On 08/02/2021 17:05, Dhruv Dhody wrote:
Hi Tom,
Thanks for your detailed review. Lets discuss the security first -
On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@xxxxxxxxxxxxx> wrote:
This is my second response to this Last Call, about a possible security
issue.
RFC8573 seems clear that MD5 must not be used to effect security for NTP
but this I-D imports iana-crypt-hash which allows MD5 without any
restriction, so is MD5 allowed or not?
Good question. While it is easy to restrict the use of MD5 by adding a
must statement, I want to check if it is a good idea. The YANG model
is written in such a way that it supports older versions of NTP as
well. Would barring MD5 configuration be an issue if there are older
implementations in the network still? I think perhaps adding a warning
in the description is a good idea. I did a quick search and dont see
other YANG models doing a check either. Would be good to get some
guidance on this.
Dhruv
After many years, Security (AD, secdir, advisor) still have the power to
surprise me but I would still be surprised if Security were happy with
an I-D which places no constraint on MD5 when the IETF has published RFC
deprecating its use and NTP has RFC8573 which specifically deprecates it.
Yet Security may not realise this from reading this I-D since the
unrestricted use of MD5 is not immediately apparent so my post was aimed
at bringing this to the attention of Security. As to whether this needs
a note in Security Considerations or enforcing by YANG or both I am less
clear on - that is up to Security. If the YANG is to deprecate it, then
the features in ianach make that possible.
Whether or not MD5 is widely used in the field is irrelevant. The IETF
consensus it to deprecate its use and I am sure that the IESG will want
this I-D to do just that.
Tom Petch
There are features defined which allow the hash in iana-crypt-hash to be
restricted but this I-D does not use them.
I didn't see any reason to use them in the NTP Yang. Can you?
Probably iana-crypt-hash should be updated - I will raise that on the
NETMOD WG list.
The I-D also uses MD5 in a way that would appear not to be security
related, to hash an IPv6 address.
This is as per RFC 5905 -
If using the IPv4 address family, the identifier is the four-
octet IPv4 address. If using the IPv6 address family, it is the
first four octets of the MD5 hash of the IPv6 address.
In passing, this I-D has three references to RFC7317. This is wrong -
the module is IANA-maintained and so the references should be to the
IANA website.
But even the iana-crypt-hash YANG model put RFC 7317 as a reference -
revision 2014-08-06 {
description
"Initial revision.";
reference
"RFC 7317: A YANG Data Model for System Management";
}
I will start working on your other comments and prepare a new version.
Thanks!
Dhruv
The secdir reviewer might be interested in my thoughts.
Tom Petch
On 29/01/2021 22:39, The IESG wrote:
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
