Re: [Anima-bootstrap] new issue in voucher github

"Max Pritikin (pritikin)" <pritikin@cisco.com> Thu, 20 April 2017 17:53 UTC

Return-Path: <pritikin@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22219129B74; Thu, 20 Apr 2017 10:53:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1B3lLwWTAIhV; Thu, 20 Apr 2017 10:53:31 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22B0C1314A8; Thu, 20 Apr 2017 10:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10950; q=dns/txt; s=iport; t=1492710811; x=1493920411; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kBxZO+ACO4NQUys8yAI8Bs0W1g3Emqsv2xGpyEiDi8I=; b=g44ysfoyAsjU3fvx3q30ZMqPYsor62gSgFgfkIpTsndvHwPgl5NVPUap Q0/ekLb7Rb6lW4nKk8r1IcscOekR8chMGbw/CzdibouFluQO+vZA8ZKpo 6yeCHbcjutI54VXEx4Borsok9OG19t7zd6783qHxFlC7HaBELnrcxihTQ Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DKAQCV9PhY/5hdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm5mYYEMB4NgihWRRJBPhTWCDyyFeAIag2M/GAECAQEBAQEBAWs?= =?us-ascii?q?ohRYGI1YQAgEIDjEDAgICMBQRAgQOBYocDqpygiaLIAEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBARgFiFsLgmOFDYJQLoIxBZ00AYcUi26RVZQTAR84gQVjFUQRAYZTdYg?= =?us-ascii?q?hgQ0BAQE?=
X-IronPort-AV: E=Sophos;i="5.37,225,1488844800"; d="scan'208,217";a="413077221"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2017 17:53:29 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v3KHrTaI013363 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 20 Apr 2017 17:53:29 GMT
Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 20 Apr 2017 12:53:28 -0500
Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Thu, 20 Apr 2017 12:53:28 -0500
From: "Max Pritikin (pritikin)" <pritikin@cisco.com>
To: Kent Watsen <kwatsen@juniper.net>
CC: "anima@ietf.org" <anima@ietf.org>, "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Thread-Topic: new issue in voucher github
Thread-Index: AQHSuWrzUlpwoCqBa0WEfiQWxacdKqHOx6KAgAAXYQA=
Date: Thu, 20 Apr 2017 17:53:28 +0000
Message-ID: <C89F5026-9699-40F0-A28D-DB5A590E9647@cisco.com>
References: <6D5855D6-0F98-41A1-A75F-3681B97BCB07@cisco.com> <D1F9856B-080E-4F33-8310-8DADA2D02F13@juniper.net>
In-Reply-To: <D1F9856B-080E-4F33-8310-8DADA2D02F13@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.99.106.4]
Content-Type: multipart/alternative; boundary="_000_C89F5026969940F0A28DDB5A590E9647ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/6d6kIA3klUJbLg-tAzgtIkheI9w>
Subject: Re: [Anima-bootstrap] new issue in voucher github
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 17:53:33 -0000

So long as there is close alignment I’m not stuck on a particular approach.
I do want them both defined in the voucher doc so that BRSKI can reference them similarly.
There are some fields of the current voucher that apply to one aspect or the other (or both). I don’t know how ‘grouping’ addresses that but am happy to learn.

- max

On Apr 20, 2017, at 10:29 AM, Kent Watsen <kwatsen@juniper.net<mailto:kwatsen@juniper.net>> wrote:


I don't think that the voucher should also be a voucher request.  There should be another
artifact defined for a voucher request, if needed.  YANG 'grouping' statements can be used
to ensure syntactic alignment between the two artifacts.

K.

On 4/19/17, 8:13 PM, "Max Pritikin (pritikin)" <pritikin@cisco.com<mailto:pritikin@cisco.com>> wrote:


FYI - added the below to capture it but not distract myself from current ‘concise’ branch work. As per the recommendations I’m informing the list as well. I’ll circle back to this

- max


https://github.com/anima-wg/voucher/issues/3

There is some inconsistencies in the existing text that need to be resolved (see below). Additionally if a "voucher" can also be a "voucher request" then the requester can't necessarily populate all the fields. These related issues need to be dealt with.

leaf nonce {
type binary {
length "8..32";
}
must "not(../expires-on)";
description
"A value that can be used by a pledge in some bootstrapping
protocols to enable anti-replay protection. This node is
optional because it is not used by all bootstrapping
protocols.