Re: [Anima-bootstrap] Can the proxy add information during bootstrap?

"Toerless Eckert (eckert)" <eckert@cisco.com> Tue, 12 April 2016 16:30 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA8512E4CD for <anima-bootstrap@ietfa.amsl.com>; Tue, 12 Apr 2016 09:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.516
X-Spam-Level:
X-Spam-Status: No, score=-15.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlI_boBzz3-L for <anima-bootstrap@ietfa.amsl.com>; Tue, 12 Apr 2016 09:30:39 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C761812E303 for <anima-bootstrap@ietf.org>; Tue, 12 Apr 2016 09:30:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3268; q=dns/txt; s=iport; t=1460478639; x=1461688239; h=from:to:subject:date:message-id:references:in-reply-to: reply-to:mime-version; bh=SSfrO/zfybYEGB8pqpPALDLxqNys7wbP09pPa+coV+s=; b=b1EE3MB5K8/ymfH+lhf2mYWjiACardA3kpygi9jVhrvNmx0dhtz4Sqwg eeve5SQ7Wpqp3y1Jp96QK9SL0XqQeKAXfq6ArIncY0uQETVm4zJafTtyL 9SuXGDOi1aWTCV4xcGbr8aR5rxx5MX51ZAp8NCXa+fbPySegCuVc5T6gv Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D2AQCfIQ1X/5tdJa1VCYJrTFN9umYBDYF0FwEJhWwCgTM4FAEBAQEBAQFlJ4RCAQEEAQEBKkEbAgEIBB0lDxgLDhcCBAESiCgOtWOLZwEBAQEBAQEBAQEBAQEBAQEBAQEBAREEimyEFlaFKQWGMQmRTgGODI8QjyYBHgEBQoNnbIoFAQEB
X-IronPort-AV: E=Sophos; i="5.24,475,1454976000"; d="scan'208,217"; a="90975098"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Apr 2016 16:30:39 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u3CGUcRk023060 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <anima-bootstrap@ietf.org>; Tue, 12 Apr 2016 16:30:38 GMT
Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 12 Apr 2016 11:30:38 -0500
Received: from xch-rcd-003.cisco.com ([173.37.102.13]) by XCH-RCD-003.cisco.com ([173.37.102.13]) with mapi id 15.00.1104.009; Tue, 12 Apr 2016 11:30:38 -0500
From: "Toerless Eckert (eckert)" <eckert@cisco.com>
To: "Michael Behringer (mbehring)" <mbehring@cisco.com>, "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Thread-Topic: [Anima-bootstrap] Can the proxy add information during bootstrap?
Thread-Index: AQHRlNil/HlFs/dzH0SVA0/ux1qoSw==
Date: Tue, 12 Apr 2016 16:30:38 +0000
Message-ID: <fdh4m2i2n6r6y9orh6ed2u8e.1460478428794@email.android.com>
References: <5c12b5d6940d4970bd3c0ad4c94b4696@XCH-RCD-006.cisco.com>
In-Reply-To: <5c12b5d6940d4970bd3c0ad4c94b4696@XCH-RCD-006.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_fdh4m2i2n6r6y9orh6ed2u8e1460478428794emailandroidcom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima-bootstrap/D8VajmgbEdNTe4KcqwHQCv3-quc>
Subject: Re: [Anima-bootstrap] Can the proxy add information during bootstrap?
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Toerless Eckert (eckert)" <eckert@cisco.com>
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 16:30:41 -0000

Grat point. We need option 82. Lets see if this tls proxy draft from michaelR that max just mentioned can be of help or expanded.




Sent from my Samsung Captivate Glide on AT&T

"Michael Behringer (mbehring)" <mbehring@cisco.com> wrote:
When a new device enrols, an operator will want to know WHERE this device is connecting. This includes the proxy identity, plus the interface on the proxy. (Potentially more)

The proxy identity can be figured out by looking at the source address of the incoming packets; but the interface information needs to be added explicitly, somehow.

I see a parallel with DHCP: I think also with our BSKI approach, the need will arise to have something like "DHCP options" that relate to the proxy.

Can our enrolment process as described today support such proxy options? If not, I think we need to re-think...

Michael


_______________________________________________
Anima-bootstrap mailing list
Anima-bootstrap@ietf.org
https://www.ietf.org/mailman/listinfo/anima-bootstrap