[Anima-signaling] SONN constrained instance

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 01 December 2016 00:34 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF331129BD6 for <anima-signaling@ietfa.amsl.com>; Wed, 30 Nov 2016 16:34:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.797
X-Spam-Level:
X-Spam-Status: No, score=-4.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dA2mnazhn6Fo for <anima-signaling@ietfa.amsl.com>; Wed, 30 Nov 2016 16:34:49 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36F0F129BE7 for <anima-signaling@ietf.org>; Wed, 30 Nov 2016 16:34:39 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A315E200A7 for <anima-signaling@ietf.org>; Wed, 30 Nov 2016 19:51:42 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 63AE8637A6 for <anima-signaling@ietf.org>; Wed, 30 Nov 2016 19:34:38 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Anima signaling DT <anima-signaling@ietf.org>
In-Reply-To: <d394fc61-edb7-eb3c-85fb-cd7c10fb2927@gmail.com>
References: <d394fc61-edb7-eb3c-85fb-cd7c10fb2927@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Wed, 30 Nov 2016 19:34:38 -0500
Message-ID: <2658.1480552478@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/0OzfCYkkDGEEuPQJC_ZUUlnyZb8>
Subject: [Anima-signaling] SONN constrained instance
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG <anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 00:34:51 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    > 61.  Is the SONN constrained instance really needed?

    > My personal inclination is to say "yes" to #59, #61 and #62.

    > We really need Michael R & Toerless to reach an agreement about #61.

I think that I said we didn't need it.
That all we need is to become aware of the neighbours (which insecure DULL
can do with M_FLOOD), and that all the security is best done by IKEv2.
(And IKEv2, even if MacSEC is negotiated rather than IPsec)

The ACP-04 document imagines a protocol that isn't IKEv2 using some
unspecified encapsulation over (d)TLS transporting IP packets, and negotiated
using GRASP.  This hardly has any existing specification (one in tsvwg right
now), and has no hardware support anywhere.  It's not our place in this WG
to create new security protocols.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-