Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 26 September 2008 08:17 UTC
Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59AEE28C16B; Fri, 26 Sep 2008 01:17:21 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D741A28C16B for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNMZ7pQSVdrR for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:12 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id BF6353A6AED for <netconf@ietf.org>; Fri, 26 Sep 2008 01:17:11 -0700 (PDT)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 7E144C005D; Fri, 26 Sep 2008 10:17:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id TYHzTzGevnx7; Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1BB68C0026; Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id BDF297B9C1A; Fri, 26 Sep 2008 10:17:14 +0200 (CEST)
Date: Fri, 26 Sep 2008 10:17:14 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>
Message-ID: <20080926081714.GA27659@elstar.local>
Mail-Followup-To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>, netconf@ietf.org
References: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: netconf@ietf.org
Subject: Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org
On Thu, Sep 25, 2008 at 11:44:07AM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote:
> With this mail we want to start a WGLC for the draft NETCONF over
> TLS, which is proposed to publish as a Proposed Standard RFC.
I have read <draft-ietf-netconf-tls-04.txt> and here are my comments:
a) I am wondering about PSK support. RFC 4279 says in the
applicability statement:
The ciphersuites defined in this document are intended for a rather
limited set of applications, usually involving only a very small
number of clients and servers. Even in such environments, other
alternatives may be more appropriate.
With NETMOD deployed on many bridges and routers and some host
systems in the future, we might have a small number of clients with
a large number of sFrom netconf-bounces@ietf.org Fri Sep 26 01:17:21 2008
Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@lists.ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 59AEE28C16B;
Fri, 26 Sep 2008 01:17:21 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id D741A28C16B
for <netconf@core3.amsl.com>; Fri, 26 Sep 2008 01:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id QNMZ7pQSVdrR for <netconf@core3.amsl.com>;
Fri, 26 Sep 2008 01:17:12 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de
[212.201.44.23])
by core3.amsl.com (Postfix) with ESMTP id BF6353A6AED
for <netconf@ietf.org>; Fri, 26 Sep 2008 01:17:11 -0700 (PDT)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46])
by hermes.jacobs-university.de (Postfix) with ESMTP id 7E144C005D;
Fri, 26 Sep 2008 10:17:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23])
by localhost (demetrius1.jacobs-university.de [212.201.44.32])
(amavisd-new, port 10024)
with ESMTP id TYHzTzGevnx7; Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133])
by hermes.jacobs-university.de (Postfix) with ESMTP id 1BB68C0026;
Fri, 26 Sep 2008 10:17:15 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501)
id BDF297B9C1A; Fri, 26 Sep 2008 10:17:14 +0200 (CEST)
Date: Fri, 26 Sep 2008 10:17:14 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>
Message-ID: <20080926081714.GA27659@elstar.local>
Mail-Followup-To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>,
netconf@ietf.org
References: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <A294F5A3E722D94FBEB6D49C1506F6F7EA6155@DEMUEXC005.nsn-intra.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: netconf@ietf.org
Subject: Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>,
<mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>,
<mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org
On Thu, Sep 25, 2008 at 11:44:07AM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote:
> With this mail we want to start a WGLC for the draft NETCONF over
> TLS, which is proposed to publish as a Proposed Standard RFC.
I have read <draft-ietf-netconf-tls-04.txt> and here are my comments:
a) I am wondering about PSK support. RFC 4279 says in the
applicability statement:
The ciphersuites defined in this document are intended for a rather
limited set of applications, usually involving only a very small
number of clients and servers. Even in such environments, other
alternatives may be more appropriate.
With NETMOD deployed on many bridges and routers and some host
systems in the future, we might have a small number of clients with
a large numbeervers and a key management problem.
b) Section 4 requires to implement TLS_DHE_PSK_WITH_AES_128_CBC_SHA
(please add a reference to RFC 4279 where this cipher suite is
defined to help the reader) but does not spell out any other cipher
suite requirement, essentially making
TLS_DHE_PSK_WITH_AES_128_CBC_SHA the common denominator. Perhaps
there needs to be more text about required to implement cipher
suites or pointers to "standard" required to implement TLS cipher
suites that apply here as well.
c) I suggest to remove "simple" from the text in the introduction.
d) What does "highly recommended" mean in terms of IETF terminology?
Is this the same as RECOMMENDED? I suggest to stick to the well
defined and understood IETF terminology.
Summary: I think the document has improved quite a bit since its early
days. I am still not 100% convinced about the PSK support and it being
required to implement.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf
r of servers and a key management problem.
b) Section 4 requires to implement TLS_DHE_PSK_WITH_AES_128_CBC_SHA
(please add a reference to RFC 4279 where this cipher suite is
defined to help the reader) but does not spell out any other cipher
suite requirement, essentially making
TLS_DHE_PSK_WITH_AES_128_CBC_SHA the common denominator. Perhaps
there needs to be more text about required to implement cipher
suites or pointers to "standard" required to implement TLS cipher
suites that apply here as well.
c) I suggest to remove "simple" from the text in the introduction.
d) What does "highly recommended" mean in terms of IETF terminology?
Is this the same as RECOMMENDED? I suggest to stick to the well
defined and understood IETF terminology.
Summary: I think the document has improved quite a bit since its early
days. I am still not 100% convinced about the PSK support and it being
required to implement.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf
- [Netconf] WGLC for draft-ietf-netconf-tls-04.txt Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… fanhuaxiang 90002624
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ????WGLC??for??draft-ietf-netconf-t… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ?? WGLC for draft-ietf-netconf-t??l… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-t ls-0… badra
- [Netconf] Re: ?? WGLC for draft-ietf-net conf-t ?… badra
- [Netconf] Re: Re: ?? WGLC for draft-ietf-net conf… fanhuaxiang 90002624
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… fanhuaxiang 90002624
- [Netconf] Re: Re: WGLC for draft-ietf-netcon f-tl… badra
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Juergen Schoenwaelder
- Re: [Netconf]  Re: WGLC for draft-ietf-netcon… tom.petch
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… fanhuaxiang 90002624
- Re: [Netconf] ? Re:? WGLC? for? draft-ietf-netcon… fanhuaxiang 90002624
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Juergen Schoenwaelder
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Mohamad Badra
- Re: [Netconf] ??Re:??WGLC??for??draft-ietf-netcon… Mohamad Badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… David B Harrington
- Re: [Netconf] WGLC for draft-ietf-netconf-t ls-… David Harrington
- [Netconf] RE: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ��WGLC�for�draft-ietf-netcon f-t ls… badra
- [Netconf] RE: WGLC for draft-ietf-netconf-t ls-0… badra
- Re: [Netconf] ????WGLC??for??draft-ietf-netconf-t… Juergen Schoenwaelder
- Re: [Netconf] WGLC for draft-ietf-netconf-t ls-04… fanhuaxiang 90002624
- Re: [Netconf]   WGLC for draft-ietf-netconf-t… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC??for??draft-ietf-netconf-tls-0… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-tls-04… badra
- Re: [Netconf] ????WGLC for draft-ietf-netconf-tls… Juergen Schoenwaelder
- [Netconf] Re: WGLC for draft-ietf-netconf-tls-04… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… tom.petch
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… badra
- Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.… David B Harrington
- [Netconf] system or registered port for Netconf o… badra
- Re: [Netconf] system or registered port for Netco… fanhuaxiang 90002624
- Re: [Netconf] system or registered port for Netco… Mohamad Badra
- Re: [Netconf] system or registered port for Netco… David Harrington