From: Eric Rescorla <[email protected]<mailto:[email protected]>> Date: Thursday, April 27, 2017 at 10:17 AM To: Alia Atlas <[email protected]<mailto:[email protected]>> Cc: Adam Roach <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, Kathleen Moriarty <[email protected]<mailto:[email protected]>>, The IESG <[email protected]<mailto:[email protected]>>, Jeff Tantsura <[email protected]<mailto:[email protected]>>, Routing WG <[email protected]<mailto:[email protected]>> Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-rtgwg-yang-key-chain-20: (with DISCUSS and COMMENT) Resent-From: <[email protected]<mailto:[email protected]>> Resent-To: Acee Lindem <[email protected]<mailto:[email protected]>>, Jeffrey Zhang <[email protected]<mailto:[email protected]>>, Derek Yeung <[email protected]<mailto:[email protected]>>, Yingzhen Qu <[email protected]<mailto:[email protected]>>, Ing-Wher Chen <[email protected]<mailto:[email protected]>> Resent-Date: Thursday, April 27, 2017 at 10:17 AM
On Thu, Apr 27, 2017 at 7:15 AM, Alia Atlas <[email protected]<mailto:[email protected]>> wrote: On Thu, Apr 27, 2017 at 10:05 AM, Adam Roach <[email protected]<mailto:[email protected]>> wrote: On 4/26/17 23:02, Alia Atlas wrote: First, the YANG model is primarily for information in motion - either for configuration to the device or to read from the device. It is much less likely to represent the data structure and storage in the device. I believe that this draft's context is strictly for information in motion. Thanks; I understand all that. I'm trying to focus on the final paragraph of section 5, though, which appears to be an exception to what you say above. I don't understand why - IMHO, that paragraph is simply saying - this model passes keys around (in motion). Of course, a system shouldn't store such keys unencrypted. From what Acee says, this "motherhood and apple pie" additional advice was added due to secdir review. I thought Adam's point was that storing keys encrypted with a key that's adjacent to them was not useful. Right. I’m not sure what the definition of “adjacent” is here since it is very implementation specific. I will remove the final paragraph in the next revision when I add KEK back (assuming we can agree on reasonable guidance and which RFC to reference). What I’m strongly opposed to is pushing this back in the process for such a change. Acee -Ekr Regards, Alia /a
_______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
