Re: [Anima] Is this how BRSKI/IPIP works?

Brian E Carpenter <> Fri, 14 July 2017 20:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CC6EF131940 for <>; Fri, 14 Jul 2017 13:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tFsBg463Rl1v for <>; Fri, 14 Jul 2017 13:14:00 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1975E1319B4 for <>; Fri, 14 Jul 2017 13:13:59 -0700 (PDT)
Received: by with SMTP id e7so50185301pfk.0 for <>; Fri, 14 Jul 2017 13:13:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=8z2UqDfy2TZ1/IFPbBPwYG/bEyCkTvfRW8rNIdgRuiM=; b=EuEPkmsPv404Kq82OAQKT93NfHyGPDjRFA44Su837dmFotxSB6naXJlTx+JDZEscyG t20N5GGfnCcTe7qP+Ir1D0qQvv7wFcptwrJEcAd9dR/EbwfM2LMnoUhtXwOnUXlyE4T4 K+/kFcNTef/2LFVksMZxHRFvmao/a8sqzezVALO99VYVks6ukDGhg1LwFZ7GGyY+pyxU HiA1lwj06jrQ6kc69aprKCwi0IsJz2ekJM5AIqX70SH8yFp5wlmbud8bA96U/qGQxrVi KNVZ7WkI9LhqxHhwEm74tbIsa69qkg0Hva2cOp01sBFlTegi7vGUIEjpFLgB5QgQv0+9 BT8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=8z2UqDfy2TZ1/IFPbBPwYG/bEyCkTvfRW8rNIdgRuiM=; b=VixGDoP9WiwPjzfxEtFWsONkh5lDEM/w1kdQyiGLHgxUeA8HHUsRdt3wDNmOxncsdI BYJl480p3U6zR/rfNgdMs4MPre9W4d2xxxxtmWyfYTe1G/PEXOLW3pGRON++YYw+0aDP DlM766leh3a6x/e9qIBNhngAVINGKiWbZjO9pF/QA8JPMwqQEaEYSAzrgNgo7tIO+uAt cSogydbNi4lmBeL02JLnz2rHAl1d4bX3JrqVPTycB/eh75zbus4sDMa90HMiEO/LYm6J lFlbt90j7hP/8PA6E6pT+4iBnSLdgdF2VonkcTHuv49LBI7k5QFekKJZ7K7s7ptP0C2m YcGw==
X-Gm-Message-State: AIVw110Dz6oZNvLxHc3BK+Miv/KYt0VQSNMEotges2EFKoZ4+nYMxktW emOg8rNdD3U1Yw1a
X-Received: by with SMTP id z1mr17624189plb.260.1500063239395; Fri, 14 Jul 2017 13:13:59 -0700 (PDT)
Received: from ?IPv6:2406:e001:55f4:1:28cc:dc4c:9703:6781? ([2406:e001:55f4:1:28cc:dc4c:9703:6781]) by with ESMTPSA id p5sm17123208pgf.50.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Jul 2017 13:13:58 -0700 (PDT)
To: Michael Richardson <>, Eliot Lear <>
Cc: Toerless Eckert <>, Anima WG <>
References: <> <> <> <> <> <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Sat, 15 Jul 2017 08:14:04 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Anima] Is this how BRSKI/IPIP works?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Jul 2017 20:14:02 -0000

On 15/07/2017 01:09, Michael Richardson wrote:
> Eliot Lear <> wrote:
>     > On 7/6/17 9:09 AM, Toerless Eckert wrote:
>     >> On Thu, Jul 06, 2017 at 04:34:05PM +1200, Brian E Carpenter wrote:
>     >>> It used to be, but the recommendation today is a pseudo-random
>     >>> value (RFC7217). In any case it's a software choice.
>     >> brand new recommendations do not equate to be expected
>     >> standard practice in products. Would be very good to have
>     >> folks with practical insight into various products to
>     >> provide more information.
>     > On this point, I think it's quite likely that we will see a good number
>     > of devices fielded that will do a lousy job of PRNG, and so it would be
>     > inadvisable for them to implement RFC7217, lest they test their DAD code
>     > in ways not really intended.  I'm not thinking about iPhones here, but
>     > energy harvesting devices like some light switches, and a bunch of,
>     > well,... crap.
>     > The question is whether you should design for these devices.  IMHO "no"
>     > is a perfectly valid answer, but I'm still a bit skeptical about the
>     > value of 7217 for these class of devices in any event.
> 1) Constrained devices are out of scope for ANIMA.

True, but let's not use that as an excuse, because our stuff
might just get used more widely.

> 2) even if they were in scope, kinetic powered light switches are not
>    good candidates for join proxies.  Light bulbs, however.

But On 14/07/2017 18:13, Eliot Lear wrote:
> I made my comment in the context of a possible interface collision in
> your diagram.  Those had to do with the autonomic nodes, not the
> proxies, as I understand things.  To avoid those sorts of collisions, it
> seems like using the h/w address remains sensible.  A collision in those
> circumstances would be extremely unlikely, whereas relying on poor PRNG
> almost assures it of happening.  These devices are likely to have very
> little entropy available to them.

And they may well be BRSKI pledges, just not using GRASP for discovery.
So Eliot's point seems valid (but not an issue for ANIMA alone).