Re: [Anima] addressing Content-Type-Encoding errata on EST / RFC7030 --- relationship to BRSKI
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 17 June 2019 16:31 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD3D12035B for <anima@ietfa.amsl.com>; Mon, 17 Jun 2019 09:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dexLPMvax6c8 for <anima@ietfa.amsl.com>; Mon, 17 Jun 2019 09:31:44 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E06120354 for <anima@ietf.org>; Mon, 17 Jun 2019 09:31:43 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.133]) by relay.sandelman.ca (Postfix) with ESMTPS id 62CD01F450; Mon, 17 Jun 2019 16:31:42 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 8BA133810; Mon, 17 Jun 2019 12:31:52 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: anima@ietf.org, spams@ietf.org, Ignas Bagdonas <ibagdona@gmail.com>, max pritikin <pritikin@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>
In-reply-to: <6535.1560786935@dooku.sandelman.ca>
References: <6535.1560786935@dooku.sandelman.ca>
Comments: In-reply-to Michael Richardson <mcr+ietf@sandelman.ca> message dated "Mon, 17 Jun 2019 11:55:35 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 17 Jun 2019 12:31:52 -0400
Message-ID: <10505.1560789112@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BNFUqfpUw7jtHan-IkpxinLpyes>
Subject: Re: [Anima] addressing Content-Type-Encoding errata on EST / RFC7030 --- relationship to BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 16:31:47 -0000
Resending with correct LAMPS ML name of "SPASMS". I have posted the draft https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify/ this morning. It attempts to address the errata posted by Sean Turner in 2017 on RFC7030. Specifically the use of Content-Type-Encoding (CTE) and base64. You can see my other query to httpbis at: https://mailarchive.ietf.org/arch/msg/httpbisa/m4l4G_lHKfQVfSeAn7IxReUioD0 In doing BRSKI (draft-ietf-anima-bootstrapping-keyinfra) interop testing we had a number of confusions about whether or things are base64 encoded, and if they are always base64 encoded, why send the CTE header, and if BRSKI is binary or base64 encoded! Given that RFC7030 is somewhat well deployed, acting on the errata that Sean Turner noted is a bit difficult! (As a process thing, it's a problem that his 2017 errata seems to have gone into /dev/null). I am posting the core of the proposal at the bottom of this email. It tries to leverage the Postel doctrine in a way. Some questions/issues: 1) does this belong in secdispatch? 2) is this appropriate for LAMPS? 3) independant submission seems wrong. 4) ANIMA BRSKI needs to clarify things itself, and I will add a section on this, but I'm hesistant to add a normative reference here. I have an idea of appropriate text that I will post on Tuesday. Getting clarity here is really the most important thing for me. 5) I don't have a simple answer for the /csrattrs API. Maybe it needs to be solved by creating a new end point. or it could be done with Accept: header. ps: it's ironic to me, this is perhaps something that could also be solved by versioning the API in the URL. For the other three methods, when the client is aware that this is an amended server then it SHOULD send the POST request in binary form (DER-encoded), and omit the Content-Transfer-Encoding header. How the client knows what kind of server it is dealing with is communicating with is detailed in the next section. An amended server, when it receives a request that has no Content- Transfer-Encoding header, or has a Content-Transfer-Encoding header with the "binary" attribute, MUST respond in the same binary format. When an amended server receives a request in CTE-base64 form, then it MAY respond in kind. It is reasonable for a server to be configured to ignore or fail requests of this form, either via run-time configuration, or via a compile-time option. A main reason to do this is to avoid a permutation that requires testing in the future when no legacy EST clients are expected to connect. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima] addressing Content-Type-Encoding errata o… Michael Richardson
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson
- Re: [Anima] [lamps] addressing Content-Type-Encod… Jim Schaad
- Re: [Anima] addressing Content-Type-Encoding erra… Toerless Eckert
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson
- Re: [Anima] addressing Content-Type-Encoding erra… Toerless Eckert
- Re: [Anima] addressing Content-Type-Encoding erra… Carsten Bormann
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson
- Re: [Anima] addressing Content-Type-Encoding erra… Michael Richardson