Re: [Anima-bootstrap] Brian: Text to discover "Registrars" via GRASP

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 23 September 2016 01:21 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A568712B67C for <anima-bootstrap@ietfa.amsl.com>; Thu, 22 Sep 2016 18:21:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQs8qIE3aXGO for <anima-bootstrap@ietfa.amsl.com>; Thu, 22 Sep 2016 18:21:28 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4352E12B59C for <anima-bootstrap@ietf.org>; Thu, 22 Sep 2016 18:21:26 -0700 (PDT)
Received: by mail-pa0-x22a.google.com with SMTP id oz2so34509042pac.2 for <anima-bootstrap@ietf.org>; Thu, 22 Sep 2016 18:21:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=AL/xMZO30vsk5f1xH6r7FcwtZeA5HQSxuvzJ3mLjwr0=; b=T9fyUDUbeJlDIAsS4O1EiyGvL7lUJkhi1koNBigrYEQmCk3SYPYNUxsPcCWQrJqnC3 9+wpelC8JG3uM6P62eI+acKYGFSaj6Tk67lxXxvCYKQfCz1XYfsqJrCimTJPXvK9jSKn CwsCdsqtwQsniowXC3QrJX9QZ+RrFayrSynG+TH2/YKMBiVdMzUs95g+OizZncKHs+cF P9Bs9FkNh14RCaq5zkdvMAGtL3TNJyVcvRMDiWVinz2J5TNYsjpuIC95O4k2CHYehmhR EVZnzhxjj0m6BZFzTz6TtdQ0ZW0rVmcj8N6Y+2JVZG57LmayU/m9d88VbdUGLtcnDdGd cG4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=AL/xMZO30vsk5f1xH6r7FcwtZeA5HQSxuvzJ3mLjwr0=; b=E1j0FGF6cTvFoR577GPunu1Cy03EOef6RBpHIPlL9uQToKN7wjB8uK6BRpluInJvu5 ZaBZXQ+8EMcuIdX1xp8yAfgDoD0iOasS5wvzoQWdpT2CdJQkXYiQIKO8C7JaFnI9M5Ko GkoQ0iPrlS8jas8h9OE02JmnJoySh9FFRSd4fiK2RbYjkd7OgoIECfw2x7irKNvjFvUS 6Mcagl8QImH7AKhS5vMAUsk7dmU9IOPaGA3YWj3jSby4clzJ9UPjOyE7Kf47WkzkrY1y d3Xl0yZRTkG4Gc0fwUm8vDWfSDkkrQhHnaaKuilMLdtTG4WijevXn79WzEJOnIsPZerM W1dg==
X-Gm-Message-State: AE9vXwM/AGUyuMaFtMqj/Rrnfk6OZXg0xTWqj2+maADZDeG0HMWFFmlKC0Xp9VpvHE4Ywg==
X-Received: by 10.66.158.233 with SMTP id wx9mr8192892pab.2.1474593685699; Thu, 22 Sep 2016 18:21:25 -0700 (PDT)
Received: from ?IPv6:2406:e007:5237:1:28cc:dc4c:9703:6781? ([2406:e007:5237:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id p73sm6127396pfk.60.2016.09.22.18.21.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Sep 2016 18:21:24 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <20160718170810.GX7377@cisco.com> <4b913a43-7248-deb2-3f26-834240ea7dff@gmail.com> <20160912213631.GD15177@faui40p.informatik.uni-erlangen.de> <e4028b68-9b02-8051-e502-1bd93f8aabd9@gmail.com> <20160913005250.GI15177@faui40p.informatik.uni-erlangen.de> <521f4ddc-e169-02c6-0180-dfea5d74c293@gmail.com> <28428.1474589565@obiwan.sandelman.ca>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <84aa9220-9e3a-4873-d4d0-54f85a267436@gmail.com>
Date: Fri, 23 Sep 2016 13:21:32 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <28428.1474589565@obiwan.sandelman.ca>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/5Jy3sKUTZgmKvnwVDq5jt-HhztM>
Cc: anima-bootstrap@ietf.org
Subject: Re: [Anima-bootstrap] Brian: Text to discover "Registrars" via GRASP
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 01:21:29 -0000

On 23/09/2016 12:12, Michael Richardson wrote:
> 
> {why isn't this on the list???}

Assuming you mean the bootstrap DT list, only because it started as a
very specific discussion point. So now it's on the list.

> 
> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>     > On 13/09/2016 12:52, Toerless Eckert wrote:
>     >> On Tue, Sep 13, 2016 at 11:12:20AM +1200, Brian E Carpenter wrote:
>>>>>> Currently we have:
>>>>>>       BRSKY via TLS/TCP
>>>>>>       BRSKY via CoAP/dTLS/UDP via IPIP
>     >>
>     >> I am actually confused right now why i added the "IPIP" into the mix...
>     >> *head* *scratching*
> 
>     > Yes, if you're inside the ACP it certainly seems redundant.
> 
> Either there are TCP/UDP circuit layer proxies (aka NAT66s or application
> layer alg-gateways), or there is an IPIP layer. In the later case, the
> packets look like:
> 
> pledge                     proxy                      registrar
> A ----- src:llA/dst:llP---->   ---src:acpP/dst:acpR------> R
>                                  IPIP:src:llA/dst:llP
> 
> We need the IPIP layer on the ACP side because the pledge/proxy
> communication is link-local only.

Sure. And I think we do need to settle the question of which method
is used. What is the advantage in the registrar seeing the link-local
addresses, which are never supposed to be visible off-link? Would
it help for diagnostics? If we want that, we want IPIP. If not, NAT66
would need to clamber over innumerable dead bodies). So then a transport
proxy seems best (to preserve end2end TLS).

> If the CoAP and TCP versions are different ASAs, then they can return
> different addresses and port numbers.
> If they are on the same ASA, I guess, yes, we need to return to answers.

Right. I assumed the second case for my demo code because it's more
demanding on GRASP.

   Brian