Re: [Anima-bootstrap] Scope question
Toerless Eckert <eckert@cisco.com> Mon, 06 July 2015 03:29 UTC
Return-Path: <eckert@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36B61B2A72 for <anima-bootstrap@ietfa.amsl.com>; Sun, 5 Jul 2015 20:29:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08DnZ6dz_olX for <anima-bootstrap@ietfa.amsl.com>; Sun, 5 Jul 2015 20:29:53 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7651B2A70 for <anima-bootstrap@ietf.org>; Sun, 5 Jul 2015 20:29:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1344; q=dns/txt; s=iport; t=1436153393; x=1437362993; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=eDn5Vmf8Gyfewz9zzL06qG8zkjh89IGSmNkFthznOlM=; b=j0biPgJBI7dU2TUlvBqpIXDn7qUMy5SY+8WRtOOzepPinNeNNptiyWDq qWtO1uO9aQbaR4JXHZ57rLb7tVl2flzV6TSI25cawwxauupod9kxlsEqU TDdb51RBXjtKHVfGm1tQLKobtCVB1awm3pxicw1Br4HHN/zpg7FQeEaf3 w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D9BACn9ZlV/4QNJK1cgxJUYL1egWQMhXUCgSM5EwEBAQEBAQGBCoQkAQEEAQEBNzQLEAsYCSUPBRM2E4gvDcdlAQEBAQEBAQEBAQEBAQEBAQEBAQEBF4tLhC1ZB4QrBY0Ihw2EYocFAYF+llgmhBseMQGBA4FHAQEB
X-IronPort-AV: E=Sophos;i="5.15,412,1432598400"; d="scan'208";a="12849653"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-2.cisco.com with ESMTP; 06 Jul 2015 03:29:52 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t663Tq6q014091 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 6 Jul 2015 03:29:52 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t663Tphl001484; Sun, 5 Jul 2015 20:29:51 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t663TpOl001483; Sun, 5 Jul 2015 20:29:51 -0700
Date: Sun, 05 Jul 2015 20:29:51 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <20150706032951.GX27147@cisco.com>
References: <5599BF13.60405@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5599BF13.60405@gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima-bootstrap/ox0oircyeAkqJr1KG-7V_nfiROg>
Cc: anima-bootstrap@ietf.org
Subject: Re: [Anima-bootstrap] Scope question
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 03:29:54 -0000
To keep us focussed on moving towards RFCs, i would first
look into the following Prio1:
Prio1, in charter: Bootstrap of certificate on physical
devices that are AN devices: bootstrap+signaling+ACP+ASA sharing
the certificate.
And then beyond it:
PrioN > 1, in charter: Bootstrap for logical autonomic devices/VMs/ASA
that need separate certificates from the underlying system.
Outside current charter: Reuse of bootstrap in non-AN devices -
eg: without the rest of autonomic and potentially with different
protocols.
Cheers
Toerless
On Mon, Jul 06, 2015 at 11:34:43AM +1200, Brian E Carpenter wrote:
> The design team charter at
> http://trac.tools.ietf.org/wg/anima/trac/wiki/Bootstrap%20Design%20Team%20Charter
> leaves two scope questions open for me.
>
> 1. Is the scope *all* nodes in a network, or only the nodes taking
> part in autonomic operations (i.e. nodes that are part of the ACP
> and/or run Anima signaling)?
>
> 2. Is the scope limited to physical nodes? Or in other words, do
> entities like virtual machines or ASAs inherit credentials from
> the physical node containing them?
>
> Regards
> Brian
>
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap
- Re: [Anima-bootstrap] Scope question Michael Richardson
- [Anima-bootstrap] Scope question Brian E Carpenter
- Re: [Anima-bootstrap] Scope question Toerless Eckert
- Re: [Anima-bootstrap] Scope question Michael Behringer (mbehring)