Re: [Anima-bootstrap] BRSKI doc updates for -04

"Max Pritikin (pritikin)" <pritikin@cisco.com> Mon, 31 October 2016 17:34 UTC

Return-Path: <pritikin@cisco.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57391129979 for <anima-bootstrap@ietfa.amsl.com>; Mon, 31 Oct 2016 10:34:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.018
X-Spam-Level:
X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFOpv9PR8BCy for <anima-bootstrap@ietfa.amsl.com>; Mon, 31 Oct 2016 10:34:27 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936C712996F for <anima-bootstrap@ietf.org>; Mon, 31 Oct 2016 10:34:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3840; q=dns/txt; s=iport; t=1477935262; x=1479144862; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=P6JOuP896e0HCaMGIxq5wBdQj2QYHh1mVCJWvjRmyWo=; b=C8m6XYFhg4O2NXl1BT7PvqfimimquDDkQ5JKKyKCpJ5s9RuRy9k/jW+8 LCeD9Azs2jXbsATz8Pk6egVhe8LcncdsatdU1B/5lAlKR00ak45paj3P7 9gJW2SL6X1yeBxIIe8UTdl0eluHRur/64HbbBciVd8NPwLKy11+Cry+Sc w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AdAQBCdRdY/5NdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgyoBAQEBAR9YfQeNL5Z+h16MYIIHHQ2FeQIagXY/FAECAQEBAQE?= =?us-ascii?q?BAWIohGIBAQEDAQEBASAROgsFCwIBCBgCAiYCAgIfBgsVEAIEDgWIOgMPCA6wQ?= =?us-ascii?q?YhtDYNjAQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWBB4czCIJQgkeCABeCbS2CEh0?= =?us-ascii?q?BBJQRhVI1AYYvhlKDLoFuhG2JKYcggVWEHIQBAR42YIMjHIFTcgGGf4EJAQEB?=
X-IronPort-AV: E=Sophos;i="5.31,428,1473120000"; d="scan'208";a="165790664"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2016 17:34:21 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9VHYLc5006846 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 31 Oct 2016 17:34:21 GMT
Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 31 Oct 2016 12:34:20 -0500
Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Mon, 31 Oct 2016 12:34:20 -0500
From: "Max Pritikin (pritikin)" <pritikin@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [Anima-bootstrap] BRSKI doc updates for -04
Thread-Index: AQHSMW2sTIr1+KdXAUOZHo0C0l3v+6C+5nuAgAREgQA=
Date: Mon, 31 Oct 2016 17:34:20 +0000
Message-ID: <51623E0C-6836-4F5A-9A02-7AB8D3728D07@cisco.com>
References: <2A325ACB-B2D6-402F-B045-C2BB5CC5A35D@cisco.com> <8388f68f-849b-1afd-469d-0ba3bbf50373@gmail.com>
In-Reply-To: <8388f68f-849b-1afd-469d-0ba3bbf50373@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.99.106.11]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E6A59BAAFEDDD94D9F33515C79694DE7@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/ptj_9EBZJzxJQ4WvCgHCd1Vmrk4>
Cc: "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Subject: Re: [Anima-bootstrap] BRSKI doc updates for -04
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 17:34:29 -0000

Brian, 

As per the design team meeting consensus we have added a normative reference to secured GRASP for the communication channel between the Proxy and the Registrar when ACP is being used. 

We do not have normative language concerning the Pledge to the Proxy using unsecured GRASP. I think this is a reasonable compromise position,

- max 

> On Oct 28, 2016, at 6:24 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> Hi,
> 
> I object strongly to the unchanged formulation of section 3.1.1 (Discovery).
> It mandates DNS-SD when IMHO it should mandate either DNS-SD or a GRASP
> based method, as we discussed in Berlin. As I've said a few times,
> I don't really care whether the GRASP method is based on the Flood
> mechanism or the Discovery/Synchronize mechanism, or a Discovery/Negotiate
> mechanism as Michael R proposed. But we look collectively foolish
> if we do not use a GRASP mechanism within the AN environment.
> 
> At least, I want to see a place holder for this in the -04 draft.
> Basically it would look like
> 
> [the pledge]
> 
> b.  MUST:
> 
> either b1. Performs DNS-based Service Discovery [RFC6763]...
> 
> or b2. Performs GRASP-based Discovery [details TBD since we are out of time]
> 
> and appropriate text somwhere about what the proxy does (i.e. MUST support
> both discovery methods).
> 
> In 3.2.1 (CoAP connection to Registrar) there is a passing reference
> to GRASP, without a citation, and the same for the ACP, without a citation.
> At the minimum those need to cite the relevant drafts. There's the same
> choice for how the proxy discovers the registrar (Flood, Discovery/Synchronize
> or Discovery/Negotiate). Also, the ACP isn't mandatory for GRASP - we
> could use Synchronize or Negotiate securely via TLS, if we had to.
> 
> Regards
>   Brian
> 
> On 29/10/2016 11:50, Max Pritikin (pritikin) wrote:
>> 
>> Folks, I’ve been making changes toward pushing out an update this weekend. If you have last minute comments or wish to verify that design team discussion have been captured please take a look at the github version. 
>> 
>> A current build -04 preliminary version is, as always, located here:
>> 	https://github.com/ietf-roll/anima-bootstrap/blob/master/dtbootstrap-anima-keyinfra-04.txt
>> 
>> If you have comments please try to include specific changes. 
>> 
>> I will be pushing this by the Oct 31st deadline. 
>> 
>> - max
>> _______________________________________________
>> Anima-bootstrap mailing list
>> Anima-bootstrap@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima-bootstrap
>> 
> 
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap