the underlying secure transport connection
            over which the keys are conveyed.  However, comparing key strengths
            can be complicated and difficult to implement in practice.


           That said, expert Security opinion suggests that already it is
            infeasible to break a 128-bit key using a classical computer, and 

 

          s/key/symmetric key/

 

amended.

 





            thus the concern for conveying higher-strength keys begins to lose 
            its allure.


            Implementations SHOULD only use transport algorithms to those 

          s/transport algorithms/secure transport/

That substitution by itself seems to result in an incomplete sentence.  How about this:  

 

          "Implementations SHOULD only use secure transport algorithms meeting local policy.”

 

          I was trying to avoid using combination of words “transport algorithm”

          just to make text more accurate (usually we have transport protocols,

          which are implemented using some crypto algorithms, if we talk

          about secure transports). So how about:

 

          Implementations SHOULD only use secure transport protocols meeting local policy.

 

          ?





            meeting local policy.  A reasonable policy may, e.g., state that 
            only algorithms listed as "recommended" by the IETF be used.

          s\algorithms/ciphersuites/

 

Done.

 

            Another reasonable policy may be to only use quantum-resistant 
            algorithms.

          Works for me with changes above. I would only add a few words at the end of the second para that things may change in the future (e.g. if full-size quantum computers appear), so it is recommended to follow up-to-date advise from crypto community when protecting transport channel.

          I would also remove the last sentence in the last para, mostly because
          it’s difficult to follow in practice (we still know not much about post-quantum crypto and generally it’s not yet widely supported in protocols like TLS) and instead reference RFC 7525 which contains recommendations how to use TLS in applications.  I don’t know in similar RFC exists for SSH, sorry...

 

I removed the last sentence but did NOT add “a few words”, because the existing text already covers the “need to stay current” angle.  The current “last” paragraph reads:

 

            Implementations SHOULD only use secure transport algorithms 
            meeting local policy.  A reasonable policy may, e.g., state that
            only ciphersuites listed as "recommended" by the IETF be used.

Good?

 

          Works for me if you replace “algorithms” with “protocols” :-)

          (I still think that referencing RFC 7525 would be helpful, but it’s up to you, it’s definitely not a big deal).

          Thank you,
          Valery.

 

 

 

Kent

v2.23.0 | Report a Bug | By Email