[Anima] splitting up richardson-anima-masa-considerations into two pieces
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 10 June 2020 04:33 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B44ED3A0E95 for <anima@ietfa.amsl.com>; Tue, 9 Jun 2020 21:33:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRmXQxAXGVmR for <anima@ietfa.amsl.com>; Tue, 9 Jun 2020 21:33:49 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F683A0E90 for <anima@ietf.org>; Tue, 9 Jun 2020 21:33:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id BDBA838A24 for <anima@ietf.org>; Wed, 10 Jun 2020 00:31:18 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id MUQfDmA8mieX for <anima@ietf.org>; Wed, 10 Jun 2020 00:31:14 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 9B9D938A23 for <anima@ietf.org>; Wed, 10 Jun 2020 00:31:14 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4C1A4486 for <anima@ietf.org>; Wed, 10 Jun 2020 00:33:43 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <159176190855.9169.7350787463977998504@ietfa.amsl.com>
References: <159176190855.9169.7350787463977998504@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 10 Jun 2020 00:33:43 -0400
Message-ID: <10463.1591763623@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/-2Niz98BNSopDi4GpgxrDfI_Mdc>
Subject: [Anima] splitting up richardson-anima-masa-considerations into two pieces
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 04:33:54 -0000
We have split up richardson-anima-masa-considerations into two pieces: 1) the MASA operational considerations. This is the BRSKI specific part which was part two of the original document. It deals with generating vouchers, and how to create and manage the trust anchors that need to be built-into the firmware. internet-drafts@ietf.org wrote: > A new version of I-D, draft-richardson-anima-masa-considerations-04.txt > has been successfully submitted by Michael Richardson and posted to the > IETF repository. > URL: > https://www.ietf.org/internet-drafts/draft-richardson-anima-masa-considerations-04.txt I would welcome more discussion in ANIMA on this part. 2) draft-richardson-secdispatch-idevid-considerations which deals with how do build and operate the IDevID needed to make BRSKI operate. This document is not intended to be BRSKI specific, but deal with any use for IDevID certificates. Clearly other uses may have other needs, but it should be possible to build a superset system that makes everyone happy. https://datatracker.ietf.org/doc/draft-richardson-secdispatch-idevid-considerations/ Abstract: This document provides a number of operational modes that a manufacturer of devices that include IEEE 802.1AR IDevID certificates may choose from. Different ways of generating and signing the needed keypairs are detailed, and the security tradeoffs of each method are considered. This document provides a nomenclature for each mode. IDevID certificates are used in ANIMA's BRSKI Manufacturer Authorized Signing Authority (MASA) process. I will be asking secdispatch to consider what to do with this document. I say that there is a nomenclature, but I don't yet have a clue how to name the three (at least) ways of doing key generation. Part of the reason to split this document up is to make it easier to get this part reviewed widely. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima] splitting up richardson-anima-masa-consid… Michael Richardson
- [Anima] IDevID considerations document to secdisp… Michael Richardson