Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 26 September 2008 08:17 UTC
Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59AEE28C16B; Fri, 26 Sep 2008 01:17:21 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D741A28C16B for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNMZ7pQSVdrR for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:12 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id BF6353A6AED for <netconf@ietf.org>; Fri, 26 Sep 2008 01:17:11 -0700 (PDT)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 7E144C005D; Fri, 26 Sep 2008 10:17:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id TYHzTzGevnx7; Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1BB68C0026; Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id BDF297B9C1A; Fri, 26 Sep 2008 10:17:14 +0200 (CEST)
Date: Fri, 26 Sep 2008 10:17:14 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>
Message-ID: <20080926081714.GA27659@elstar.local>
Mail-Followup-To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>, netconf@ietf.org
References: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: netconf@ietf.org
Subject: Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org
On Thu, Sep 25, 2008 at 11:44:07AM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote: > With this mail we want to start a WGLC for the draft NETCONF over > TLS, which is proposed to publish as a Proposed Standard RFC. I have read <draft-ietf-netconf-tls-04.txt> and here are my comments: a) I am wondering about PSK support. RFC 4279 says in the applicability statement: The ciphersuites defined in this document are intended for a rather limited set of applications, usually involving only a very small number of clients and servers. Even in such environments, other alternatives may be more appropriate. With NETMOD deployed on many bridges and routers and some host systems in the future, we might have a small number of clients with a large number of sFrom netconf-bounces@ietf.org Fri Sep 26 01:17:21 2008 Return-Path: <netconf-bounces@ietf.org> X-Original-To: netconf-archive@lists.ietf.org Delivered-To: ietfarch-netconf-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59AEE28C16B; Fri, 26 Sep 2008 01:17:21 -0700 (PDT) X-Original-To: netconf@core3.amsl.com Delivered-To: netconf@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D741A28C16B for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.249 X-Spam-Level: X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNMZ7pQSVdrR for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:12 -0700 (PDT) Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id BF6353A6AED for <netconf@ietf.org>; Fri, 26 Sep 2008 01:17:11 -0700 (PDT) Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 7E144C005D; Fri, 26 Sep 2008 10:17:21 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id TYHzTzGevnx7; Fri, 26 Sep 2008 10:17:15 +0200 (CEST) Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1BB68C0026; Fri, 26 Sep 2008 10:17:15 +0200 (CEST) Received: by elstar.local (Postfix, from userid 501) id BDF297B9C1A; Fri, 26 Sep 2008 10:17:14 +0200 (CEST) Date: Fri, 26 Sep 2008 10:17:14 +0200 From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com> Message-ID: <20080926081714.GA27659@elstar.local> Mail-Followup-To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>, netconf@ietf.org References: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: netconf@ietf.org Subject: Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: j.schoenwaelder@jacobs-university.de List-Id: Network Configuration WG mailing list <netconf.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe> List-Archive: <https://www.ietf.org/mailman/private/netconf> List-Post: <mailto:netconf@ietf.org> List-Help: <mailto:netconf-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: netconf-bounces@ietf.org Errors-To: netconf-bounces@ietf.org On Thu, Sep 25, 2008 at 11:44:07AM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote: > With this mail we want to start a WGLC for the draft NETCONF over > TLS, which is proposed to publish as a Proposed Standard RFC. I have read <draft-ietf-netconf-tls-04.txt> and here are my comments: a) I am wondering about PSK support. RFC 4279 says in the applicability statement: The ciphersuites defined in this document are intended for a rather limited set of applications, usually involving only a very small number of clients and servers. Even in such environments, other alternatives may be more appropriate. With NETMOD deployed on many bridges and routers and some host systems in the future, we might have a small number of clients with a large numbeervers and a key management problem. b) Section 4 requires to implement TLS_DHE_PSK_WITH_AES_128_CBC_SHA (please add a reference to RFC 4279 where this cipher suite is defined to help the reader) but does not spell out any other cipher suite requirement, essentially making TLS_DHE_PSK_WITH_AES_128_CBC_SHA the common denominator. Perhaps there needs to be more text about required to implement cipher suites or pointers to "standard" required to implement TLS cipher suites that apply here as well. c) I suggest to remove "simple" from the text in the introduction. d) What does "highly recommended" mean in terms of IETF terminology? Is this the same as RECOMMENDED? I suggest to stick to the well defined and understood IETF terminology. Summary: I think the document has improved quite a bit since its early days. I am still not 100% convinced about the PSK support and it being required to implement. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ Netconf mailing list Netconf@ietf.org https://www.ietf.org/mailman/listinfo/netconf r of servers and a key management problem. b) Section 4 requires to implement TLS_DHE_PSK_WITH_AES_128_CBC_SHA (please add a reference to RFC 4279 where this cipher suite is defined to help the reader) but does not spell out any other cipher suite requirement, essentially making TLS_DHE_PSK_WITH_AES_128_CBC_SHA the common denominator. Perhaps there needs to be more text about required to implement cipher suites or pointers to "standard" required to implement TLS cipher suites that apply here as well. c) I suggest to remove "simple" from the text in the introduction. d) What does "highly recommended" mean in terms of IETF terminology? Is this the same as RECOMMENDED? I suggest to stick to the well defined and understood IETF terminology. Summary: I think the document has improved quite a bit since its early days. I am still not 100% convinced about the PSK support and it being required to implement. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ Netconf mailing list Netconf@ietf.org https://www.ietf.org/mailman/listinfo/netconf
- [Netconf] WGLC for draft-ietf-netconf-tls-04.txt Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… fanhuaxiang 90002624
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ????WGLC??for??draft-ietf-netconf-t… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ?? WGLC for draft-ietf-netconf-t??l… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- [Netconf] Re: ?? WGLC for draft-ietf-net conf-t ?… badra
- [Netconf] Re: Re: ?? WGLC for draft-ietf-net conf… fanhuaxiang 90002624
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… fanhuaxiang 90002624
- [Netconf] Re: Re: WGLC for draft-ietf-netcon f-tl… badra
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Juergen Schoenwaelder
- Re: [Netconf]  Re: WGLC for draft-ietf-netcon… tom.petch
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… fanhuaxiang 90002624
- Re: [Netconf] ? Re:? WGLC? for? draft-ietf-netcon… fanhuaxiang 90002624
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Juergen Schoenwaelder
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Mohamad Badra
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Mohamad Badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… David B Harrington
- Re: [Netconf] WGLC for draft-ietf-netconf-t ls-… David Harrington
- [Netconf] RE: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ��WGLC�for�draft-ietf-netcon f-t ls… badra
- [Netconf] RE: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ????WGLC??for??draft-ietf-netconf-t… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-t ls-04… fanhuaxiang 90002624
- Re: [Netconf]   WGLC for draft-ietf-netconf-t… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC??for??draft-ietf-netconf-tls-0… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-tls-04… badra
- Re: [Netconf] ????WGLC for draft-ietf-netconf-tls… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-tls-04… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… David B Harrington
- [Netconf] system or registered port for Netconf o… badra
- Re: [Netconf] system or registered port for Netco… fanhuaxiang 90002624
- Re: [Netconf] system or registered port for Netco… Mohamad Badra
- Re: [Netconf] system or registered port for Netco… David Harrington