Re: [Anima] Handling of endpoint path names (from BRSKI-AE discussion today)
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 02 September 2020 03:22 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62DC73A0AB1 for <anima@ietfa.amsl.com>; Tue, 1 Sep 2020 20:22:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ed_fFhEwiP8k for <anima@ietfa.amsl.com>; Tue, 1 Sep 2020 20:22:40 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8109B3A081C for <anima@ietf.org>; Tue, 1 Sep 2020 20:22:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 6C307389BE; Tue, 1 Sep 2020 23:01:35 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id EXCbwTRClJkK; Tue, 1 Sep 2020 23:01:34 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 82988389BA; Tue, 1 Sep 2020 23:01:34 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 60CC1600; Tue, 1 Sep 2020 23:22:38 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Fries, Steffen" <steffen.fries@siemens.com>, "anima@ietf.org" <anima@ietf.org>
In-Reply-To: <523e10f22ec84f83ad8c0f0b9bc85c4a@siemens.com>
References: <3f2d1790efb44ac39405a23dc592dd89@siemens.com> <20200730161142.GB62130@faui48f.informatik.uni-erlangen.de> <12431.1596541563@dooku> <2c4323c817134845ae7c36b41fd239c1@siemens.com> <11029.1596647559@localhost> <eee14f13f5cf4183bf69e999c5fcea04@siemens.com> <6058.1597841627@localhost> <f3981ca4bde844dbb27213ae96185967@siemens.com> <11109.1598470952@localhost> <6563c1fbc9624eb687df3ae51b19ba76@siemens.com> <31381.1598639539@localhost> <523e10f22ec84f83ad8c0f0b9bc85c4a@siemens.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 01 Sep 2020 23:22:38 -0400
Message-ID: <14539.1599016958@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/6CUmyZgH0meCbH2t-ZWfNzR0UdA>
Subject: Re: [Anima] Handling of endpoint path names (from BRSKI-AE discussion today)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 03:22:42 -0000
Fries, Steffen <steffen.fries@siemens.com> wrote: >> -----Original Message----- >> From: Michael Richardson <mcr+ietf@sandelman.ca> >> Sent: Freitag, 28. August 2020 20:32 >> > Maybe I phrased it wrong. The intention is not to make the pledge more >> > complex. The goal should be to keep the pledge simple and enhance the >> > registrar to handle also other situations like unavailability of >> > certain connections. The registrar should be the more capable >> > component. The discovery was intended in situations, in which the >> > registrar supports multipole options, but not all may be mandatory >> > supported. In this case the discovery would help. Otherwise the pledge >> > may do trial and error. >> >> While I appreciate the idea of having the pledge fail faster, and go onto to >> the next possible registrar, I think that the pledge should support one and >> only one mechanism, and it's up to the registrars to keep up. > Yes, this keeps the pledge simple, but would require the registrar to > implement the other options mandatorily. *A* Registrar has to implement the right options. There could be more than one system with the same CA behind them. I way prefer to just let the pledge implement one thing. Maybe that will cause significant bifurcation in the BRSKI-capable thing market, but I suspect that most registrars will implement it all. >> If we are doing proper ACP ANIMA, then we can include the enrollment >> options for the Registrar into the GRASP DULL announcement, and this can >> inform the pledge's decision as to which Registrar to pick. > This would also be an option for a discovery, but I have to dig deeper into GRASP. okay. >> I don't yet understand how the voucher-request is done in async BRSKI. > I realize more an more that a pure "request-object" without considering > the transport is probably too abstract. Implementing requires also the > transport. Yes, okay, I thought that this was in scope for this document. Or, when I agreed to adopt, I thought that. I have quite a few ideas on how to do this: we really ran through them all during BRSKI/6tisch-zero-touch/SZTP and we settled on a compromise. >> I thought that was what we were doing.. I have many ideas about this. > Yes, voucher-request and also certification-request would be collected > by the pledge-agent. Good to hear you have ideas here, as we need to > define the approach more precisely. >> > Regarding PUSH. As outlined in BRSKI-AE section 5.2.4 the pledge would >> > be queried by the pledge-agent for certain objects. It was intended to >> >> But, how is it queried? > The pledge essentially must be able to listen for the request. In > industrial environments the embedded device is most often in a server > role waiting for requests. This would have to be leveraged also for the > PUSH interaction. Cool. I can also see BT and NFC being used for the push. >> Well, I thought that the furnace in the basement where there is no >> connectivity was a really good use case. >> The furnace installer has a smartphone or dedicated comissioning >device. > This was one of the point I concluded form the last meeting. The trust > assumptions about the pledge and pledge-agent interaction is one of the > points to be discussed further. Good. >> As for HTTP: I would tend to suggest that we should use CoAP. >> This works over WIFI as well as other technologies, and convergence here >> would be good. > Which may bring it closer to the constraint voucher than BRSKI. I was > looking for the latter, hence HTTP as proposal. But this is open for > discussion. :-) -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima] Handling of endpoint path names (from BRS… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Eliot Lear
- Re: [Anima] Handling of endpoint path names (from… Toerless Eckert
- Re: [Anima] Handling of endpoint path names (from… Toerless Eckert
- Re: [Anima] Handling of endpoint path names (from… Brockhaus, Hendrik
- Re: [Anima] Handling of endpoint path names (from… Brian E Carpenter
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- [Anima] possible last minute changes to anima-boo… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] possible last minute changes to anima… Mark Nottingham
- Re: [Anima] possible last minute changes to anima… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Werner, Thomas
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Fries, Steffen
- Re: [Anima] Handling of endpoint path names (from… Michael Richardson
- Re: [Anima] Handling of endpoint path names (from… Brian E Carpenter
- Re: [Anima] Handling of endpoint path names (from… Esko Dijk
- [Anima] constrained handling of endpoint path nam… Michael Richardson
- Re: [Anima] constrained handling of endpoint path… Esko Dijk
- Re: [Anima] constrained handling of endpoint path… Michael Richardson