Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]

"Michael Behringer (mbehring)" <> Wed, 19 October 2016 07:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DC0521294A0 for <>; Wed, 19 Oct 2016 00:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LhQ1n4VPb-7X for <>; Wed, 19 Oct 2016 00:21:42 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3511A1293D9 for <>; Wed, 19 Oct 2016 00:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=5206; q=dns/txt; s=iport; t=1476861701; x=1478071301; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=riOV2tq+1KBHvjY1//2Flt1iTxP3E90m6DHKr3fs7hI=; b=mFECgxgzeSJ9JtQ4+q/0mMlNW3X7nFptIgU1HwO+tXng+I0ZZfm16A35 Tpxr7/leuedrIAuU0rA28zOhg7PmOL7+Fihs2agcuK+dpL098fvBZ3bz5 nNB6n7h/2dlj3KO4UhrIhgpTQ6wAIJ0eLCBhLtGeoyLkNR8/YPbHbHcW2 w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.31,513,1473120000"; d="scan'208";a="161350237"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Oct 2016 07:21:41 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u9J7Lf4c030047 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 07:21:41 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 02:21:40 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 02:21:40 -0500
From: "Michael Behringer (mbehring)" <>
To: "Max Pritikin (pritikin)" <>, Brian E Carpenter <>
Thread-Topic: peer and domain [was BRSKI State Machine]
Thread-Index: AQHSKMzDH2EjrLtAb0y19VpfIxZoY6CunHQAgAC9NzA=
Date: Wed, 19 Oct 2016 07:21:40 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Oct 2016 07:21:44 -0000

> > What exactly is the "peer" in the above text? I tend to assume it's the
> proxy.
> > In that case it seems to me that the discovery process (whether it's
> > mDNS or GRASP) will discover all available proxies regardless of
> > domain. And then try them in some order of preference TBD.
> Agreed. From the perspective of a Pledge new device anything discovered is
> a “proxy” or perhaps a registrar but it doesn’t yet know the domain(s).

Mostly agree; two small edits: I would say " From the perspective of a Pledge anything discovered is a *potential* “proxy”."

I would not mention the registrar, since we decided that if a device happens to be a registrar, it should still behave like a proxy, to keep the behaviour of the pledge as simple as possible. 

(I'm sure we agree - these are just editorial comments)

> > Also, all of this needs to work in the absence of an ACP and therefore
> > of the ACP's adjacency table. That applies to GRASP too, because in
> > order to perform its various link-local actions, it needs to know
> > which interfaces it has and which link-local addresses it has. And it
> > learns of its link-local neighbors as a result of discovery. So while
> > I fully appreciate the value of the adjacency table, we need to be functional
> without it.
> Michael things of discovered proxies as adjacencies for the table. I think of
> them as a “list of discovered proxies”. The concepts are similar and Michael is
> correct that the current sentence could be clearer.

Seen from BRSKI, you are right. 

My main comment really is: Adjacency discovery, as well as the adjacency table, is really independent of both BRSKI and ACP. It is a feature of an *autonomic node*. When an autonomic node is in factory default, it will use the adjacency table to invoke bootstrap; when it is in a domain, it will use the same table to create an ACP connection. So the adjacency discovery and the table are really separate from BRSKI and ACP. 

Because of this, I've said for a while the really "correct" thing to do would be to make a separate (short) draft for autonomic adjacency discovery, and the adjacency table. This would be a really nice place to describe the general behaviour of an autonomic node. 
Right now we really specify the same thing in both BRSKI and ACP drafts. First of all, I think we should be VERY clear that we don't want *two* mechanisms to discover a proxy or an ACP neighbour. We want a single protocol to do this. (I think we agree up to here). 

The chairs have been pushing hard against another draft, for purely practical reasons, and I understand that, and can live with it. 

But let's be clear that this should really be the same protocol, it should be specified in one place only, and the other refers to that. (Again, I think we agree on that). 

Here's what's going to happen in phase 2 of ANIMA: 
- We'll want Intent to say things like "trust autonomic devices in domain x for the sole purpose of auto-negotiating BGP security". 
- or "if a node in sees one in, it should create a 'unidirectional' ACP"
- Therefore, a node now needs to scan its adjacency table, see where there are nodes of domain x. 
- for such nodes, we'll establish another form of security association, we will NOT include them in the general ACP. 
- so there will be another way to handle nodes in the table that we've ignored so far. 
- This will result in another draft. 
- Now, without the adjacency discovery draft, we need now to point to another "use case" draft, e.g., BRSKI for the details of adjacency discovery, and what to do in which case. 

To me, we are turning cause and action the wrong way round. 


> - max
> >
> > Rgds
> >    Brian
> >
> >