Re: [Anima] [anima-wg/anima-brski-async-enroll] Definition of new assertion type (agent-proximity) for the voucher (#18)
"Fries, Steffen" <steffen.fries@siemens.com> Thu, 17 June 2021 06:22 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 786D63A0D52; Wed, 16 Jun 2021 23:22:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.796
X-Spam-Level:
X-Spam-Status: No, score=-6.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rgf2DsujN8fz; Wed, 16 Jun 2021 23:22:06 -0700 (PDT)
Received: from gw-eagle2.siemens.com (gw-eagle2.siemens.com [194.138.20.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFEEA3A0CDC; Wed, 16 Jun 2021 23:22:05 -0700 (PDT)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de [139.25.224.78]) by gw-eagle2.siemens.com (Postfix) with ESMTPS id DD95B46881F; Thu, 17 Jun 2021 08:22:02 +0200 (CEST)
Received: from DEMCHDC8A2A.ad011.siemens.net (demchdc8a2a.ad011.siemens.net [139.25.226.108]) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id 3483B1A25B2BA; Thu, 17 Jun 2021 08:22:00 +0200 (CEST)
Received: from DEMCHDC89XA.ad011.siemens.net (139.25.226.103) by DEMCHDC8A2A.ad011.siemens.net (139.25.226.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Thu, 17 Jun 2021 08:21:59 +0200
Received: from DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) by DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) with mapi id 15.01.2176.014; Thu, 17 Jun 2021 08:21:59 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Kent Watsen <kent+ietf@watsen.net>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "anima@ietf.org" <anima@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [Anima] [anima-wg/anima-brski-async-enroll] Definition of new assertion type (agent-proximity) for the voucher (#18)
Thread-Index: AQHXYwFgLCrCFxBCxkyTYyGOI/zAxKsXupsw
Date: Thu, 17 Jun 2021 06:21:59 +0000
Message-ID: <dd79da0017844ae7b6026e4a911a30d9@siemens.com>
References: <anima-wg/anima-brski-async-enroll/issues/18@github.com> <19872.1623779796@localhost> <0100017a16ff590b-6803346f-2ef6-4b19-88bf-3c670e32d5a0-000000@email.amazonses.com>
In-Reply-To: <0100017a16ff590b-6803346f-2ef6-4b19-88bf-3c670e32d5a0-000000@email.amazonses.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-06-17T06:21:58Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=8f3ce4b5-a281-4609-9a7e-6fab1bf4adff; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [144.145.220.66]
Content-Type: multipart/alternative; boundary="_000_dd79da0017844ae7b6026e4a911a30d9siemenscom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/05MuXD2p3MC1hVgTsq7JpMyRvVw>
Subject: Re: [Anima] [anima-wg/anima-brski-async-enroll] Definition of new assertion type (agent-proximity) for the voucher (#18)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 06:22:17 -0000
Hi Kent New assertion type for the voucher necessary for agent-proximity. Likely to enhance the enum in the YANG module for the voucher in [RFC 8366](https://datatracker.ietf.org/doc/html/rfc8366#section-5.3<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8366%23section-5.3&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C8f0def833074455274eb08d931185e52%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637594803581468513%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=rzMb4kIf2KFodqTPQn0t%2FPR4Qa36swMHP5vpc90w5VI%3D&reserved=0>) Kent, how do we do add a new enum? Does the grouping help us at all? We need to do this for both voucher and voucher-request. Firstly, because it took me quite some time to put this message in context, for everyone else, here’s a link to GitHub Issue #18: https://github.com/anima-wg/anima-brski-async-enroll/issues/18<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fanima-wg%2Fanima-brski-async-enroll%2Fissues%2F18&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C8f0def833074455274eb08d931185e52%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637594803581478469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=B1c%2FG9IS2Umv7K%2FpB%2BKKZWvyhB1Bq0bLRX%2FrIRsSZTc%3D&reserved=0>. I’m unsure what it is trying to be accomplished but, generally, either an “augment” and a module-revision can be used to add an enum. [stf] Thank you for the hint. In one of the use cases of BRSKI-AE a registrar-agent acting on behalf of the registrar is used to facilitate the communication between pledge and registrar. In this case the MASA should assert “agent-proximity” instead of “proximity” to show, that there was no direct connection between the pledge and the registrar. Also, as the pledge does not verify a signature of the registrar, this assertion is weaker than “proximity” but stronger than “logged”. To achieve this we intended to enhance the current enum with the new assertion type. Best regards Steffen
- Re: [Anima] [anima-wg/anima-brski-async-enroll] D… Michael Richardson
- Re: [Anima] [anima-wg/anima-brski-async-enroll] D… Kent Watsen
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Andy Bierman
- Re: [Anima] [anima-wg/anima-brski-async-enroll] D… Fries, Steffen
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Fries, Steffen
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Andy Bierman
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Fries, Steffen
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Andy Bierman
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Michael Richardson
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Kent Watsen
- Re: [Anima] [netmod] [anima-wg/anima-brski-async-… Michael Richardson