IETF Logo Mail Archive

Re: [Anima] Errata 6642: Re: Registrar to MASA connections: SNI required

Toerless Eckert <tte@cs.fau.de> Thu, 15 February 2024 16:52 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7C9C14F738 for <anima@ietfa.amsl.com>; Thu, 15 Feb 2024 08:52:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.66
X-Spam-Level:
X-Spam-Status: No, score=-1.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvta7iuW9x0f for <anima@ietfa.amsl.com>; Thu, 15 Feb 2024 08:52:07 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1CBCC14F6FF for <anima@ietf.org>; Thu, 15 Feb 2024 08:52:06 -0800 (PST)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4TbLh268fcznkLn; Thu, 15 Feb 2024 17:52:02 +0100 (CET)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4TbLh25L66zkmr3; Thu, 15 Feb 2024 17:52:02 +0100 (CET)
Date: Thu, 15 Feb 2024 17:52:02 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rwilton@cisco.com" <rwilton@cisco.com>, "anima@ietf.org" <anima@ietf.org>
Message-ID: <Zc5BMpCqBykhqNzC@faui48e.informatik.uni-erlangen.de>
References: <22766.1706710713@obiwan.sandelman.ca> <ZbxbDS8vRJpNvpxJ@faui48e.informatik.uni-erlangen.de> <5675.1706881746@obiwan.sandelman.ca> <ZcJqAbO4H7mqmlT5@faui48e.informatik.uni-erlangen.de> <15885.1707746510@obiwan.sandelman.ca> <ZcrORdk0_4sCY87J@faui48e.informatik.uni-erlangen.de> <8823.1707933716@obiwan.sandelman.ca> <Zc0GZ39gU0RuxiY6@faui48e.informatik.uni-erlangen.de> <22821.1707936851@obiwan.sandelman.ca> <DU0P190MB19786CC639ACDE423DEAD895FD4D2@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <DU0P190MB19786CC639ACDE423DEAD895FD4D2@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BlbyU3o7f35ikRBQQ5wAGBsWo30>
Subject: Re: [Anima] Errata 6642: Re: Registrar to MASA connections: SNI required
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2024 16:52:08 -0000

Trying to find better rules for the process without success, so i think
that it's up to Rob to determine whethrer he wants additional input from the WG
or simply accept/reject the proposed text change based on his own evaluation.

I think we had a long enough discussion time about this so everybody who has an opinion
did have a chance to chime in.

And again, this thread is just for the RFC8995 Register/MASA section Errata.
The discussion about my github request in BRSKI cloud Pledge->Registrar is independent.
Sending of SNI is an application choice as explained in TLS 1.3 (probably also
in RFC6066), so it really needs to be decided by each application function, although
it seems as if the rule of thumb is to always send it as long as the TLS responder
is known by DNS hostname. But it seems neither RFC6066 nor TLS 1.3 make this a rule.

Cheers
    Toerless

On Thu, Feb 15, 2024 at 12:54:19PM +0000, Esko Dijk wrote:
> Shouldn't the ANIMA WG also agree on a new text or a new concept for an erratum?  
> And who are "all parties"? For me this is just too vague.
> 
> Esko
> 
> -----Original Message-----
> From: Anima <anima-bounces@ietf.org> On Behalf Of Michael Richardson
> Sent: Wednesday, February 14, 2024 19:54
> To: Toerless Eckert <tte@cs.fau.de>
> Cc: rwilton@cisco.com; anima@ietf.org
> Subject: Re: [Anima] Errata 6642: Re: Registrar to MASA connections: SNI required
> 
> 
> Toerless Eckert <tte@cs.fau.de> wrote:
>     >> I'm fine with this.  But, since it's hold for document update, we
>     >> don't have to wordsmith it now, as long as we get across the right
>     >> idea in the patch.
> 
>     > Well, my understanding is that Rob simply wants a replacement text for
>     > the Errata that we both agree on so he can update the Errata with it.
> 
> All of the text you have proposed is fine with me in the end.
> Short of it: all parties always send SNI.
> 
> (Registrar must often ignore SNI upon receipt)
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 
> 

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email