summaryrefslogtreecommitdiff
path: root/doc/protocol/draft-ietf-netconf-tls-01.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/protocol/draft-ietf-netconf-tls-01.txt')
-rw-r--r--doc/protocol/draft-ietf-netconf-tls-01.txt485
1 files changed, 0 insertions, 485 deletions
diff --git a/doc/protocol/draft-ietf-netconf-tls-01.txt b/doc/protocol/draft-ietf-netconf-tls-01.txt
deleted file mode 100644
index 70efb526ba..0000000000
--- a/doc/protocol/draft-ietf-netconf-tls-01.txt
+++ /dev/null
@@ -1,485 +0,0 @@
-NETCONF Working Group Mohamad Badra
-Internet Draft LIMOS Laboratory
-Intended status: Standards Track February 15, 2008
-Expires: August 2008
-
-
-
- NETCONF over Transport Layer Security (TLS)
- draft-ietf-netconf-tls-01.txt
-
-
-Status of this Memo
-
- By submitting this Internet-Draft, each author represents that any
- applicable patent or other IPR claims of which he or she is aware
- have been or will be disclosed, and any of which he or she becomes
- aware will be disclosed, in accordance with Section 6 of BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html
-
- This Internet-Draft will expire on August 15, 2008.
-
-Copyright Notice
-
- Copyright (C) The IETF Trust (2008).
-
-Abstract
-
- The Network Configuration Protocol (NETCONF) provides mechanisms to
- install, manipulate, and delete the configuration of network devices.
- This document describes how to use the Transport Layer Protocol (TLS)
- to secure NETCONF exchanges.
-
-
-
-
-
-Badra Expires August 15, 2008 [Page 1]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
-Table of Contents
-
-
- 1. Introduction...................................................2
- 1.1. Conventions used in this document.........................2
- 2. NETCONF over TLS...............................................3
- 2.1. Connection Initiation.....................................3
- 2.2. Connection Closure........................................3
- 3. Endpoint Authentication and Identification.....................4
- 3.1. Server Identity...........................................4
- 3.2. Client Identity...........................................5
- 3.3. Password-Based Authentication.............................5
- 4. Cipher Suite Requirements......................................7
- 5. Security Considerations........................................7
- 6. IANA Considerations............................................7
- 7. Acknowledgments................................................7
- 8. References.....................................................7
- 8.1. Normative References......................................7
- Author's Addresses................................................8
- Intellectual Property Statement...................................8
- Disclaimer of Validity............................................9
-
-1. Introduction
-
- The NETCONF protocol [RFC4741] defines a simple mechanism through
- which a network device can be managed. NETCONF is connection-
- oriented, requiring a persistent connection between peers. This
- connection must provide reliable, sequenced data delivery, integrity
- and confidentiality and peers authentication. This document
- describes how to use TLS [RFC4346] to secure NETCONF connections.
-
- Throughout this document, the terms "client" and "server" are used to
- refer to the two ends of the TLS connection. The client actively
- opens the TLS connection, and the server passively listens for the
- incoming TLS connection. The terms "manager" and "agent" are used to
- refer to the two ends of the NETCONF protocol session. The manager
- issues NETCONF remote procedure call (RPC) commands, and the agent
- replies to those commands. When NETCONF is run over TLS using the
- mapping defined in this document, the client is always the manager,
- and the server is always the agent.
-
-1.1. Conventions used in this document
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in RFC-2119 [RFC2119].
-
-
-
-Badra Expires August 15, 2008 [Page 2]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
-2. NETCONF over TLS
-
- Since TLS is application protocol-independent, NETCONF can operate on
- top of the TLS protocol transparently. This document defines how
- NETCONF can be used within a Transport Layer Security (TLS) session.
-
-2.1. Connection Initiation
-
- The peer acting as the NETCONF manager MUST also act as the TLS
- client. It MUST connect to the server that passively listens for the
- incoming TLS connection on the IANA-to-be-assigned TCP port <TBA>.
- It MUST therefore send the TLS ClientHello to begin the TLS
- handshake. Once the TLS handshake has been finished, the client and
- the server MAY then send their NETCONF exchanges. In particular, the
- client will send complete XML documents to the server containing
- <rpc> elements, and the server will respond with complete XML
- documents containing <rpc-reply> elements. The client MAY indicate
- interest in receiving event notifications from a NETCONF server by
- creating a subscription to receive event notifications [NETNOT], in
- which the NETCONF server replies to indicate whether the subscription
- request was successful and, if it was successful, begins sending the
- event notifications to the NETCONF client as the events occur within
- the system. All these elements are encapsulated into TLS records of
- type "application data". These records are protected using the TLS
- material keys.
-
- Current NETCONF messages don't include a message's length. This
- document uses consequently the same delimiter sequence defined in
- [RFC4742] and therefore the special character sequence, ]]>]]>, to
- delimit XML documents.
-
-2.2. Connection Closure
-
- Either NETCONF peer MAY stop the NETCONF connection at any time and
- therefore notify the other NETCONF peer that no more data on this
- channel will be sent and that any data received after a closure
- request will be ignored. This MAY happen when no data is received
- from a connection for a long time, where the application decides what
- "long" means.
-
- TLS has the ability for secure connection closure using the Alert
- protocol. When the NETCONF peer processes a closure request of the
- NETCONF connection, it MUST send a TLS close_notify alert before
- closing the connection. Any data received after a closure alert is
- ignored.
-
-
-
-
-Badra Expires August 15, 2008 [Page 3]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
- Unless some other fatal alert has been transmitted, each party is
- required to send a close_notify alert before closing the write side
- of the connection. The other party MUST respond with a close_notify
- alert of its own and close down the connection immediately,
- discarding any pending writes. It is not required for the initiator
- of the close to wait for the responding close_notify alert before
- closing the read side of the connection.
-
-3. Endpoint Authentication and Identification
-
- NETCONF requires that its transport provide mutual authentication of
- client and server, so cipher suites that are anonymous or which only
- authenticate the server to the client MUST NOT be used with NETCONF.
- This document specifies how to use TLS with endpoint authentication
- in TLS can be based on either preshared keys [RFC4279] or public key
- certificates [RFC4346]. Some cipher suites (e.g.
- TLS_RSA_PSK_WITH_AES_128_CBC_SHA) use both. Section 3.1 describes
- how the client authenticates the server if public key certificates
- are provided by the server, section 3.2 describes how the server
- authenticates the client if public key certificates are provided by
- the client, and section 3.3 describes how the client and server
- mutually authenticate one another using a password.
-
-3.1. Server Identity
-
- During the TLS negotiation, the client MUST carefully examine the
- certificate presented by the server to determine if it meets their
- expectations. Particularly, the client MUST check its understanding
- of the server hostname against the server's identity as presented in
- the server Certificate message, in order to prevent man-in-the-middle
- attacks.
-
- Matching is performed according to these rules [RFC4642]:
-
- - The client MUST use the server hostname it used to open the
- connection (or the hostname specified in TLS "server_name"
- extension [RFC4366]) as the value to compare against the server
- name as expressed in the server certificate. The client MUST
- NOT use any form of the server hostname derived from an
- insecure remote source (e.g., insecure DNS lookup). CNAME
- canonicalization is not done.
-
- - If a subjectAltName extension of type dNSName is present in the
- certificate, it MUST be used as the source of the server's
- identity.
-
- - Matching is case-insensitive.
-
-
-Badra Expires August 15, 2008 [Page 4]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
- - A "*" wildcard character MAY be used as the left-most name
- component in the certificate. For example, *.example.com would
- match a.example.com, foo.example.com, etc., but would not match
- example.com.
-
- - If the certificate contains multiple names (e.g., more than one
- dNSName field), then a match with any one of the fields is
- considered acceptable.
-
- If the match fails, the client MUST either ask for explicit user
- confirmation or terminate the connection and indicate the server's
- identity is suspect.
-
- Additionally, clients MUST verify the binding between the identity of
- the servers to which they connect and the public keys presented by
- those servers. Clients SHOULD implement the algorithm in Section 6
- of [RFC3280] for general certificate validation, but MAY supplement
- that algorithm with other validation methods that achieve equivalent
- levels of verification (such as comparing the server certificate
- against a local store of already-verified certificates and identity
- bindings).
-
- If the client has external information as to the expected identity of
- the server, the hostname check MAY be omitted.
-
-3.2. Client Identity
-
- Typically, the server has no external knowledge of what the client's
- identity ought to be and so checks (other than that the client has a
- certificate chain rooted in an appropriate CA) are not possible. If
- a server has such knowledge (typically from some source external to
- NETCONF or TLS) it MUST check the identity as described above.
-
-3.3. Password-Based Authentication
-
- [RFC4279] supports authentication based on pre-shared keys (PSKs).
- These pre-shared keys are symmetric keys, shared in advance among the
- communicating parties.
-
- The PSK can be generated in many ways and its length is variable.
- Implementation of this document MAY rely on [RFC4279] to enable
- password based user authentication. In this case, the password is
- used to generate the PSK. It is RECOMMENDED that implementations
- that allow the administrator to manually configure the password also
- provide functionality for generating a new random password, taking
- [RFC4086] into account.
-
-
-
-Badra Expires August 15, 2008 [Page 5]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
- This document generates the PSK from the password as follow:
-
- PSK = SHA-1(SHA-1(password + psk_identity + "Key Pad for Netconf") +
- psk_identity_hint)
-
- Where + means concatenation.
-
- The label "Key Pad for Netconf" is an ASCII string.
-
- The psk_identity_hint is initially defined in section 5.1 of
- [RFC4279]. The psk_identity_hint can do double duty and also provide
- a form of server authentication in the case where the user has the
- same password on a number of NETCONF servers. If a hint is provided,
- the psk_identity_hint is encoded in the same way as in [RFC4279] and
- should be a string representation of the name of the server
- recognizable to the administrator or his software. In the case where
- the user types a server name to connect to, it should be that string.
- If the string the user enters differs from the one returned as
- psk_identity_hint, the software could display the server's name and
- ask the user to confirm. For automated scripts, the names could be
- expected to match. It is highly recommended that implementations set
- the psk_identity_hint to the DNS name of the NETCONF server (i.e.,
- the TLS server).
-
- It is RECOMMENDED that users choose different passwords for the
- different servers they manage.
-
- Note 1: The NETCONF over TLS implementation need not store the
- password in clear text, but rather can store the value of SHA-
- 1(SHA-1(password + psk_identity + "Key Pad for Netconf") +
- psk_identity_hint), which could not be used as a password
- equivalent for applications other than NETCONF. Deriving the PSK
- from a password is not secure. This construction is used because
- it is anticipated that people will do it anyway.
-
- Note 2: [RFC4279] defines some conformance requirements for the
- PSK, for the PSK identity encoding and for the identity hint. The
- same requirements apply here as well; in particular on the
- password. Moreover, the management interface by which the
- password is provided MUST accept ASCII strings of at least 64
- octets and MUST NOT add a null terminator before using them as
- shared secrets. It MUST also accept a HEX encoding of the
- password. The management interface MAY accept other encodings if
- the algorithm for translating the encoding to a binary string is
- specified.
-
-
-
-
-Badra Expires August 15, 2008 [Page 6]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
-4. Cipher Suite Requirements
-
- A compliant implementation of the protocol specified in this document
- MUST implement the cipher suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA and
- MAY implement any TLS cipher suite that provides mutual
- authentication.
-
-5. Security Considerations
-
- The security considerations described throughout [RFC4346] and
- [RFC4279] apply here as well.
-
- As with all schemes involving shared keys and passwords, special care
- should be taken to protect the shared values and passwords as well as
- to limit their exposure over time. Alternatively, using certificates
- would provide better protection.
-
-6. IANA Considerations
-
- IANA is requested to assign a TCP port number that will be the
- default port for NETCONF over TLS sessions as defined in this
- document.
-
- IANA has assigned port <TBA> for this purpose.
-
-7. Acknowledgments
-
- A significant amount of the text in this document was lifted from
- [RFC4642].
-
- The author would like to acknowledge David Harrington, Miao Fuyou,
- Eric Rescorla, Juergen Schoenwaelder and the NETCONF mailing list
- members for their comments on the document. The author appreciates
- also Bert Wijnen and Dan Romascanu for their efforts on issues
- resolving discussion, and Charlie Kaufman for the thorough review of
- this document and for the helpful comments on the password-based
- authentication.
-
-8. References
-
-8.1. Normative References
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
-
-
-
-
-Badra Expires August 15, 2008 [Page 7]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
- [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
- X.509 Public Key Infrastructure Certificate and Certificate
- Revocation List (CRL) Profile", RFC 3280, April 2002.
-
- [RFC4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
- "Randomness Requirements for Security", BCP 106, RFC 4086,
- June 2005.
-
- [RFC4279] Eronen, P. and H. Tschofenig., "Pre-Shared Key Ciphersuites
- for Transport Layer Security (TLS)", RFC 4279, December
- 2005.
-
- [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security
- (TLS) Protocol 1.1", RFC 4346, April 2006.
-
- [RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
- and T. Wright, "Transport Layer Security (TLS) Extensions",
- RFC 4366, April 2006.
-
- [RFC4642] Murchison, K., Vinocur, J., Newman, C., "Using Transport
- Layer Security (TLS) with Network News Transfer Protocol
- (NNTP)", RFC 4642, October 2006
-
- [RFC4741] Enns, R., "NETCONF Configuration Protocol", RFC 4741,
- December 2006.
-
- [RFC4742] Wasserman, M. and T. Goddard, "Using the NETCONF
- Configuration Protocol over Secure Shell (SSH)", RFC 4742,
- December 2006.
-
- [NETNOT] Chisholm, S. and H. Trevino, "NETCONF Event Notifications",
- draft-ietf-netconf-notification-11.txt, (work in progress),
- November 2007.
-
-Author's Addresses
-
- Mohamad Badra
- LIMOS Laboratory - UMR6158, CNRS
- France
-
- Email: badra@isima.fr
-
-
-Intellectual Property Statement
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
-
-
-Badra Expires August 15, 2008 [Page 8]
-
-Internet-Draft NETCONF over TLS February 2008
-
-
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-Disclaimer of Validity
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Copyright Statement
-
- Copyright (C) The IETF Trust (2008).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
-Acknowledgment
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-Badra Expires August 15, 2008 [Page 9]
-
View Lorry Controller Status