Last Call Review of draft-ietf-netconf-crypto-types-18
review-ietf-netconf-crypto-types-18-yangdoctors-lc-schoenwaelder-2021-01-12-00
Request | Review of | draft-ietf-netconf-crypto-types |
---|---|---|
Requested revision | No specific revision (document currently at 34) | |
Type | Last Call Review | |
Team | YANG Doctors (yangdoctors) | |
Deadline | 2020-08-06 | |
Requested | 2020-07-09 | |
Requested by | Mahesh Jethanandani | |
Authors | Kent Watsen | |
I-D last updated | 2021-01-12 | |
Completed reviews |
Genart Last Call review of -28
by Dale R. Worley
(diff)
Opsdir Last Call review of -30 by Gyan Mishra (diff) Secdir Early review of -10 by Rifaat Shekh-Yusef (diff) Yangdoctors Last Call review of -18 by Jürgen Schönwälder (diff) Secdir Last Call review of -20 by Valery Smyslov (diff) |
|
Assignment | Reviewer | Jürgen Schönwälder |
State | Completed | |
Request | Last Call review on draft-ietf-netconf-crypto-types by YANG Doctors Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/yang-doctors/qx8dol40kAO1gtEP9lRFGAtN2WY | |
Reviewed revision | 18 (document currently at 34) | |
Result | Ready w/issues | |
Completed | 2021-01-12 |
review-ietf-netconf-crypto-types-18-yangdoctors-lc-schoenwaelder-2021-01-12-00
The crypto modules aim at providing a flexible reusable infrastructure of groupings for modeling cryptographic keys and related concepts. The flexibility of the definitions provided of course comes with a certain amount of complexity. From a YANG perspective, draft-ietf-netconf-crypto-types-18.txt is in a good and close to publish state (a couple of minor issues left). I also tried to understand what is being modeled here and hence I also have some questions concerning the concepts modeled and I hope these are easy to answer/resolve as well. - I have compiled the YANG modules using yanglint 0.16.105. - s/ietf-crypt-types/ietf-crypto-types/ - Does it make sense to have a new notation like | The diagram above uses syntax that is similar to but not | defined in [RFC8340]. or shall this simply become regular text? - "Identities use to specify uncommon formats are enabled [...]" is this correct or should it be "used to specify"? - Second bullet 2.1.4.1: Perhaps change [...] specified by the "format" identity Section 2.1.2 associated [...] to [...] specified by the "format" identity (see Section 2.1.2) associated [...] What is 'encoded in the format specified by the "format" identity' I assume this refers to the key value that is encrypted and stored in encrypted-value, no? - Same bullet in 2.1.4.1: The "encrypted-value" node is the key, encrypted by the key referenced by the "encrypted-by" node, encoded in the format specified by the "format" identity Section 2.1.2 associated with the ancestor node using this grouping. Do I understand correctly that the encrypted-value always holds an encrypted key? If so, a better name for the leaf would perhaps have been encrypted-key and for the grouping encrypted-key-grouping. I assume you did not pick this name since you wanted to use encrypted-key for other purposes? This makes sense and may have led to encrypted-key-value-grouping, in the sense of an encrypted 'key-value'? For the definition of the grouping, does it actually matter that the value encrypted is a key? Or would it make sense to rename the grouping to encrypted-value-grouping and then the second bullet becomes: The "encrypted-value" node holds the value, encrypted by the key referenced by the "encrypted-by" node, encoded in the format specified by the "format" identity (see Section 2.1.2) associated with the ancestor node using this grouping. Looking at the definition of encrypted-key-value-grouping, it seems that the name encrypted-value-grouping would actually be more appropriate, there is nothing in the definition that says that the value must be a key for something. And is it "the" ancestor node or "an" ancestor node? Perhaps the possible confusion here is that ancestor node may mean different things, schema tree versus data tree. What about this? The "encrypted-value" node holds the value, encrypted by the key referenced by the "encrypted-by" node, encoded in the format specified by the "format" identity (see Section 2.1.2) associated with the ancestor data node of the data node using this grouping. Hm. Did I reverse engineer this correctly? - In 2.1.4.2 last item, where do I see that the encrypted-password node is encoded using the CMS EnvelopedData structure? There is no "format" identity here, so this is hard coded to always have the CMS EnvelopedData structure (or is it CMS EncryptedData structure, see below)? OK, if I lookup the definition, it seems to use a hardcoded format. - Always use cleartext instead plain-text? I understand that some people make a distinction between plain text, plaintext, and cleartext. Does this document do that? I do not think so, and if so, we may reduce confusion by picking just one term. On the other hand, if there is a distinction made, then the document should perhaps be explicit about it somewhere and define how these terms are used. - The example in section 2.2 is helpful and much appreciated. - s/confugration/configuration/ - The encrypted-password description says that it uses a" CMS EnvelopedData structure, per Section 8 in RFC 5652, encoded using ASN.1 distinguished encoding rules (DER)". However, section 8 of RFC 5652 defined EncryptedData and not EnvelopedData. So what is the intention here? - Following up on the previous point, it seems that the EncryptedData format does not introduce a salt, i.e., if the same password is used multiple times and they are all protected by the same key, then this is visible since the encrypted formats will all be the same as well. Is this something to be concerned about? Well, this is not really a yang-doctor question... - The encrypted-one-symmetric-key-format again refers to the EnvelopedData per Section 8 in RFC 5652 but section 8 only defines EncryptedData. So either the type name is wrong or the reference is wrong. - The encrypted-password container description refers to the EnvelopedData and either the reference to section 8 is wrong or it should be EncryptedData (see above). Is it OK to have a fixed encrypted password format? Perhaps it is, I am just checking. (The password leaf in RFC 7317 uses the ianach:crypt-hash format, i.e., it is somewhat extensible but then this module may target different use cases as it deals with encrypted passwords instead of hashed passwords.) - I wonder why this is a SHOULD and not a MUST: "Identifies the symmetric key's format. Implementations SHOULD ensure that the incoming symmetric key value is encoded in the specified format."; This statement shows up several times when the key-format identities are used. I wonder what this means to an implementer. If I receive a key format (say one-symmetric-key-format) and a corresponding blob of data, do I have to decode this to see whether the format works out? If later the key-format is changed to something else (lets say octet-string-key-format), do I reject such a change or is it OK as long as the binary data I have would be a valid value given the new format? Perhaps this is implementation specific? Well, since we deal with keys, ... - The definitions of the features symmetric-key-encryption and private-key-encryption have copy and paste text from the definition of the feature password-encryption. I think they need to be changed to: feature symmetric-key-encryption { description "Indicates that the server supports encryption of symmetric keys."; } feature private-key-encryption { description "Indicates that the server supports encryption of private keys."; } - If I have a 'octet-string-key-format' key and I use it to create an encrypted key. How do I know which crypto algorithm is used? I have not digged into it, but do the various CMS structures provide this information somewhere? In the case of asymmetric keys, the format gives a hint whether I am dealing with RSA keys or EC keys. For symmetric keys, I am not sure in call cases how the algorithm is determined. - The asymmetric-key-pair-with-certs-grouping descriptions talk about 'IDevID' and 'LDevID' and 'TPM-protected asymmetric keys'. This seems to call for additional references to explain what these are. - s/is was unclear/it was unclear/ - RFC 8407 suggests that the XML registry Registrant Contact is: Registrant Contact: The IESG. This does not seem to be handled in a consistent manner if I look at recent RFCs but I think the idea was to give the responsibility to the IESG, assuming the IESG is a more stable entity than WGs.