IETF Logo Mail Archive

[Anima] Re: Question regarding use of assertions in vouchers in RFC8366bis

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 02 September 2024 00:36 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C42C14F714 for <anima@ietfa.amsl.com>; Sun, 1 Sep 2024 17:36:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2-c5KIDD2-e for <anima@ietfa.amsl.com>; Sun, 1 Sep 2024 17:35:58 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76DC3C14F70B for <anima@ietf.org>; Sun, 1 Sep 2024 17:35:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 48A383898D; Sun, 1 Sep 2024 20:35:57 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id cbeYB90OaANP; Sun, 1 Sep 2024 20:35:55 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1725237355; bh=WtXW5bQFI4S2OC5V6/0i6RA9no0lD1wSz076oNm1pdU=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=e0U6hh0ROc5VPpP84jycOaqbTtgYo9IP9+1twjQI/iLGzd3h0tUD/pMtsvg/oUfvK maesKfwa2IrDOdtxVzj3lqiIs959lNXhGDnLzk5QB3sH4HjZ0ifAvve1Wfc1Bfepq+ JIpXw4aEww4cnVeIrw/SpMEnmhfaeK1QLx9DYlmavuepfd9/8jikdDKcf0Qrasvy0J cEi9Fn3lINsBvR/kfZVpMFOaeMjzMyfoC046PXI1xVuoFssCEe/5kpDJSykZYBTktE Vk8W+6FFr1Lv4psEzk/m0kdfoXNAnKrmafSRdIamu1pDVYVRe8kZlGo4o6xsI5imu7 iF9dZVOjIobIg==
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 217213898C; Sun, 1 Sep 2024 20:35:55 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 19A9A528; Sun, 1 Sep 2024 20:35:55 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Fries, Steffen" <steffen.fries=40siemens.com@dmarc.ietf.org>
In-Reply-To: <DB9PR10MB6354B8FF05E979ED40F70165F3962@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <DB9PR10MB6354B8FF05E979ED40F70165F3962@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 01 Sep 2024 20:35:55 -0400
Message-ID: <22780.1725237355@obiwan.sandelman.ca>
Message-ID-Hash: NBFTIOWDNA7RINVAIDUZJQ2X4D6X4PU4
X-Message-ID-Hash: NBFTIOWDNA7RINVAIDUZJQ2X4D6X4PU4
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "anima@ietf.org" <anima@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Anima] Re: Question regarding use of assertions in vouchers in RFC8366bis
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/HIyIT7BPNPI_fF7BBtj8zXKjhzI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Fries, Steffen <steffen.fries=40siemens.com@dmarc.ietf.org> wrote:
    > Currently we have different types of assertions defined (https://www.ietf.org/archive/id/draft-ietf-anima-rfc8366bis-12.html#name-yang-module)
    > - logged
    > - verified
    > - proximity
    > - agent-proximity

Yes.

    > Logged and verified relates to actions which can be performed on the
    > MASA side related to ownership verification, while proximity and
    > agent-proximity provide information about the onboarding situation n
    > the deployment domain.

Nonce-less vouchers would be logged, for instance.

    > I was wondering if we address different assertions in one value based
    > on the following use case:

    > *   A pledge (product) is sold via a distributor. The MASA has no
    > information about the final customer.
    > *   If the pledge is onboarded, it creates a Voucher-request asking for
    > a proximity assertion
    > *   The registrar provides the registrar voucher request including the
    > pledge voucher request to the MASA
    > *   Based on the contained information, the MASA can verify proximity,
    > but still may not know the customer (domain).
    > *   The MASA could react with the assertion "proximity". But given that
    > the MASA has no information about the end customer it may also react
    > with "logged"

That's correct.
I would always go for proximity if there is a voucher-request.

    > With this, are we addressing two different statements in one
    > enumeration? Or did I misinterpret the enum?

It may well be that in the ~10 years since we started, that the concepts have
drifted.  Probably worth a re-think after a few years of real deployment.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.29.0 | Report a Bug | By Email | System Status