Re: [Anima] Brian/anima: trust notion of ASA communications

Brian E Carpenter <> Fri, 07 February 2020 23:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 408261200FE for <>; Fri, 7 Feb 2020 15:04:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bRfYi5vxsUor for <>; Fri, 7 Feb 2020 15:04:38 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E55A21200FA for <>; Fri, 7 Feb 2020 15:04:37 -0800 (PST)
Received: by with SMTP id y73so534875pfg.2 for <>; Fri, 07 Feb 2020 15:04:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=JHDPZAXZAqQtYiOnep6GOjHirCBN8qK2lPKF+gm1FP0=; b=HidNEnOSPiFrnAv+rbHbLLtpZdcrXReaeKIL4RQP8l2ScxwyOtReSSMa7AjbF1qgOr 2QzJd2pIHEHQw2qVyTgms50PtJnb7XPp9GrYGUzTWOQTW5Z/1leyWRYxU3bmL2fLepz3 Ulj6/PkKR9kqIdWRLUNSDtMpVeP3cCtO7TUhoTo4B4I/hRSvVzbHAC+LhCFUIWTJqaNx bTXlQMvIXchzqUPm88U+IF+WnWyqRLgAet22WVIeKuGxyEEvs7oCPi3qXlXJu3mPkZ/F pm0P9evGh79tW5Z0CxeB6rnPMWUa3dcJ4pacPxol16UpFyNxQJJTdR2TEduoXsuA1ri3 Al8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=JHDPZAXZAqQtYiOnep6GOjHirCBN8qK2lPKF+gm1FP0=; b=Ahlx4B8JwAreZyzacsva0x61Y0sbx388Lo8h2Fr1yFUcTaMZwCh2XrVxYYKGTyd6Jp eYTSO064Ze9R1OcZf7jiHM7AExv5D9geJDG+YoxxKmBX3YyIuEV5P+SKjQEHnpvlDw56 ZpW40tYPbAMPq+uQ1C5fppi/iWX5vJribkwiKMuXAhWa1tQtt0X/9mDhsZocOhV8taQA m2iwFjGDJHiAEjfbSRTntksu30MxjTwFWz8Z7P3AuuVSZFYBPMc9STDEUgMpgaNOr+41 bRITI+EUei+mdaAE3RJ9qGHNKLZKATXzpMEv11Oppm8JmaFYWty2asa38r2QQ8UAEaR0 Nu+Q==
X-Gm-Message-State: APjAAAXFIZZyY/9an0lxk5vfmh/17ZfZ+frtPDOiHHe2rOuuQH/GXUGy 3whUCosIYppcxc/PFOW0qa9lIq7F
X-Google-Smtp-Source: APXvYqxtey4Y5PSkkcjD/tH51xRxe1hLrqjw+6zSPKO5yp+5t4IYziNvIj0P06HESkrlPQTZc2aeiw==
X-Received: by 2002:a63:c304:: with SMTP id c4mr1579635pgd.85.1581116676978; Fri, 07 Feb 2020 15:04:36 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id j14sm3897616pgs.57.2020. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Feb 2020 15:04:36 -0800 (PST)
To: Toerless Eckert <>, Michael Richardson <>
References: <> <23372.1581026131@dooku> <>
From: Brian E Carpenter <>
Message-ID: <>
Date: Sat, 8 Feb 2020 12:04:33 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Anima] Brian/anima: trust notion of ASA communications
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 07 Feb 2020 23:04:39 -0000

On 08-Feb-20 03:58, Toerless Eckert wrote:
> Sure, and i am going to run a hacked ACP node thats announcing in GRASP
> to be the "best-ever" node to provide that service ;-) How to you
> prohibit me to happen ? -> Anser: i dont have a fitting certificate, or
> there is some ACP crowd intelligence that says i am untrustworthy.

I don't see how you can get away from asymmetric crypto to do that. An ASA
comes up and says 'I support "DANGER"', which is a GRASP objective for doing
something very dangerous. Take a concrete example: 'I support "PrefixManager"',
which is defined in draft-ietf-anima-prefix-management and will be in an
RFC one day soon. So this ASA needs to be trusted to allocate or assign
IP address space.

How can we check this is OK? As far as I can see, only if we have previously
decided to trust any PrefixManager ASA that can prove possession of a given
private key, or more precisely one of a given set of private keys.

In practical reality, I'm sure operators will want to install identical
binaries of a given ASA on multiple autonomic nodes. So the private key
will be scattered around the autonomic domain. My guess is that a lot of
operators would not see this as any better than just trusting the nodes,
not the individual ASAs.