Re: [Anima-bootstrap] Can the proxy add information during bootstrap?

Michael Richardson <> Wed, 13 April 2016 12:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3AC9D12E1EE for <>; Wed, 13 Apr 2016 05:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Kbrq-HmZFgke for <>; Wed, 13 Apr 2016 05:53:09 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A511812E1F8 for <>; Wed, 13 Apr 2016 05:53:09 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 726D72002A; Wed, 13 Apr 2016 08:57:04 -0400 (EDT)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 28CC763755; Wed, 13 Apr 2016 08:53:08 -0400 (EDT)
From: Michael Richardson <>
To: Brian E Carpenter <>
In-Reply-To: <>
References: <> <> <>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Wed, 13 Apr 2016 08:53:08 -0400
Message-ID: <>
Archived-At: <>
Cc: "" <>
Subject: Re: [Anima-bootstrap] Can the proxy add information during bootstrap?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Apr 2016 12:53:11 -0000

Brian E Carpenter <> wrote:
    >> I think it's a MITM attack for the proxy to add any information to the
    >> secure part.  Any information not under the security enclosure may be
    >> untrustworthy.

    > If there's a need to discover topology, which I understood Michael B
    > was after, couldn't that be done after enrolment, with no security
    > risk?

yes: exactly.  In fact, after enrollment, the resulting ACP that the new node
might form might have nothing to do with the topology used for enrollment.

I see no reason for the registrar to care about enrollment topology.

Consider two 14U BFRs in adjacent cabinets that use BTLE to enroll, establish
an ACP between them, and then configure the correct lambdas to light up the
100Gb/s links between them.
A new ACP link then comes up across that link (maybe using macsec..)

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-