IETF Logo Mail Archive

Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options

"Michael Behringer (mbehring)" <mbehring@cisco.com> Wed, 09 December 2015 13:08 UTC

Return-Path: <mbehring@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245FA1A90CE for <anima-bootstrap@ietfa.amsl.com>; Wed, 9 Dec 2015 05:08:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLtwICF3TH_M for <anima-bootstrap@ietfa.amsl.com>; Wed, 9 Dec 2015 05:08:40 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CF721A90CC for <anima-bootstrap@ietf.org>; Wed, 9 Dec 2015 05:08:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1312; q=dns/txt; s=iport; t=1449666520; x=1450876120; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=k5UHj3q7wDW9MPf4+5MBHClTkB606+t0dk+vYD+O7A0=; b=KQkNedmBJsVOjYdBpacG8MGyyLYOKMoD0ZPxE2Qxq9i9A1PnpGe31DBp KPyg1RsPNcZX8b1lh3BLm1ViyzeZ33I13me4c9i4iiHO1vXNx4aVX+tZD 07YH4ZRZUQ/9ZOrtypbatZA1brXSVE6r4ZwDNePsIoqXYe8fq6/6ASqfU 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D/AQCdJmhW/51dJa1egzpTbga9PwENgWIXCoVuAoElOBQBAQEBAQEBgQqENAEBAQMBAQEBNzQLBQsCAQg2ECcLJQIEAQ0FCIgfCA3AHgEBAQEBAQEBAQEBAQEBAQEBAQEBARQEhlWEfYQphRcFlmkBjTqdCwEfAQFChARyhHKBBwEBAQ
X-IronPort-AV: E=Sophos;i="5.20,403,1444694400"; d="scan'208";a="216174818"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2015 13:08:39 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id tB9D8dNR003952 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 Dec 2015 13:08:39 GMT
Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 9 Dec 2015 07:08:39 -0600
Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1104.009; Wed, 9 Dec 2015 07:08:39 -0600
From: "Michael Behringer (mbehring)" <mbehring@cisco.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options
Thread-Index: AQHRLjUzV0yYB4U3OkOkSfr7faNAW56/ogkAgACqeACAARe8AIABQjvQ
Date: Wed, 09 Dec 2015 13:08:39 +0000
Message-ID: <cdb25a0fdcce4973acb930b5c86ed1ce@XCH-RCD-006.cisco.com>
References: <20151204014333.GZ29056@cisco.com> <6471865864850e6c34961f12d45853cd@xs4all.nl> <5665D85C.5010604@gmail.com> <92ddd96dc21275a00aab797656407971@xs4all.nl>
In-Reply-To: <92ddd96dc21275a00aab797656407971@xs4all.nl>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.49.80.35]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima-bootstrap/55BNyHKb3u4ENcbmiSYrsZR3DkU>
Cc: "Toerless Eckert (eckert)" <eckert@cisco.com>, "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Subject: Re: [Anima-bootstrap] anima-bootstrap: Bootstrap proxy discovery options
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 13:08:42 -0000

> The discovery alternatives cited by toerless impress me as a list of services of
> which at least one must be present.
> 
> Therefore my consideration that for something as basic as Service discovery,
> some industries may regret that they need for example mDNS next to their
> favoured discovery service e.g. Resource Directory.
> Faced with this choice they may decide that mDNS is not wanted but
> replaced by RD; and the Anima code in their products is adapted for that
> choice; while maintaining interoperability with ANIMA routers in all other
> respects.

At the end of the day I personally don't care *how* a domain certificate gets onto a new device. 

Probably we should be more clear on this, draw a big line, and state that the domain enrolment process may be replaced by many other methods, and that's ok.

So for us here that means, AN must also work if the domain certificates are (for whatever reason) already on the devices. I.e., what happens later in the AN process must not depend on anything in the bootstrap process, except the PKI info. 

Michael
 
> Peter
> 
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap

v2.23.0 | Report a Bug | By Email