Re: [Anima-bootstrap] BRSKI State Machine

"Michael Behringer (mbehring)" <mbehring@cisco.com> Tue, 18 October 2016 07:33 UTC

Return-Path: <mbehring@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC875129585 for <anima-bootstrap@ietfa.amsl.com>; Tue, 18 Oct 2016 00:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Level:
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bDnwK-6oUzU8 for <anima-bootstrap@ietfa.amsl.com>; Tue, 18 Oct 2016 00:33:43 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2414D129583 for <anima-bootstrap@ietf.org>; Tue, 18 Oct 2016 00:33:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3732; q=dns/txt; s=iport; t=1476776023; x=1477985623; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Sgt0Ds64PBXPRYSfV9iuN+4gOAzkSG541fuYzbOA8Ag=; b=kuKJaPpA5C6ZFKWybhElvzxM9uP3RXmwmbJn6TDaVRl7sg97+YCzAg3G LIgTuJrZQ+ie+U/s/NAHHVwDPNg34cTd6Xo9X/WvuNZNSzPzbz9ZDluuv +UpL/CEhzFWG2jg30JYK/t4Fwe1lcHNkfi0pEG1trlDZNqe2jssYvY5qP k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BJAQBOzwVY/5xdJa1bFgMBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM8AQEBAQEdV3wHjS2XBYdeikuCD4IIKIV6AhqBWDgUAQIBAQE?= =?us-ascii?q?BAQEBXieEYQEBAQMBIwQNSgcEAgEIEQQBAQECAiMDAgICHxEUAQgIAQEEARIIi?= =?us-ascii?q?DADDwgOtUyJCA2DVQEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQeFNoRVgkeCF4J?= =?us-ascii?q?tglsFmVE1AYx1gwePfIhlhBaDfwEeNlKCfhyBU3IBh1WBAAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.31,361,1473120000"; d="scan'208";a="336884907"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2016 07:33:42 +0000
Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u9I7XgPJ028854 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Oct 2016 07:33:42 GMT
Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 02:33:41 -0500
Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 02:33:41 -0500
From: "Michael Behringer (mbehring)" <mbehring@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Thread-Topic: [Anima-bootstrap] BRSKI State Machine
Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqACtTISAAA1Wa6A=
Date: Tue, 18 Oct 2016 07:33:41 +0000
Message-ID: <3a3639b521464ca8a7c3441b950973bc@XCH-RCD-006.cisco.com>
References: <c41c231f3906477f97f1641617de025e@XCH-RCD-006.cisco.com> <746b88a1-717a-8b2d-1ed1-84e4d2268926@gmail.com>
In-Reply-To: <746b88a1-717a-8b2d-1ed1-84e4d2268926@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.55.238.134]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/K-109jtYy6cj1GJiXZ8kpgSHokU>
Subject: Re: [Anima-bootstrap] BRSKI State Machine
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 07:33:45 -0000

> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: 17 October 2016 21:41
> To: Michael Behringer (mbehring) <mbehring@cisco.com>om>; anima-
> bootstrap@ietf.org
> Subject: Re: [Anima-bootstrap] BRSKI State Machine
> 
> Hi Michael,
> On 15/10/2016 03:42, Michael Behringer (mbehring) wrote:
> ...
> > * First of all, one thing isn't coming out clearly (it's there, but somehow not
> obvious at all): We have three "paths" through the algorithm, and it is the
> *pledge* that has "hard coded" which paths we're taking:
> >
> > 1) join any domain (first come first join)
> >    --> No MASA required
> > 2) require audit token
> >    --> MASA required, audit mode
> > 3) require authentication token
> >    --> MASA required, ownership tracking mode
> >
> > [I really hope we agree on that!!!]
> 
> What about the air gap case (no external interaction allowed, by site policy)?
> Would there be a simulated MASA in that case? In any case, that is not a
> choice that the pledge can make.

Well, if you can't have external communications, you have two options: 
1) case 1 above. Registrar and CA are local within the airgap zone, all works. With the security caveats that Max makes. 
2) case 3 where the MASA ownership vouchers are created up front, put on a CD ROM, and send into the airgap zone. 
 
Your point is probably: We should explain that. And, I think you're right! Sounds like uses cases of BRSKI. Maybe appendices? 

> ...
> > - we need to specify precisely the discovery method, with mDNS field
> names, and other details. In my head we're using mDNS here, and I *think*
> we agreed on that?
> 
> No, I think we agreed on supporting both mDNS or GRASP discovery; it is of
> course the latter hat I've modelled. We have no need of mDNS for GRASP-
> capable nodes, but we must support mDNS between the proxy and a non-
> GRASP-capable pledge. I've got no objection to also specifying mDNS
> between the proxy and the registrar, but I think it's redundant.

Sigh. I'm a bit lost on what we decided, to be honest... Is that written down somewhere? We need to nail down discovery in two places: 

BRSKI: Pledge needs to find proxy. 
3.1.1 is the place in the BRSKI doc where discovery is specified, and it clearly does NOT say what you said above :-) 
ACP: one ANIMA node needs to find other ANIMA nodes. 
5.2 specifies mDNS today. 

We really need to start nailing this down! 

Michael

> Indeed the details have to be specified; I haven't formally written them up
> for the GRASP methods but they are embedded in my Python code.
> (Again, https://www.cs.auckland.ac.nz/~brian/graspy/brski/)
> 
> Rgds
>     Brian