IETF Logo Mail Archive

Re: [Anima] addressing Content-Type-Encoding errata on EST / RFC7030 --- relationship to BRSKI

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 17 June 2019 16:31 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD3D12035B for <anima@ietfa.amsl.com>; Mon, 17 Jun 2019 09:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dexLPMvax6c8 for <anima@ietfa.amsl.com>; Mon, 17 Jun 2019 09:31:44 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E06120354 for <anima@ietf.org>; Mon, 17 Jun 2019 09:31:43 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.133]) by relay.sandelman.ca (Postfix) with ESMTPS id 62CD01F450; Mon, 17 Jun 2019 16:31:42 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 8BA133810; Mon, 17 Jun 2019 12:31:52 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: anima@ietf.org, spams@ietf.org, Ignas Bagdonas <ibagdona@gmail.com>, max pritikin <pritikin@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>
In-reply-to: <6535.1560786935@dooku.sandelman.ca>
References: <6535.1560786935@dooku.sandelman.ca>
Comments: In-reply-to Michael Richardson <mcr+ietf@sandelman.ca> message dated "Mon, 17 Jun 2019 11:55:35 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 17 Jun 2019 12:31:52 -0400
Message-ID: <10505.1560789112@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BNFUqfpUw7jtHan-IkpxinLpyes>
Subject: Re: [Anima] addressing Content-Type-Encoding errata on EST / RFC7030 --- relationship to BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 16:31:47 -0000

Resending with correct LAMPS ML name of "SPASMS".

I have posted the draft
  https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify/

this morning.  It attempts to address the errata posted by Sean Turner in
2017 on RFC7030.  Specifically the use of Content-Type-Encoding (CTE) and
base64. You can see my other query to httpbis at:
  https://mailarchive.ietf.org/arch/msg/httpbisa/m4l4G_lHKfQVfSeAn7IxReUioD0

In doing BRSKI (draft-ietf-anima-bootstrapping-keyinfra) interop testing we
had a number of confusions about whether or things are base64 encoded, and if
they are always base64 encoded, why send the CTE header, and if BRSKI is
binary or base64 encoded!

Given that RFC7030 is somewhat well deployed, acting on the errata that Sean
Turner noted is a bit difficult!  (As a process thing, it's a problem that
his 2017 errata seems to have gone into /dev/null).

I am posting the core of the proposal at the bottom of this email.
It tries to leverage the Postel doctrine in a way.

Some questions/issues:

1) does this belong in secdispatch?

2) is this appropriate for LAMPS?

3) independant submission seems wrong.

4) ANIMA BRSKI needs to clarify things itself, and I will add a section on
   this, but I'm hesistant to add a normative reference here.
   I have an idea of appropriate text that I will post on Tuesday.
   Getting clarity here is really the most important thing for me.

5) I don't have a simple answer for the /csrattrs API. Maybe it needs to be solved
   by creating a new end point.  or it could be done with Accept: header.

ps: it's ironic to me, this is perhaps something that could also be solved
    by versioning the API in the URL.


   For the other three methods, when the client is aware that this is an
   amended server then it SHOULD send the POST request in binary form
   (DER-encoded), and omit the Content-Transfer-Encoding header.  How
   the client knows what kind of server it is dealing with is
   communicating with is detailed in the next section.

   An amended server, when it receives a request that has no Content-
   Transfer-Encoding header, or has a Content-Transfer-Encoding header
   with the "binary" attribute, MUST respond in the same binary format.

   When an amended server receives a request in CTE-base64 form, then it
   MAY respond in kind.  It is reasonable for a server to be configured
   to ignore or fail requests of this form, either via run-time
   configuration, or via a compile-time option.  A main reason to do
   this is to avoid a permutation that requires testing in the future
   when no legacy EST clients are expected to connect.




--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email