I was reminded that I should copy this list with my additional
comments below. I hope the formatting makes it through.
--Charlie
From: Charlie Kaufman
Sent: Wednesday, February 13, 2008 11:22 PM
To: Badra
Cc: bertietf@bwijnen.net; Mohamad Badra
Subject: RE: review/comments of/on draft-ietf-netconf-tls-00.txt
Responses in brown prefixed
[charliek:] … Charlie
From: Badra
[mailto:mbadra@gmail.com]
Sent: Wednesday, February 13, 2008 5:13 PM
To: Charlie Kaufman
Cc: bertietf@bwijnen.net; Mohamad Badra
Subject: Re: review/comments of/on draft-ietf-netconf-tls-00.txt
Thank you very much for your
comments. Comments in-line:
Netconf requires that its
transport provide mutual authentication of client and server, so cipher suites
that are anonymous or which only authenticate the server to the client MUST NOT
be used with Netconf. This document specifies how to use TLS with endpoint
authentication in TLS can be based on either preshared keys [RFC4279] or public
key certificates [RFC4246]. Some cipher suites (e.g.
TLS_RSA_PSK_WITH_AES_128_CBC_SHA) use both. Section 3.1.1 describes how the
client authenticates the server if public key certificates are provided by the
server, section 3.1.2 describes how the server authenticates the client if
public key certificates are provided by the client, and section 3.2 describes
how the client and server mutually authenticate one another using a password.
It is a perfect text for me.
Just a samll comment, should I say something here about
Kerberos or it is not required?
[charliek:] I don’t think
it’s necessary unless you want to specify how you could use Netconf over
TLS with Kerberos authentication. I suspect you don’t want to deal with
it.
[Thinking about it, I think it
would be better to renumber section 3.1.1 as section 3.1, section 3.1.2 as 3.2,
and section 3.2 as 3.3.]
The title of section 3.2 is
slightly misleading, since authentication based on a password is actually
mutual authentication. It might be better to shorten the title to
"Password-Based Authentication".
Section 4 requires
implementation of three different crypto suites. Is that actually what you
intended? I would think that either TLS_DHE_PSK_WITH_AES_128_CBC_SHA or
TLS_RSA_PSK_WITH_AES_128_CBC_SHA would be the common case (I don't know
which… do you?) and use of the other two would be rare.
In fact, I integrated the point 6 of your mail available at https://ops.ietf.org/lists/netconf/netconf.2008/msg00067.html
[charliek:] Oops… sorry. I was
thinking that those three would be the most common, but if one of those three
is more common than the others, having a single mandatory suite would be best
of all.
- Section 9 of RFC4346 says that
TLS_RSA_WITH_3DES_EDE_CBC_SHA is the mandatory cipher suite.
So I think it is better to don't recommend any
certificate-based ciphersuite
You might want to make one of
both of those mandatory and the others optional. You should probably say that
any suite providing mutual authentication is optional.
But as section 3 already mentions that "cipher suites
that are anonymous or which only authenticate the server to the client MUST NOT
be used with Netconf". So I don't see think that we should repeat it here.
[charliek:] I was trying to make a
different point. You already said that cipher suites that are anonymous or
which only authenticate the server to the client MUST NOT be used, but what you
could say is that any cipher suite that provides mutual authentication MAY be
used.
3DES is widely used, and EDH provide PFS, so I would prefere
TLS_DHE_PSK_WITH_AES_128_CBC_SHA.
What about:
4. Cipher Suite Requirements
A compliant implementation of this document MUST implement the cipher suite
TLS_DHE_PSK_WITH_AES_128_CBC_SHA.
[charliek:] How about:
[charliek:] A compliant implementation of
the protocol specified in this document MUST implement the cipher suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA
and MAY implement any TLS cipher suite the provides mutual authentication.
[charliek:] [Note: I don’t feel
strongly about any of this; it just seems like this is what you mean. My only
worry about my wording is that it may raise the question of Kerberos again.]
Many thanks
Best regards,
Badra
From: Badra [mailto:mbadra@gmail.com]
Sent: Wednesday, February 13, 2008 2:37 PM
To: Charlie Kaufman; bertietf@bwijnen.net
Subject: Re: review/comments of/on draft-ietf-netconf-tls-00.txt
I would like to submit a new version of Netconf over TLS document before the
cutoff. I updated it by including all the comments posted at the mailing list.
I attached the new version and a diff between the 00 and 01 versions.
Please feel free to give me your comments, especially regarding the password
authentication.
--
Badra