Hi Mahesh, From: Mahesh Jethanandani <mjethanand...@gmail.com<mailto:mjethanand...@gmail.com>> Date: Wednesday, November 30, 2016 at 5:25 PM To: Acee Lindem <a...@cisco.com<mailto:a...@cisco.com>> Cc: "netmod@ietf.org<mailto:netmod@ietf.org>" <netmod@ietf.org<mailto:netmod@ietf.org>> Subject: Re: [netmod] Key Strings in ietf-key-chain operational state
Acee, This is something we ran into with ietf-keystore model also. The thoughts are that key strings should never leave the device. If anything most devices have tamper proof capability (FIPS 140-2) to wipe the keys out if tampered with or exported. So exporting the string, encrypted, even with NACM would defy that. So, what we have today would with the key strings omitted from the operational state would be consistent with the direction for the ietf-keystore model. Correct? How will this be enforced when we have an applied-config datastore? Thanks, Acee On Nov 30, 2016, at 1:37 PM, Acee Lindem (acee) <a...@cisco.com<mailto:a...@cisco.com>> wrote: In the days of MIBs, we used to omit key strings from the data that would be returned. This was ostensibly done for security purposes. We did the same for the operational state returned for keystring in key-chain-entries. I'm now thinking this was a mistake. Rather, it would seem that one could use RFC 6536 rules to accomplish this at a more granular level. Note that the model also support keystring encryption as described in RFC 5649. Thanks, Acee _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod Mahesh Jethanandani mjethanand...@gmail.com<mailto:mjethanand...@gmail.com>
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod