Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 28 July 2017 17:09 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E6D131F5A; Fri, 28 Jul 2017 10:09:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EAWetCP7zvPR; Fri, 28 Jul 2017 10:09:34 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC782131748; Fri, 28 Jul 2017 10:09:33 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 8D49069; Fri, 28 Jul 2017 19:09:32 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id VSJnIB1pJ6_m; Fri, 28 Jul 2017 19:09:27 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Fri, 28 Jul 2017 19:09:32 +0200 (CEST)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 66DF3200AA; Fri, 28 Jul 2017 19:09:32 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id HS9LkfNHQYIe; Fri, 28 Jul 2017 19:09:30 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id D8DD5200B8; Fri, 28 Jul 2017 19:09:30 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id BFA934001643; Fri, 28 Jul 2017 19:09:30 +0200 (CEST)
Date: Fri, 28 Jul 2017 19:09:30 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Kent Watsen <kwatsen@juniper.net>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-keystore.all@ietf.org" <draft-ietf-netconf-keystore.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20170728170930.GA30054@elstar.local>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Kent Watsen <kwatsen@juniper.net>, "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-keystore.all@ietf.org" <draft-ietf-netconf-keystore.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
References: <150028100874.32703.14161403810529927281@ietfa.amsl.com> <B1AC6895-5681-48F8-B7E7-418118120B4E@juniper.net> <20170720165942.GB21506@elstar.local> <F5E9973C-FCCD-4A96-B0D3-8C735CE911D3@juniper.net> <20170728073923.GA28870@elstar.local> <701F31A6-9941-4DE4-AE7E-00E859F103F8@juniper.net> <20170728154008.GA29865@elstar.local> <53886D3E-8A0C-4664-A7BD-1E708A80EE9D@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <53886D3E-8A0C-4664-A7BD-1E708A80EE9D@juniper.net>
User-Agent: Mutt/1.6.0 (2016-04-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/XLuE-r5AM38NeEHU_qkIt2euBEY>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 17:09:36 -0000
On Fri, Jul 28, 2017 at 05:00:06PM +0000, Kent Watsen wrote: > > > >> >> >> - I am not sure I understand trusted-host-keys. On systems that have > >> >> >> multiple user accounts, you usually have a per account list of > >> >> >> trusted host keys in addition to a global system wide list. Perhaps > >> >> >> make it clear that this models the global known hosts list only? > >> >> >> > >> >> >> <KENT> it's a list of lists, so there can be many different > >> >> >> sets a host-keys defined, with each application/use pointing > >> >> >> to its own entry. The ietf-ssh-client module's grouping has > >> >> >> a leafref to a specific entry. FWIW, this grouping is > >> >> >> used by ietf-netconf-client module. At the moment, there > >> >> >> no other uses of this grouping. I think that you may be > >> >> >> getting confused between the key the server presents (the > >> >> >> host-key) versus the key user presents. > >> >> >> . > >> >> > > >> >> > I though these are the authorized host keys? Yes, I am confused. If > >> >> > these are user public keys, they should not be called host keys. But > >> >> > yes, I am confused (but I started to read the other documents). > >> >> > >> >> This leaf encodes an SSH public key (RFC4253, 6.6), same as used in > >> >> /ietf-system/system/user/authorized-key/key-data (and I have changed > >> >> this leaf's type to match it in my local copy already), but the uses > >> >> are different. In ietf-system, the authorized-key is configured on > >> >> a server in order to authenticate subsequent SSH-client connections. > >> >> Here, we're taking about the key that that SSH-server presents to > >> >> the client. These are the host keys that OpenSSL often puts into the > >> >> ~/.ssh/known-hosts file. > >> > > >> > I understand what you are modeling is /etc/ssh/ssh_host_rsa_key.pub > >> > and friends. Make sure it is described clearly. Or do you actually > >> > mean the clients cache of authenticated keys that goes into an > >> > account's known-hosts file? In this case, the keystore may be the > >> > wrong place. > >> > >> /keystore/trusted-host-keys/trusted-host-key is in fact like the > >> known-hosts file. That is, these are the host-keys that a client has > >> "pinned" or "trusted". The ietf-ssh-client has a leafref to one of > >> these entries. We could rename "trusted-host-key[s]" to > >> "pinned-host-key[s]" if that helps. Ditto for trusted-certificate[s]) > >> > >> By contrast, /keystore/keys/key/name is referenced by ietf-ssh-server > >> to identify the host-key(s) the SSH server presents to SSH clients. > >> This is analogous to /etc/ssh/ssh_host_rsa_key.pub and friends. This > >> node isn't called e.g. /keystore/keys/key/ssh-host-key because, AFAICT, > >> the system should be able to generate its host-key from the private-key > >> itself. Thus, referencing the name is equivalent. If there were a > >> /keystore/keys/key/ssh-host-key node, it would be a gratuitous config > >> false value that somehow encoded the host-key in a more SSH friendly > >> format. But, it may have a subtler value in that, I think that your > >> confusion may be because it was NOT there and so, in its absence, > >> you may have thought that the "trusted-host-keys" must serve that > >> function. Thoughts? > >> > >> BTW, "host key" has a specific meaning, defined in RFC4251#4.1, not to > >> be confused with authorized keys. > > > > I do not really follow you. I think I do understand what a host key > > (pair) is and that it is different from a users key (pair). > > Fine, but this is SSH architecture thing, not something specific to > the draft - right? ??? > > Yes, I did > > not understand from reading the ID that the private SSH host key is to > > be found in /keystore/keys/key/name (likely because of all the > > certificate stuff around it that I have never seen used with SSH host > > keys). > > Okay, then do you like having a /keystore/keys/key/ssh-host-key node? I guess what I am looking for is a more radical split between X.509 stuff and SSH key stuff, the most radical split would be a module for X.509 keys and certs and another module for SSH host keys. Or alternatively, if there is really a strong reason to have all these different keys in one list, then define the list such that augmentations add X.509 stuff and SSH key stuff. I am not a fan of lists where the usage of leafs for different purposes is not clear. > > I guess I am not a big fan of bundling the way X.509 keys and certs > > work together with how SSH keys work (because I am not used to this > > and the systems I tend to use do not do this either). Anyway, if this > > is the direction to go, I think this needs explanatory text somewhere. > > So then perhaps factoring out the x.509 and ssh stuff out into augmenting > modules? I am not sure how much is left, other than a list with a key name leaf and whether it is worth to have this common structure (and whether any uniqueness constraints resulting from that are a benefit or not). > > >> >> >> - Should the document title be aligned with other YANG module > >> >> >> definitions, so it is easier to spot it? > >> >> >> > >> >> >> <KENT> I don't understand, what do you mean? > >> >> > > >> >> > We often use "[A] YANG Data Model for ....". > >> >> > > >> >> > https://en.wikipedia.org/wiki/YANG#Usage_in_Standards > >> >> > > >> >> > The current name does not say YANG (sometimes I search for YANG > >> >> > in the RFC index) and Keystore is also pretty broad given the > >> >> > related work we have. > >> >> > >> >> Gotcha, how about "YANG Data Model for Keystores"? > >> > > >> > Yes, except that 'keystores' leaves readers unclear about the scope. I > >> > commented several times that the names of this module and the other > >> > module for symmetric keys are unfortunate. Concerning the SSH keys, I > >> > am still concerned that we would be better off to have a separate SSH > >> > module that takes care about managing an SSH server's host keys and > >> > then this module would be X509 certificate specific, i.e., a 'YANG > >> > Data Model for Managing X.509 Keys and Certificates' would be a clear > >> > and well defined scope. > >> > >> From a refactoring perspective, we could have a base module and then > >> two augmenting modules, one for SSH and the other for X.509. I would > >> think to define all three modules in the same draft, but that wouldn't > >> help your draft-name issue. We could put each module into own draft > >> (e.g. +2 drafts), but is it worth it for renaming sake? Maybe an even > >> longer title? "YANG Data Model for Managing Asymmetric Private Keys, > >> X.509 Certificates, and SSH Host Keys'? Naming aside, what do you > >> think about the module-factoring idea? > > > > Perhaps it is simpler to have one data model to manage X.509 keys and > > certs and another data model to manage SSH keys. I do not know how > > much commonality there is. At the end, I also do not mind if > > everything is lumped together as long as it is clear how to implement > > things and key formats etc match with what implementations typically > > do. > > Two modules, something like ietf-ssh-keystore and ietf-x509-keystore? > Of course, there would overlap between them (e.g., both modules would > have the /keys/key hierarchy, the ietf-ssh-client/server modules might > need to import both keystores, since SSH can use X.509 certs too (per > RFC6187). I don't know, this doesn't seem right. For instance, what > is a server to do if it generates a private key that has not yet been > associated with an X.509 cert or SSH host key, is the private key to > appear in both keystores? Is this how systems work? My command line tools either create X.509 keys or SSH keys. > >> >> >> - Since the certs of a key do not contain a signature, where are signed > >> >> >> certificates stored or are they outside the scope of the model? > >> >> >> > >> >> >> <KENT> I'm confused, certificates are signed structures already... > >> >> > > >> >> > Well, the description of certificates/certificate/value says: > >> >> > > >> >> > An unsigned PKCS #7 SignedData structure, as specified > >> >> > by Section 9.1 in RFC 2315, containing just certificates > >> >> > (no content, signatures, or CRLs), encoded using ASN.1 > >> >> > distinguished encoding rules (DER), as specified in > >> >> > ITU-T X.690. > >> >> > > >> >> > Yes, I am confused how this works. > >> >> > >> >> Okay, now I understand your confusion. I believe the text is > >> >> accurate. Think of the PKCS#7 structure being a little like a > >> >> TAR file that contains a directory structure like this: > >> >> > >> >> pkcs7: > >> >> /signed-info > >> >> /signature - this sig is only over 'signed-info' ... > >> >> /extra-certificates > >> >> /extra-revocation-objects > >> >> > >> >> So, in this case, we're using a degenerate form of the pkcs7 > >> >> structure that has no content (signed-info), signature, or CRLs > >> >> (revocation-objects), it only contains the certificates. Perhaps > >> >> my use of the word "unsigned" isn't clear enough? > >> > > >> > So why pkcs7, is this what implementations use? The certificates > >> > >> Why pkcs7 is because each certificate may have an associated chain > >> of certificates leading to a trust-anchor CA certificate. For instance, > >> a vendor might have a CA called "foo-root" that signs an intermediate > >> CA called "foo-intermediate" that signs the "foo-entity" certificates. > >> So, a given foo-entity certificate (a single X.509 structure) is > >> commonly presented along with its chain of CA certs (more X.509 > >> structures), in this case, the "foo-intermediate" and "foo-root" CA > >> certs. The pkcs7 structure is commonly used for this purpose in the > >> PKI world. Yes, it could be just a TAR file having a flat list of > >> certs, but then we'd have to define that structure, whereas its > >> already defined in pkcs7. > >> > >> > I find in /etc/ssl/certs on my Debian system seem to be in PEM format. > >> > >> PEM and DER are interchangeable formats. PEM is essentially the base64 > >> encoding of the DER surrounded by the "===== BEGIN/END CERTIFICATE > >> =====" header/footer. > >> > > > > DER encoded certificate or pkcs7? I thought PEM is just a base64 > > encoded version of the DER encoded certificate, no pkcs7 involved. > > Both PKCS7 and X.509 or ASN.1-encoded structures, and all ASN.1 structures > can be encoded using PEM, DER, or even BER. Your debian system's "certs" > directory undoubtedly only contains root certs, hence there is no cert-chain > to staple to them, and hence a single X.509 structure (either PEM or a DER) > is perfect. As soon as you step into needing more than one cert, then > either PKCS7 or PKCS12 (both of which could be PEM or DER encoded), or a > very special multi-part PEM (one that contains more than one of the "=====" > BEGIN/END blocks) could be used. BTW, all this was discussed a while back > related to https://github.com/netconf-wg/keystore/issues/1. What's written > in the GitHub issue tracker should be ignored, search instead the list-archive > on issue #1... > What matters is that the I-D is clear and captures the important reasons etc. You can't expect implementors to read github issues or mailing list archives. Sorry for my ignorance. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [yang-doctors] Yangdoctors last call review of dr… Jürgen Schönwälder
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Mehmet Ersue
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Per Hedeland
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Per Hedeland
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Juergen Schoenwaelder
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Per Hedeland
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Kent Watsen
- Re: [yang-doctors] [Netconf] Yangdoctors last cal… Per Hedeland
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] [Netconf] last call review of … t.petch
- Re: [yang-doctors] [Netconf] last call review of … Kent Watsen
- Re: [yang-doctors] [Netconf] last call review of … t.petch
- Re: [yang-doctors] [Netconf] last call review of … Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Kent Watsen
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] [Netconf] last call review of … t.petch
- Re: [yang-doctors] [Netconf] last call review of … Kent Watsen