Re: [Anima] Clarification reg old reference in the BRSKI draft to IEEE 802_1AR-2009
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 23 July 2019 17:31 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB33612063F for <anima@ietfa.amsl.com>; Tue, 23 Jul 2019 10:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cXHq4qnFmfQ for <anima@ietfa.amsl.com>; Tue, 23 Jul 2019 10:31:16 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A72B12006B for <anima@ietf.org>; Tue, 23 Jul 2019 10:31:16 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:1232:144:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id 6DE911F44B; Tue, 23 Jul 2019 17:31:14 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 3E5151BBF; Tue, 23 Jul 2019 13:31:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Mendelson, Tsippy" <tsippy.mendelson@intel.com>
cc: "tte+ietf@cs.fau.de" <tte+ietf@cs.fau.de>, "anima@ietf.org" <anima@ietf.org>, "Ruan, Xiaoyu" <xiaoyu.ruan@intel.com>, "Jayanna, Prabhu" <prabhu.jayanna@intel.com>, "kwatsen@juniper.net" <kwatsen@juniper.net>, "Michael.H.Behringer@gmail.com" <Michael.H.Behringer@gmail.com>
In-reply-to: <27D27ED4408AA64998F40FB212076767DC282548@hasmsx109.ger.corp.intel.com>
References: <27D27ED4408AA64998F40FB212076767DC26B25F@hasmsx109.ger.corp.intel.com> <27D27ED4408AA64998F40FB212076767DC282548@hasmsx109.ger.corp.intel.com>
Comments: In-reply-to "Mendelson, Tsippy" <tsippy.mendelson@intel.com> message dated "Tue, 23 Jul 2019 09:26:54 -0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 23 Jul 2019 13:31:36 -0400
Message-ID: <13736.1563903096@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/5ZrAoduyZiWFs0HulUZmoppy5XY>
Subject: Re: [Anima] Clarification reg old reference in the BRSKI draft to IEEE 802_1AR-2009
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 17:31:19 -0000
Mendelson, Tsippy <tsippy.mendelson@intel.com> wrote:
> Sending again to wider ANIMA audience – as I received no response.
I don't think that I saw it before.
But, you posted to the list, which is the right place.
(You could have opened a github issue)
> We have identified a reference to an old spec in BRSKI draft
> draft-ietf-anima-bootstrapping-keyinfra-22.
> The draft refers to:
> [IDevID] "IEEE 802.1AR Secure Device Identifier", December 2009,
> <http://standards.ieee.org/findstds/
> standard/802.1AR-2009.html>.
> However there is a later spec:
> https://standards.ieee.org/standard/802_1AR-2018.html
> The specific quote from 802.1AR-2009 that we would like to ask about is in
> section 2.3.1 “Identification of the Pledge”:
So, I have no idea if 802_1AR-2018 is better or not, as I don't have a copy
of it. I tried last week to get a copy of it via the getieee system,
but I failed. I had previously been able to download the 2009 version.
> The following fields are defined in [IDevID] and [RFC5280]:
>
> o The subject field's DN encoding MUST include the "serialNumber"
> attribute with the device's unique serial number. (from [IDevID]
> section 7.2.8, and [RFC5280] section 4.1.2.4's list of standard
> attributes)
> In 802_1AR-2018 we could not find that the “serialNumber” attribute
> MUST be included rather we found SHOULD:
Yes, but we are saying that *WE* require it.
> Here it says: An IDevID certificate subject field shall be non-null and
> should include a unique device serial number.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- Re: [Anima] Clarification reg old reference in th… Michael Richardson