I was reminded that I should copy this list with my additional comments
below. I hope the formatting makes it through.
--Charlie
*From:* Charlie Kaufman
*Sent:* Wednesday, February 13, 2008 11:22 PM
*To:* Badra
*Cc:* bertietf@bwijnen.net; Mohamad Badra
*Subject:* RE: review/comments of/on draft-ietf-netconf-tls-00.txt
Responses in brown*/ /*prefixed */[charliek:] /* … Charlie
*From:* Badra [mailto:mbadra@gmail.com]
*Sent:* Wednesday, February 13, 2008 5:13 PM
*To:* Charlie Kaufman
*Cc:* bertietf@bwijnen.net; Mohamad Badra
*Subject:* Re: review/comments of/on draft-ietf-netconf-tls-00.txt
Dear Charlie,
Thank you very much for your comments. Comments in-line:
Netconf requires that its transport provide mutual authentication of
client and server, so cipher suites that are anonymous or which only
authenticate the server to the client MUST NOT be used with Netconf.
This document specifies how to use TLS with endpoint authentication
in TLS can be based on either preshared keys [RFC4279] or public key
certificates [RFC4246]. Some cipher suites (e.g.
TLS_RSA_PSK_WITH_AES_128_CBC_SHA) use both. Section 3.1.1 describes
how the client authenticates the server if public key certificates
are provided by the server, section 3.1.2 describes how the server
authenticates the client if public key certificates are provided by
the client, and section 3.2 describes how the client and server
mutually authenticate one another using a password.
It is a perfect text for me.
Just a samll comment, should I say something here about Kerberos or it
is not required?
*/[charliek:] /*I don’t think it’s necessary unless you want to specify
how you could use Netconf over TLS with Kerberos authentication. I
suspect you don’t want to deal with it.
[Thinking about it, I think it would be better to renumber section
3.1.1 as section 3.1, section 3.1.2 as 3.2, and section 3.2 as 3.3.]
Yes
The title of section 3.2 is slightly misleading, since
authentication based on a password is actually mutual
authentication. It might be better to shorten the title to
"Password-Based Authentication".
OK
Section 4 requires implementation of three different crypto suites.
Is that actually what you intended? I would think that either
TLS_DHE_PSK_WITH_AES_128_CBC_SHA or TLS_RSA_PSK_WITH_AES_128_CBC_SHA
would be the common case (I don't know which… do you?) and use of
the other two would be rare.
In fact, I integrated the point 6 of your mail available at
https://ops.ietf.org/lists/netconf/netconf.2008/msg00067.html
*/[charliek:] /*Oops… sorry. I was thinking that those three would be
the most common, but if one of those three is more common than the
others, having a single mandatory suite would be best of all.
- Section 9 of TLS V1.2
(http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc4346-bis-09.txt)
says that TLS_RSA_WITH_AES_128_CBC_SHA is mandatory.
- Section 9 of RFC4346 says that TLS_RSA_WITH_3DES_EDE_CBC_SHA is the
mandatory cipher suite.
So I think it is better to don't recommend any certificate-based ciphersuite
You might want to make one of both of those mandatory and the others
optional. You should probably say that any suite providing mutual
authentication is optional.
But as section 3 already mentions that "cipher suites that are anonymous
or which only authenticate the server to the client MUST NOT be used
with Netconf". So I don't see think that we should repeat it here.
*/[charliek:] /*I was trying to make a different point. You already said
that cipher suites that are anonymous or which only authenticate the
server to the client MUST NOT be used, but what you could say is that
any cipher suite that provides mutual authentication MAY be used.
3DES is widely used, and EDH provide PFS, so I would prefere
TLS_DHE_PSK_WITH_AES_128_CBC_SHA.
What about:
4. Cipher Suite Requirements
A compliant implementation of this document MUST implement the cipher
suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA.
*/[charliek:] /*How about:
*/[charliek:] /*A compliant implementation of the protocol specified in
this document MUST implement the cipher suite
TLS_DHE_PSK_WITH_AES_128_CBC_SHA and MAY implement any TLS cipher suite
the provides mutual authentication.
*/[charliek:] /*[Note: I don’t feel strongly about any of this; it just
seems like this is what you mean. My only worry about my wording is that
it may raise the question of Kerberos again.]
Many thanks
Best regards,
Badra
*From:* Badra [mailto:mbadra@gmail.com <mailto:mbadra@gmail.com>]
*Sent:* Wednesday, February 13, 2008 2:37 PM
*To:* Charlie Kaufman; bertietf@bwijnen.net
<mailto:bertietf@bwijnen.net>
*Subject:* Re: review/comments of/on draft-ietf-netconf-tls-00.txt
Dear Charlie and Bert,
I would like to submit a new version of Netconf over TLS document
before the cutoff. I updated it by including all the comments posted
at the mailing list.
I attached the new version and a diff between the 00 and 01 versions.
Please feel free to give me your comments, especially regarding the
password authentication.
Best regards,
Badra
--
Badra