IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02

Kent Watsen <kwatsen@juniper.net> Fri, 28 July 2017 17:00 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C767131C8E; Fri, 28 Jul 2017 10:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmIBvVjzV_up; Fri, 28 Jul 2017 10:00:09 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0107.outbound.protection.outlook.com [104.47.33.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A608B12EB5D; Fri, 28 Jul 2017 10:00:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yx9fhlQitllNatkpiolHVlkcA/rheVLHS0iofW0j4II=; b=W5R9gvsx6zvJvmRU4qagSmnuSkbMrY9m6euQExIMiDt+w5q0A7+mZo+AOKkhTevdVTTDcy4UAwvxymnknoyjmpejkDfC7R4yfDnl3ulCJBZokNP/6+N8W/7DW7MrtiEYfhOcZ7JgFl0FeqJySFUsjbTeYIkChrnveSKkT/IwTYk=
Received: from CY1PR0501MB1450.namprd05.prod.outlook.com (10.160.149.11) by CY1PR0501MB2028.namprd05.prod.outlook.com (10.164.3.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.10; Fri, 28 Jul 2017 17:00:06 +0000
Received: from CY1PR0501MB1450.namprd05.prod.outlook.com ([10.160.149.11]) by CY1PR0501MB1450.namprd05.prod.outlook.com ([10.160.149.11]) with mapi id 15.01.1304.021; Fri, 28 Jul 2017 17:00:06 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-keystore.all@ietf.org" <draft-ietf-netconf-keystore.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-keystore-02
Thread-Index: AQHS/tjFB6LSB6mMA0ixt1H16U9uU6Jbyb8AgAEruACAC1e7gIAAnl+AgAA4dACAAE3eAP//00kA
Date: Fri, 28 Jul 2017 17:00:06 +0000
Message-ID: <53886D3E-8A0C-4664-A7BD-1E708A80EE9D@juniper.net>
References: <150028100874.32703.14161403810529927281@ietfa.amsl.com> <B1AC6895-5681-48F8-B7E7-418118120B4E@juniper.net> <20170720165942.GB21506@elstar.local> <F5E9973C-FCCD-4A96-B0D3-8C735CE911D3@juniper.net> <20170728073923.GA28870@elstar.local> <701F31A6-9941-4DE4-AE7E-00E859F103F8@juniper.net> <20170728154008.GA29865@elstar.local>
In-Reply-To: <20170728154008.GA29865@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY1PR0501MB2028; 7:8dj3RG6Acb6acSR80Qpw4LI+AdCMuV4hEAk2EYrjR9HOSKJYc8eW9n6YNdOW9gmjEHFethOEHPWt9bvifu8LIgmK/hh72GqwqD73BaDAjBEpyHFcXhNx/8kbhcbRH6sX2c8VZk0xqzL4hr20EP6Cenib6vH/yXtF3HOyMx/OBHk5xuJFLHXzJYbVg0MOLTlcgo4JPg4y9WXTRPBfrCSeSuE+UUMBFBnlcNRgpZRvHYFE4TLEZ7HVFbVdljhnSlx65DcM3knaULukdVlLVGXT+gv55INXMBXRNwMk/o9dqf4SW+o7fcXnCkhz6IZ6zBgHUluEInm6f7wD/nR29pLdlKFGS6lDm26DJ6R0PvYLleIzFSL3H8QlUgdCS/Borh1joUFbclohu0iog7szub9Qls+VvON3D5HwpnM2SUBtA3pzLeruaMfyTdaP/RKkzUN2qDQVyBm3JuH88wjTQjHqhkxAbSa3Xp2hJqxuVEfusZM/wCqeg18gaC8ZedFeZccEL5vzfsIXwHyQUC7RiBBB/boEnCyad4djNN+vlF/TKvj9ZT7ouVuGlaVmoIXLlJBv9bMbBoBYePULQ2QA5QrVR8QQ2qo1xSeXPQaFqXb5UI5zQQfQ/n0I+t2HDX2i7f6jnsBMV/2Hml/1ChTIwNO3Vp9De/3PAJhbq9pwT376b1pRmB0aoQ+HEdy2GdKBwPGr3++JZkI81bFBmGy3NGwSROL/cMsXneTwrcrhEVMlSZzj+Sfvu8FaKxbyEH+sAq1VadnAhFsI/w6unDsaxozLKWWbVleXqwVr879oggSpQaY=
x-ms-office365-filtering-correlation-id: 189c071c-4aa2-4f21-c5af-08d4d5da1906
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254128)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY1PR0501MB2028;
x-ms-traffictypediagnostic: CY1PR0501MB2028:
x-exchange-antispam-report-test: UriScan:(158342451672863)(166708455590820)(192374486261705);
x-microsoft-antispam-prvs: <CY1PR0501MB202893C942C13BF4895A2C4FA5BF0@CY1PR0501MB2028.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR0501MB2028; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR0501MB2028;
x-forefront-prvs: 03827AF76E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39400400002)(39850400002)(39860400002)(39840400002)(39410400002)(199003)(174864002)(51444003)(52314003)(189002)(77096006)(6506006)(6486002)(81166006)(14454004)(81156014)(97736004)(54356999)(101416001)(50986999)(82746002)(105586002)(33656002)(106356001)(8676002)(189998001)(76176999)(305945005)(3280700002)(4326008)(3660700001)(5660300001)(36756003)(25786009)(7736002)(230783001)(229853002)(86362001)(2950100002)(6916009)(966005)(93886004)(478600001)(68736007)(66066001)(3846002)(6116002)(6436002)(102836003)(2906002)(2900100001)(83716003)(4001350100001)(6306002)(8936002)(53936002)(83506001)(6246003)(38730400002)(54906002)(110136004)(99286003)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB2028; H:CY1PR0501MB1450.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <94E393F2E5B6924DBF3510B8CEE940F3@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2017 17:00:06.4762 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB2028
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/RJ066QJ_nl0JCDEkcXa9dSJxPtU>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 17:00:12 -0000


>> >> >> - I am not sure I understand trusted-host-keys. On systems that have
>> >> >>   multiple user accounts, you usually have a per account list of
>> >> >>   trusted host keys in addition to a global system wide list. Perhaps
>> >> >>   make it clear that this models the global known hosts list only?
>> >> >> 
>> >> >> <KENT> it's a list of lists, so there can be many different
>> >> >> sets a host-keys defined, with each application/use pointing
>> >> >> to its own entry.  The ietf-ssh-client module's grouping has
>> >> >> a leafref to a specific entry.  FWIW, this grouping is
>> >> >> used by ietf-netconf-client module.  At the moment, there
>> >> >> no other uses of this grouping.  I think that you may be
>> >> >> getting confused between the key the server presents (the
>> >> >> host-key) versus the key user presents.
>> >> >> .
>> >> >
>> >> > I though these are the authorized host keys? Yes, I am confused. If
>> >> > these are user public keys, they should not be called host keys. But
>> >> > yes, I am confused (but I started to read the other documents).
>> >> 
>> >> This leaf encodes an SSH public key (RFC4253, 6.6), same as used in 
>> >> /ietf-system/system/user/authorized-key/key-data (and I have changed
>> >> this leaf's type to match it in my local copy already), but the uses
>> >> are different.  In ietf-system, the authorized-key is configured on
>> >> a server in order to authenticate subsequent SSH-client connections.
>> >> Here, we're taking about the key that that SSH-server presents to
>> >> the client.  These are the host keys that OpenSSL often puts into the 
>> >> ~/.ssh/known-hosts file.
>> >
>> > I understand what you are modeling is /etc/ssh/ssh_host_rsa_key.pub
>> > and friends. Make sure it is described clearly. Or do you actually
>> > mean the clients cache of authenticated keys that goes into an
>> > account's known-hosts file? In this case, the keystore may be the
>> > wrong place.
>>  
>> /keystore/trusted-host-keys/trusted-host-key is in fact like the
>> known-hosts file.  That is, these are the host-keys that a client has
>> "pinned" or "trusted".  The ietf-ssh-client has a leafref to one of
>> these entries.  We could rename "trusted-host-key[s]" to 
>> "pinned-host-key[s]" if that helps. Ditto for trusted-certificate[s])
>> 
>> By contrast, /keystore/keys/key/name is referenced by ietf-ssh-server
>> to identify the host-key(s) the SSH server presents to SSH clients.
>> This is analogous to /etc/ssh/ssh_host_rsa_key.pub and friends.  This
>> node isn't called e.g. /keystore/keys/key/ssh-host-key because, AFAICT,
>> the system should be able to generate its host-key from the private-key
>> itself.  Thus, referencing the name is equivalent.  If there were a
>> /keystore/keys/key/ssh-host-key node, it would be a gratuitous config
>> false value that somehow encoded the host-key in a more SSH friendly
>> format.  But, it may have a subtler value in that, I think that your
>> confusion may be because it was NOT there and so, in its absence, 
>> you may have thought that the "trusted-host-keys" must serve that 
>> function.  Thoughts?
>> 
>> BTW, "host key" has a specific meaning, defined in RFC4251#4.1, not to
>> be confused with authorized keys.
>
> I do not really follow you. I think I do understand what a host key
> (pair) is and that it is different from a users key (pair).

Fine, but this is SSH architecture thing, not something specific to
the draft - right?

> Yes, I did
> not understand from reading the ID that the private SSH host key is to
> be found in /keystore/keys/key/name (likely because of all the
> certificate stuff around it that I have never seen used with SSH host
> keys).

Okay, then do you like having a /keystore/keys/key/ssh-host-key node?

> I guess I am not a big fan of bundling the way X.509 keys and certs
> work together with how SSH keys work (because I am not used to this
> and the systems I tend to use do not do this either). Anyway, if this
> is the direction to go, I think this needs explanatory text somewhere.

So then perhaps factoring out the x.509 and ssh stuff out into augmenting
modules? 



>> >> >> - Should the document title be aligned with other YANG module
>> >> >>   definitions, so it is easier to spot it?
>> >> >> 
>> >> >> <KENT> I don't understand, what do you mean?
>> >> >
>> >> > We often use "[A] YANG Data Model for ....".
>> >> >
>> >> > https://en.wikipedia.org/wiki/YANG#Usage_in_Standards
>> >> >
>> >> > The current name does not say YANG (sometimes I search for YANG 
>> >> > in the RFC index) and Keystore is also pretty broad given the
>> >> > related work we have.
>> >> 
>> >> Gotcha, how about "YANG Data Model for Keystores"?
>> >
>> > Yes, except that 'keystores' leaves readers unclear about the scope. I
>> > commented several times that the names of this module and the other
>> > module for symmetric keys are unfortunate. Concerning the SSH keys, I
>> > am still concerned that we would be better off to have a separate SSH
>> > module that takes care about managing an SSH server's host keys and
>> > then this module would be X509 certificate specific, i.e., a 'YANG
>> > Data Model for Managing X.509 Keys and Certificates' would be a clear
>> > and well defined scope.
>> 
>> From a refactoring perspective, we could have a base module and then
>> two augmenting modules, one for SSH and the other for X.509.  I would
>> think to define all three modules in the same draft, but that wouldn't
>> help your draft-name issue.  We could put each module into own draft
>> (e.g. +2 drafts), but is it worth it for renaming sake?  Maybe an even
>> longer title?  "YANG Data Model for Managing Asymmetric Private Keys,
>> X.509 Certificates, and SSH Host Keys'?  Naming aside, what do you 
>> think about the module-factoring idea?
>
> Perhaps it is simpler to have one data model to manage X.509 keys and
> certs and another data model to manage SSH keys. I do not know how
> much commonality there is. At the end, I also do not mind if
> everything is lumped together as long as it is clear how to implement
> things and key formats etc match with what implementations typically
> do.

Two modules, something like ietf-ssh-keystore and ietf-x509-keystore?
Of course, there would overlap between them (e.g., both modules would
have the /keys/key hierarchy, the ietf-ssh-client/server modules might
need to import both keystores, since SSH can use X.509 certs too (per
RFC6187).  I don't know, this doesn't seem right.  For instance, what
is a server to do if it generates a private key that has not yet been
associated with an X.509 cert or SSH host key, is the private key to
appear in both keystores?


>> >> In another thread, we concluded that we might want to ask SecDir.
>> >
>> > Or just acknowledge that in the longer term an IANA solution may be
>> > needed but we do this later.
>> 
>> Maybe, and really I wonder who is in a better position to make the
>> call.  Sure, SecDir can confirm that there are common algorithms
>> used in cryptography, but they may not necessarily have a crystal
>> ball to know how many YANG modules will be coming in the near 
>> future for which it matters.  Is the NETCONF/NETMOD WGs more
>> able to make this call?  I'm personally unaware of any other 
>> work-in-progress having a need for these algorithm identities
>> such as are defined here, nor do I have a crystal ball for 
>> predicting the future.
>
> Crypto algorithms have changed in the past and they will change
> in the future. So, we will need flexibility here, sooner or later.
> Getting this right requires to have the right people involved 
> (i.e., not me).

Okay, so maybe we're only in the position of saying that such a
thing is highly desirable, but we'd be dependent on security 
experts to get it right, and SecDir involvement could help
kickoff that effort...


>> >> >> - Since the certs of a key do not contain a signature, where are signed
>> >> >>   certificates stored or are they outside the scope of the model?
>> >> >> 
>> >> >> <KENT> I'm confused, certificates are signed structures already...
>> >> >
>> >> > Well, the description of certificates/certificate/value says:
>> >> >
>> >> >   An unsigned PKCS #7 SignedData structure, as specified
>> >> >   by Section 9.1 in RFC 2315, containing just certificates
>> >> >   (no content, signatures, or CRLs), encoded using ASN.1
>> >> >   distinguished encoding rules (DER), as specified in
>> >> >   ITU-T X.690.
>> >> >
>> >> > Yes, I am confused how this works.
>> >>  
>> >> Okay, now I understand your confusion.  I believe the text is 
>> >> accurate.  Think of the PKCS#7 structure being a little like a 
>> >> TAR file that contains a directory structure like this:
>> >> 
>> >>  pkcs7:
>> >>   /signed-info
>> >>   /signature   - this sig is only over 'signed-info' ...
>> >>   /extra-certificates
>> >>   /extra-revocation-objects
>> >> 
>> >> So, in this case, we're using a degenerate form of the pkcs7
>> >> structure that has no content (signed-info), signature, or CRLs 
>> >> (revocation-objects), it only contains the certificates. Perhaps
>> >> my use of the word "unsigned" isn't clear enough?
>> >
>> > So why pkcs7, is this what implementations use? The certificates
>> 
>> Why pkcs7 is because each certificate may have an associated chain
>> of certificates leading to a trust-anchor CA certificate.  For instance,
>> a vendor might have a CA called "foo-root" that signs an intermediate
>> CA called "foo-intermediate" that signs the "foo-entity" certificates.
>> So, a given foo-entity certificate (a single X.509 structure) is
>> commonly presented along with its chain of CA certs (more X.509 
>> structures), in this case, the "foo-intermediate" and "foo-root" CA
>> certs.  The pkcs7 structure is commonly used for this purpose in the
>> PKI world.  Yes, it could be just a TAR file having a flat list of
>> certs, but then we'd have to define that structure, whereas its 
>> already defined in pkcs7.
>> 
>> > I find in /etc/ssl/certs on my Debian system seem to be in PEM format.
>> 
>> PEM and DER are interchangeable formats.  PEM is essentially the base64
>> encoding of the DER surrounded by the "===== BEGIN/END CERTIFICATE
>> =====" header/footer.
>> 
>
> DER encoded certificate or pkcs7? I thought PEM is just a base64
> encoded version of the DER encoded certificate, no pkcs7 involved.

Both PKCS7 and X.509 or ASN.1-encoded structures, and all ASN.1 structures
can be encoded using PEM, DER, or even BER.   Your debian system's "certs"
directory undoubtedly only contains root certs, hence there is no cert-chain
to staple to them, and hence a single X.509 structure (either PEM or a DER)
is perfect.  As soon as you step into needing more than one cert, then
either PKCS7 or PKCS12 (both of which could be PEM or DER encoded), or a
very special multi-part PEM (one that contains more than one of the "====="
BEGIN/END blocks) could be used.  BTW, all this was discussed a while back
related to https://github.com/netconf-wg/keystore/issues/1.  What's written
in the GitHub issue tracker should be ignored, search instead the list-archive
on issue #1... 

K.

v2.23.0 | Report a Bug | By Email