Re: [Anima] [Gen-art] Genart telechat review of draft-ietf-anima-bootstrapping-keyinfra-28
Alissa Cooper <alissa@cooperw.in> Wed, 16 October 2019 14:57 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71BD12011F; Wed, 16 Oct 2019 07:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=COLRUlAm; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=iUyLeGMC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eNcmy3rfraIe; Wed, 16 Oct 2019 07:57:29 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C57E4120118; Wed, 16 Oct 2019 07:57:29 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3CBD321AEF; Wed, 16 Oct 2019 10:57:29 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 16 Oct 2019 10:57:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=z iCoIGJXo8gyqn/IvpyKPm6wYAD7fxgvP9/CZy6t2DM=; b=COLRUlAmyLmgr9HLs YsNH0VoXcyJ0PBXsQGfKNM+UuXxAN5kWKDBx457LIzqc86TGbfMvoAIB4IPkF1TV yagfOn4YTu/TpWklztRi4JdM9FCJDaQ7vJxCI2FtiH0td/Bv+mdIGlNWfs3xjIjK 0IsHvpO2Rg79MxcUQ7gd2q04xS7CbsKuBjw+T1PrsJ0LMBp0ee2i+bWqOm4v7ATv fV1e3NBdIvmgKva2lwO2CDTHSGj0Wx+2P2ZNjM24aaW5e+7i8anCA6vooszjkTAk MisvCqnEO4E52egFvM+4vgaQpFBUbybVdKHI/Ut4LiSqaE6XWUuHljh4HAbAlAy0 GASnA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=ziCoIGJXo8gyqn/IvpyKPm6wYAD7fxgvP9/CZy6t2 DM=; b=iUyLeGMCndxVN6vu8p/0njOmS1AW3NZcqJ9jijLQiCbZu4+2b4OFi0DcO EXxUxP7RcY7tQMWyT1VJQGNXhp+Q6jjZuslLzuBoro7tzKylk9Yf0JTCA+5i3Svn H/2Uea6BTEVSy/zBZqqUtIvWexzMJJb9vw6fS1eTDFYaKlSJbhPyfbxWbGL7wfyL oHvzxa+5hCbbwhMiTq/bK+SiYdDQsWSB5eFhgaHNMb1xYITbzCW2algiSFxPWwPH d9Lha/E0D/6wN+9Y0BG3kI9X0wUlsDA0bhuwbKJzB7ttXJfJ6cW6Se3Jdv2KWTdh Q86AjBJBk+iwF08iNzV3BHq68JDzA==
X-ME-Sender: <xms:2C-nXebpAs1b7xRETBr_0Vg3qMA11cjcfRJRHF3vmIbEC7yx8V5MLQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrjeehgdekgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeetlhhishhs rgcuvehoohhpvghruceorghlihhsshgrsegtohhophgvrhifrdhinheqnecuffhomhgrih hnpehivghtfhdrohhrghenucfkphepudejfedrfeekrdduudejrdekgeenucfrrghrrghm pehmrghilhhfrhhomheprghlihhsshgrsegtohhophgvrhifrdhinhenucevlhhushhtvg hrufhiiigvpedt
X-ME-Proxy: <xmx:2C-nXS2NWa5-gfrS9NPS3eU0GUcNtmedHXoL2LX124iVFUJJ9ErFdw> <xmx:2C-nXUXCKQGHjujNI3RWVNlDUNL8CUziwlUOH536ltvYSnNBGSdMOQ> <xmx:2C-nXdupTAucD5lr_8bTwwUtcbUFrirp8E4OjpfdCqKiYrGnVbiV4Q> <xmx:2S-nXTXGjN-iDQmuom7hQxfOXmucOkGBeS1g8rFSyCpzFlKBUZMenA>
Received: from dhcp-10-150-9-159.cisco.com (unknown [173.38.117.84]) by mail.messagingengine.com (Postfix) with ESMTPA id 3088580059; Wed, 16 Oct 2019 10:57:28 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <00f001d5833c$52aacf60$4001a8c0@gateway.2wire.net>
Date: Wed, 16 Oct 2019 10:57:23 -0400
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org" <draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CF1EF8F-EE0D-4BE6-B2C2-4C91883A881B@cooperw.in>
References: <157095596011.20750.2703747454081790983@ietfa.amsl.com> <00f001d5833c$52aacf60$4001a8c0@gateway.2wire.net>
To: tom petch <daedulus@btconnect.com>, Dan Romascanu <dromasca@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/RVCkqhTEelBiu0WfMDdcfhddRbE>
Subject: Re: [Anima] [Gen-art] Genart telechat review of draft-ietf-anima-bootstrapping-keyinfra-28
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 14:57:32 -0000
Dan, thanks for your review. Tom, thanks for your response. I entered a DISCUSS ballot to make sure the issues with the YANG modules get fixed. I also noted the need for a response to the full Gen-ART review. Alissa > On Oct 15, 2019, at 5:40 AM, tom petch <daedulus@btconnect.com> wrote: > > Dan > > I had a quick look at the YANG and it does indeed need some work IMHO. > I have posted a separate e-mail listing what I saw. > > Tom Petch > > > ----- Original Message ----- > From: "Dan Romascanu via Datatracker" <noreply@ietf.org> > Sent: Sunday, October 13, 2019 9:39 AM > >> Reviewer: Dan Romascanu >> Review result: Ready with Issues >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please wait for direction from your >> document shepherd or AD before posting a new version of the draft. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-anima-bootstrapping-keyinfra-?? >> Reviewer: Dan Romascanu >> Review Date: 2019-10-13 >> IETF LC End Date: None >> IESG Telechat date: 2019-10-17 >> >> Summary: Ready with Issues >> >> This document specifies automated bootstrapping of an Autonomic > Control Plane >> by creating a Remote Secure Key Infrastructure (acronym BRSKI) using >> manufacturer installed X.509 certificates, in combination with a > manufacturer's >> authorizing service, both online and offline. >> >> Christian Huitema and Jari Arkko have performed early reviews of > previous >> versions of the document for SecDir and Gen-ART. As far as I can tell, > most if >> not all of their major concerns concerning applicability and security > have been >> addressed in the latest versions. A few more minor issues described > below would >> better be clarified before approval. >> >> I also observe that the document has consistent Operational > implications but >> there is no OPS-DIR review so far, as well as a YANG module and > several other >> references to YANG, but there is no YANG Doctors review. I hope that > these will >> be available prior to the IESG review. >> >> Major issues: >> >> Minor issues: >> >> 1. The Pledge definition in section 1.2: >> >>> Pledge: The prospective device, which has an identity installed at >> the factory. >> >> while in the Introduction: >> >>> ... new (unconfigured) devices that are called pledges in this >> document. >> >> These two definitions seem different. The definition in 1.2 does not > include >> the fact that the device is 'new (unconfigured'. Also, arguably > 'identity >> installed at the factory' may be considered a form of configuration. >> >> 2. The document lacks an Operational Considerations section, which I > believe is >> needed, taking into consideration the length and complexity of the > document. >> There are many operational issues spread across the document > concerning the >> type and resources of devices, speed of the bootstrapping process, > migration >> pass, impact on network operation. I suggest to consider adding such a > section >> pointing to the place where these issues are discussed and adding the > necessary >> information if missing. Appendix A.1 in RFC 5706 can be used as a > checklist of >> the issues to be discussed in such a section. >> >> 3. Section 5.4: >> >>> Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is >> REQUIRED. >> >> What is the reason for using 'encouraged'? Why not RECOMMENDED? >> >> Nits/editorial comments: >> >> 1. The Abstract includes: >> >> 'To do this a Remote Secure Key Infrastructure (BRSKI) is created' >> >> Later in the document BRSKI is idefined as a protocol. It would be > good to >> clarify if BRSKI = BRSKI protocol >> >> 2. In Section 1 - Introduction, 3rd paragraph: >> >> s/it's default modes/its default modes/ >> s/it's strongest modes/its strongest modes/ >> >> 3. Please expand non-obvious acronyms at first occurrence: EST > protocol, LLNs, >> REST interface, LDAP, GRASP, CDDL, CSR >> >> 4. I would suggest alphabetic order listing of the terms in section > 1.2 >> >> 5. Section 1.3.1 - a reference for LDevID would be useful >> >> 6. Section 7: >> >> s/Use of the suggested mechanism/Use of the suggested mechanisms/ >> >> > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Anima] Genart telechat review of draft-ietf-anim… Dan Romascanu via Datatracker
- Re: [Anima] Genart telechat review of draft-ietf-… Esko Dijk
- Re: [Anima] Genart telechat review of draft-ietf-… Michael Richardson
- Re: [Anima] Genart telechat review of draft-ietf-… tom petch
- Re: [Anima] [Gen-art] Genart telechat review of d… Alissa Cooper
- Re: [Anima] Genart telechat review of draft-ietf-… Michael Richardson
- Re: [Anima] Genart telechat review of draft-ietf-… Dan Romascanu
- Re: [Anima] [Gen-art] Genart telechat review of d… tom petch
- Re: [Anima] [Gen-art] Genart telechat review of d… tom petch
- Re: [Anima] [Gen-art] Genart telechat review of d… Michael Richardson
- Re: [Anima] [Gen-art] Genart telechat review of d… Michael Richardson
- Re: [Anima] [Gen-art] Genart telechat review of d… tom petch
- Re: [Anima] [Last-Call] [Gen-art] Genart telechat… tom petch