IETF Logo Mail Archive

Re: [Anima] New Version Notification for draft-ietf-anima-rfc8366bis-05.txt

Michael Richardson <mcr@sandelman.ca> Wed, 25 January 2023 20:51 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9082CC14CE24 for <anima@ietfa.amsl.com>; Wed, 25 Jan 2023 12:51:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZ5U45sUsMvz for <anima@ietfa.amsl.com>; Wed, 25 Jan 2023 12:51:49 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FA61C151534 for <anima@ietf.org>; Wed, 25 Jan 2023 12:51:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 723FD38993 for <anima@ietf.org>; Wed, 25 Jan 2023 16:21:24 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id QRUwXeCMZm7A for <anima@ietf.org>; Wed, 25 Jan 2023 16:21:23 -0500 (EST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B4FDD38991 for <anima@ietf.org>; Wed, 25 Jan 2023 16:21:23 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1674681683; bh=fdzmvU1eXrPV+gLRB6P1uZYvUgr/1YvBbZrnIVjB4cw=; h=From:To:Subject:In-Reply-To:References:Date:From; b=dr0wCd3KVb2VP91VjhC0HZpxXHxS3DfNBZkI5JF6gvPs9yyIydL25MymRTKNjkJHv /j+mFut2qXyHXdgimhED6ydupfycAfNQevaZGpv4Glp2N802zSfm5yJwa3LSVPjTn5 oQlotFmuXI0Ma/A+MbBYq8jLc2FFWr9pY+VIMaNC3l1OAYDKfSNV8/Y0xdhMEtxWH5 2/6WYeKEx4/M6QlNBR6VwUTJSDE+7+0qm82aSXXxRAXGyqsfdJBJMjf4I5KqoTaJKX JRBCuE63ykxc77xnvW43RR+cLe4WvP5CPhlTIkax1UiyFQHIBJGRjb0l1YpiejFmJQ YR+UzXMkIqSiQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 75774504 for <anima@ietf.org>; Wed, 25 Jan 2023 15:51:47 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <167467890750.40942.10235124805853704323@ietfa.amsl.com>
References: <167467890750.40942.10235124805853704323@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8036.1674679907.1@localhost>
Content-Transfer-Encoding: quoted-printable
Date: Wed, 25 Jan 2023 15:51:47 -0500
Message-ID: <8037.1674679907@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/EXgFEqkF64ypH24n8uxfBDYmw9M>
Subject: Re: [Anima] New Version Notification for draft-ietf-anima-rfc8366bis-05.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2023 20:51:53 -0000

internet-drafts@ietf.org wrote:
    > Html:           https://www.ietf.org/archive/id/draft-ietf-anima-rfc8366bis-05.html
    > Diff:           https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-rfc8366bis-05

Hi, Toerless asked for a clear Changes since RFC8366 section.
I've added that as section 5, and I would sure appreciate review comments at:
     https://github.com/anima-wg/voucher/pull/22

I asked Toerless for a WG Consensus Call on this approach to dealing with the
problems that augment has gotten us into.
There are threads in the archives on what the challenge is.
We are looking for technical objections to this pull request and this approach.

In addition to the section 5, I have replaced "bootstrapping" with
"onboarding", and adjusted some of the other introductory text to include
more of the other documents.

I resisted the urge to describe {{PRM}} as "SneakerNet", since I was afraid
to find a definition for that.

I have been unable to use yanglint verify the example JSON that RFC8366
defined.  It tells me it does not match I get no further details.  I felt
that I should first establish this before believing it about the YANG
provided in this document.  I see this as a critical thing for the document,
but not for merging this pull request.

(I redid Table 1 in kramdown, but I don't know how/if I can make a cell
span multiple columns, so for now, I haven't)

I see that I still have RFC8792 wrapping in the voucher-request YANG, while I
did fix that for the voucher YANG.


5.  Changes since RFC8366
 [RFC8366] was published in 2018 during the development of [BRSKI],
 [ZERO-TOUCH] and other work-in-progress efforts.  Since then the
 industry has matured significantly, and the in-the-field activity
 which this document supports has become known as _onboarding_ rather
 than _bootstrapping_.
 The focus of [BRSKI] was onboarding of ISP and Enterprise owned wired
 routing and switching equipment, with IoT devices being a less
 important aspect.  [ZERO-TOUCH] has focused upon onboarding of CPE
 equipment like cable modems and other larger IoT devices, again with
 smaller IoT devices being of less import.
 Since [BRSKI] was published there is now a mature effort to do
 application-level onboarding of constrained IoT devices defined by
 The Thread and Fairhair (now OCF) consortia.  The [cBRSKI] document
 has defined a version of [BRSKI] that is useable over constrained
 802.15.4 networks using CoAP and DTLS, while
 [I-D.selander-ace-ake-authz] provides for using CoAP and EDHOC on
 even more constrained devices with very constrained networks.
 [PRM] has created a new methodology for onboarding that does not
 depend upon a synchronous connection between the Pledge and the
 Registrar.  This mechanism uses a mobile Registrar Agent that works
 to collect and transfer signed artifacts via physical travel from one
 network to another.
 Both [cBRSKI] and [PRM] require extensions to the Voucher Request and
 the resulting Voucher.  The new attribtes are required to carry the
 additional attributes and describe the extended semantics.  In
 addition [cBRSKI] uses the serialization mechanism described in
 [YANGCBOR] to produce significantly more compact artifacts.
 When the process to define [cBRSKI] and [PRM] was started, there was
 a belief that the appropriate process was to use the [RFC8040]
 _augment_ mechanism to further extend both the voucher request
 [BRSKI] and voucher [RFC8366] artifacts.  However, [PRM] needs to
 extend an enumerated type with additional values and _augment_ can
 not do this, so that was initially the impetus for this document.
 An attempt was then made to determine what would happen if one wanted
 to have a constrained version of the [PRM] voucher artifact.  The
 result was invalid YANG, with multiple definitions of the core
 attributes from the [RFC8366] voucher artifact.  After some
 discussion, it was determined that the _augment_ mechanism did not
 work, nor did it work better when [RFC8040] yang-data was replaced
 with the [RFC8971] structure mechanisms.
 After significant discussion the decision was made to simply roll all
 of the needed extensions up into this document as "RFC8366bis".
 This document therefore represents a merge of YANG definitions from
 [RFC8366], the voucher-request from [BRSKI], and then extensions to
 each of these from [cBRSKI] and [PRM].  There are some difficulties
 with this approach: this document does not attempt to establish
 rigorous semantic definitions for how some attributes are to be used,
 referring normatively instead to the other relevant documents.

v2.23.0 | Report a Bug | By Email