Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETCONF over TLS Mohamad Badra draft-ietf-netconf-tls-03 www.ietf.org/internet-drafts/draft-ietf-netconf-tls-03.txt 72nd IETF - Dublin, Ireland.

Published byOphelia Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "NETCONF over TLS Mohamad Badra draft-ietf-netconf-tls-03 www.ietf.org/internet-drafts/draft-ietf-netconf-tls-03.txt 72nd IETF - Dublin, Ireland."— Presentation transcript:

1 NETCONF over TLS Mohamad Badra draft-ietf-netconf-tls-03 www.ietf.org/internet-drafts/draft-ietf-netconf-tls-03.txt 72nd IETF - Dublin, Ireland

2 2 Changes since version 02 Enabling Third Party Authentication using Passwords  WG consensus: do nothing concerning passwords modifying the order of parameters of the inner hash  hashes can be the same even though both the password and psk_identity differs Old: PSK = SHA-1(SHA-1(password + psk_identity + "Key Pad for Netconf") + psk_identity_hint) New: PSK = SHA-1(SHA-1(password + "Key Pad for Netconf" + psk_identity) + psk_identity_hint) Some editorial issues 24/10/2015 72nd IETF - Dublin

3 3 Implementations Two independant implementations  OpenSSL The patch is available at:  http://ineovation.fr/netconfovertls/tls_netconf.patch To test it, follow the instructions available at:  http://ineovation.fr/netconfovertls/readme.txt  GNUTLS The compressed sources:  http://alpha.gnu.org/gnu/gnutls/gnutls-2.3.12.tar.bz2  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.3.12.tar.bz2 The Windows binaries:  http://josefsson.org/gnutls4win/gnutls-2.3.12.exe  http://josefsson.org/gnutls4win/gnutls-2.3.12.zip  Documentation is available online at:  http://www.gnu.org/software/gnutls/manual/html_node/Example-server-PSK- connection.html  http://www.gnu.org/software/gnutls/manual/html_node/Example-client-PSK- connection.html  http://www.gnu.org/software/gnutls/manual/html_node/Authentication-using-PSK.html 24/10/201572nd IETF - Dublin

4 4 Implementations Test Vectors for the PSK Derivation Function password = password psk_identity = psk_identity psk_identity_hint = psk_identity_hint The inner SHA-1 value (in hex): inner := SHA-1(psk_identity + "Key Pad for Netconf" + password) == SHA-1("psk_identityKey Pad for Netconfpassword") => 6d6eeb6a b8d0466b 45245d07 47d86726 b41b868c The outer SHA-1 value (in hex): outer := SHA-1(inner + psk_identity_hint) => 88f3824b 3e5659f5 2d00e959 bacab954 b6540344 24/10/201572nd IETF - Dublin

5 5 24/10/2015 Ongoing works WGLC.. 72nd IETF - Dublin

6 Thank you!

Download ppt "NETCONF over TLS Mohamad Badra draft-ietf-netconf-tls-03 www.ietf.org/internet-drafts/draft-ietf-netconf-tls-03.txt 72nd IETF - Dublin, Ireland."

Similar presentations

Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)

Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)
Symmetric Message Authentication Codes Prof. Ravi Sandhu.

Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
© 2006 NEC Corporation - Confidential age 1 November 2008 - 1 SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.

Lionel Morand DIME WG IETF 79 Diameter Design Guidelines Thursday, November 11, 2010 Lionel Morand.
August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.

August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.

Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.
1 RSVP-TE Extensions for Associated Bidirectional LSPs draft-ietf-ccamp-mpls-tp-rsvpte-ext-associated-lsp-06 Author list: Fei Zhang, ZTE

1 RSVP-TE Extensions for Associated Bidirectional LSPs draft-ietf-ccamp-mpls-tp-rsvpte-ext-associated-lsp-06 Author list: Fei Zhang, ZTE
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
draft-kwatsen-netconf-zerotouch-01

draft-kwatsen-netconf-zerotouch-01

Similar presentations

Ads by Google