[Anima] [Technical Errata Reported] RFC8995 (6648)

RFC Errata System <rfc-editor@rfc-editor.org> Tue, 27 July 2021 02:25 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B2463A11F5 for <anima@ietfa.amsl.com>; Mon, 26 Jul 2021 19:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJxELy3JvEZR for <anima@ietfa.amsl.com>; Mon, 26 Jul 2021 19:25:04 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD0853A11EF for <anima@ietf.org>; Mon, 26 Jul 2021 19:25:04 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 3EABDF40710; Mon, 26 Jul 2021 19:24:47 -0700 (PDT)
To: pritikin@cisco.com, mcr+ietf@sandelman.ca, tte+ietf@cs.fau.de, Michael.H.Behringer@gmail.com, kent+ietf@watsen.net, warren@kumari.net, rwilton@cisco.com, jiangsheng@huawei.com, tte@cs.fau.de
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mcr+ietf@sandelman.ca, anima@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20210727022447.3EABDF40710@rfc-editor.org>
Date: Mon, 26 Jul 2021 19:24:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/FYVQWCT1jP-AgN4sL4QfWudoBz8>
Subject: [Anima] [Technical Errata Reported] RFC8995 (6648)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 02:25:10 -0000

The following errata report has been submitted for RFC8995,
"Bootstrapping Remote Secure Key Infrastructure (BRSKI)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6648

--------------------------------------
Type: Technical
Reported by: Michael Richardson <mcr+ietf@sandelman.ca>

Section: 5.1

Original Text
-------------
   Use of TLS 1.3 (or newer) is encouraged.  TLS 1.2 or newer is
   REQUIRED on the pledge side.  TLS 1.3 (or newer) SHOULD be available
   on the registrar server interface, and the registrar client
   interface, but TLS 1.2 MAY be used.  TLS 1.3 (or newer) SHOULD be
   available on the MASA server interface, but TLS 1.2 MAY be used.



Corrected Text
--------------
Use of TLS 1.3 (or newer) is encouraged.  TLS 1.2 or newer is
REQUIRED on the pledge side.  TLS 1.3 (or newer) SHOULD be available
on the registrar server interface, and the registrar client
interface, but TLS 1.2 MAY be used.  When TLS 1.3 is used the use of
Server Name Indicator (SNI, [RFC6066]) is not required, per RFC8446 
section 9.2, this specification is an application profile specification.

A pledge connects to the Registrar using only an IP address and it will 
not have any idea of a correct SNI value. 
This also implies that the Registrar interface may not be virtual \
hosted using SNI.




Notes
-----
Another errata says that SNI is mandatory on MASA interface, and the distinction between the two is subtle.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45)
--------------------------------------
Title               : Bootstrapping Remote Secure Key Infrastructure (BRSKI)
Publication Date    : May 2021
Author(s)           : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen
Category            : PROPOSED STANDARD
Source              : Autonomic Networking Integrated Model and Approach
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG