Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]

"Max Pritikin (pritikin)" <> Wed, 19 October 2016 20:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7511E1293E3 for <>; Wed, 19 Oct 2016 13:14:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9Fg3CMLtcWal for <>; Wed, 19 Oct 2016 13:14:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CB94212967E for <>; Wed, 19 Oct 2016 13:05:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=8820; q=dns/txt; s=iport; t=1476907533; x=1478117133; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YUIkyeX9AYTIeDBAHTB8XBpt/kwUEMKnp8A0NkVrI18=; b=RJhpW5qlnAL3oJGBmxPnq2BjSc54wA28S6uHj3IHaqlpMRe5xrIR6Alz iH1zGv9lEjxDjc+nCObzKnjiyVwFhLAoZIuKmHVFhFf8/zXy7jgVFz28V 2o7HVWD/78sCoN0QE1UVrMMFlUnXtWVZwqqJDnt6aMkeoR+s753dwJ01n w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.31,367,1473120000"; d="scan'208";a="159438852"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Oct 2016 20:05:32 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u9JK5WjA015081 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 20:05:32 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 15:05:31 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 15:05:31 -0500
From: "Max Pritikin (pritikin)" <>
To: Brian E Carpenter <>
Thread-Topic: peer and domain [was BRSKI State Machine]
Date: Wed, 19 Oct 2016 20:05:31 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, "Michael Behringer (mbehring)" <>
Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Oct 2016 20:14:50 -0000

> On Oct 19, 2016, at 1:42 PM, Brian E Carpenter <> wrote:
> Picking out a couple points:
>> Right now we really specify the same thing in both BRSKI and ACP drafts.
> It's a bit worse, because in practice GRASP has to do a lot of the same
> stuff.

Isn’t this a result of not clearly defining the dependencies? If GRASP clearly depended on the ACP then some of this redundancy would go away? 

For example, if GRASP s3.3.1 required the ACP instead of only indicating that the ACP “SHOULD” exist then a dependence on the adjacency table from ACP-03 s5.1.2 would be clear. Ref:
	and the core adjacency table discussion in:

The BRSKI doc can’t reference ACP so instead I’ll update the list of adjacencies discussion to reference only the anima-reference-model (informational). 

- max

> I won't trouble you with details, but the first sections of GRASP
> initialisation carry these comments:
> # Initialise global variables
> # Is there an ACP?
> # What's my address?
> # What interfaces do I have?
> # Create sockets to send LL multicasts
> # Initialise TCP sockets to receive unicast Discovery responses
> # Start relay if needed
> So, although it doesn't deal with adjacencies as such, if it could
> simply grap the adjacency table from the ACP, all of the above would
> be much more straightforward. However, that may have things backwards.
> If the first thing a GRASP node did after initialisation was something
> like flood(objective("AN_ACP")) and then listen for incoming floods from
> neighbors, it could quickly learn its potential ACP adjacencies.
> So, perhaps ACP formation is a special case ASA that runs always, in insecure
> link-local mode, to maintain adjacencies and support the creation of
> secure ACP tunnels.
> I could write demo code for the adjacency learning, but I'd need some help
> on the domain ID.
>> make a separate (short) draft for autonomic adjacency discovery, and the adjacency table.
> If it's needed we can write it up. Then either embed it arbitrarily in one
> of the other documents, or discuss it with the WG.
> Regards
>   Brian
> On 19/10/2016 20:21, Michael Behringer (mbehring) wrote:
>>>> What exactly is the "peer" in the above text? I tend to assume it's the
>>> proxy.
>>>> In that case it seems to me that the discovery process (whether it's
>>>> mDNS or GRASP) will discover all available proxies regardless of
>>>> domain. And then try them in some order of preference TBD.
>>> Agreed. From the perspective of a Pledge new device anything discovered is
>>> a “proxy” or perhaps a registrar but it doesn’t yet know the domain(s).
>> Mostly agree; two small edits: I would say " From the perspective of a Pledge anything discovered is a *potential* “proxy”."
>> I would not mention the registrar, since we decided that if a device happens to be a registrar, it should still behave like a proxy, to keep the behaviour of the pledge as simple as possible. 
>> (I'm sure we agree - these are just editorial comments)
>>>> Also, all of this needs to work in the absence of an ACP and therefore
>>>> of the ACP's adjacency table. That applies to GRASP too, because in
>>>> order to perform its various link-local actions, it needs to know
>>>> which interfaces it has and which link-local addresses it has. And it
>>>> learns of its link-local neighbors as a result of discovery. So while
>>>> I fully appreciate the value of the adjacency table, we need to be functional
>>> without it.
>>> Michael things of discovered proxies as adjacencies for the table. I think of
>>> them as a “list of discovered proxies”. The concepts are similar and Michael is
>>> correct that the current sentence could be clearer.
>> Seen from BRSKI, you are right. 
>> My main comment really is: Adjacency discovery, as well as the adjacency table, is really independent of both BRSKI and ACP. It is a feature of an *autonomic node*. When an autonomic node is in factory default, it will use the adjacency table to invoke bootstrap; when it is in a domain, it will use the same table to create an ACP connection. So the adjacency discovery and the table are really separate from BRSKI and ACP. 
>> Because of this, I've said for a while the really "correct" thing to do would be to make a separate (short) draft for autonomic adjacency discovery, and the adjacency table. This would be a really nice place to describe the general behaviour of an autonomic node. 
>> Right now we really specify the same thing in both BRSKI and ACP drafts. First of all, I think we should be VERY clear that we don't want *two* mechanisms to discover a proxy or an ACP neighbour. We want a single protocol to do this. (I think we agree up to here). 
>> The chairs have been pushing hard against another draft, for purely practical reasons, and I understand that, and can live with it. 
>> But let's be clear that this should really be the same protocol, it should be specified in one place only, and the other refers to that. (Again, I think we agree on that). 
>> Here's what's going to happen in phase 2 of ANIMA: 
>> - We'll want Intent to say things like "trust autonomic devices in domain x for the sole purpose of auto-negotiating BGP security". 
>> - or "if a node in sees one in, it should create a 'unidirectional' ACP"
>> - Therefore, a node now needs to scan its adjacency table, see where there are nodes of domain x. 
>> - for such nodes, we'll establish another form of security association, we will NOT include them in the general ACP. 
>> - so there will be another way to handle nodes in the table that we've ignored so far. 
>> - This will result in another draft. 
>> - Now, without the adjacency discovery draft, we need now to point to another "use case" draft, e.g., BRSKI for the details of adjacency discovery, and what to do in which case. 
>> To me, we are turning cause and action the wrong way round. 
>> Michael
>>> - max
>>>> Rgds
>>>>   Brian