Re: [Anima] northbound/southbound U interface (Re: New Version Notification for draft-richardson-anima-registrar-considerations-07.txt)

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 17 May 2023 21:35 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84231C151095; Wed, 17 May 2023 14:35:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHNrvvFq1ilM; Wed, 17 May 2023 14:35:01 -0700 (PDT)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFB4AC15108D; Wed, 17 May 2023 14:35:01 -0700 (PDT)
Received: by mail-pl1-x631.google.com with SMTP id d9443c01a7336-1ab1b79d3a7so10513145ad.3; Wed, 17 May 2023 14:35:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684359301; x=1686951301; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=mYtKvF9lLP5h/MtFn05Kq4jG2LMpUwpdEXlDV1M/7AE=; b=pXHf94vAbh/OwFqc9tzv3SGQ54O9DIJb9wwEg25PE2PDHBK4s4l5IBUJWhGQENZ4A1 BVSdvlB3c4abfy27IaIHVm7tSSenqEkgA4tKq0ZtbhQRAedEJrImKq/3qppYf6MmOEUR nDwHR/V1FO1ItrGwwg5wg6XMOD2gvD+QDxvNc4fyYwoDDEESBPNo7DWwGhhMS8+/7tEN YdERYIfQVlSZMbk8r5aRlOg4P5b8vHTwnjegx+JQxVe3QqrNHMJpgAPcZep8ZEWwRdnQ Jce8ePcW4innnKwJVJUyi4WvykTuw2QQ4JUFSeD7mjypiSS5+ID861/GZ8/XOPivckC7 tc5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684359301; x=1686951301; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mYtKvF9lLP5h/MtFn05Kq4jG2LMpUwpdEXlDV1M/7AE=; b=hBYmErbpxHPeP1Iz4/AmyCjpcq6/vec3zlEKTWDxAnw2LiGnsY4wiQkrFJfKD8raX7 k3M9TXS1ulPesT89jKEY/+NqEDT+cbvEPs+WPJWdcOd6Ln/+wbjinCvtt64zay2cE5zc 2FIVEW84KxkVHAVlo9vP3hrkbmI90dVWhTC7kahwILSYKhsltl+E8nyy0uN0JFGjx/co 8x0BvDaGXVgrfhKphiMZjwGY2zahAlCFklvdW6ZkpzVPoMGo9dKcd4ipVeuKqShfvQpU TYy0apnql9gz5qVVcoo98h9O6jP0b3eEaTdadPJt7B7NylgKlM9OOHaVxedELsvRMIkY t6Zg==
X-Gm-Message-State: AC+VfDx/UE9s4rnq62wMz4I8mG04L4SLnoNxk/Ig0sacl3kzF/T4Ov// MxjLwbuk9W1pKEnJD/i2iSA=
X-Google-Smtp-Source: ACHHUZ7i0hxWdriUXJgD/bDHH24slO/c5DHe++DUZSRQwijjkLoToxZ5AT5Oox1adz4XdqfMUiNncA==
X-Received: by 2002:a17:903:25c4:b0:1ae:2e08:bacb with SMTP id jc4-20020a17090325c400b001ae2e08bacbmr248039plb.10.1684359301164; Wed, 17 May 2023 14:35:01 -0700 (PDT)
Received: from ?IPV6:2406:e003:1184:f001:9991:d1ad:8c20:42bd? ([2406:e003:1184:f001:9991:d1ad:8c20:42bd]) by smtp.gmail.com with ESMTPSA id v11-20020a1709029a0b00b001ac2be26340sm18078830plp.222.2023.05.17.14.34.57 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 17 May 2023 14:35:00 -0700 (PDT)
Message-ID: <1de64abd-cb68-d7ab-e05a-1c03f4a5bc78@gmail.com>
Date: Thu, 18 May 2023 09:34:54 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Michael Richardson <mcr@sandelman.ca>, anima@ietf.org, Goran Selander <goran.selander@ericsson.com>, Mališa Vučinić <Malisa.Vucinic@inria.fr>, lake@ietf.org, draft-selander-lake-authz@ietf.org
References: <168383035344.62624.7146283053246938320@ietfa.amsl.com> <26789.1684093004@localhost>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <26789.1684093004@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/UCiS0-PtElYYpxSFIPNo9ZXWwWA>
Subject: Re: [Anima] northbound/southbound U interface (Re: New Version Notification for draft-richardson-anima-registrar-considerations-07.txt)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2023 21:35:05 -0000

> The private keys from the Southbound interfaces	
> SHOULD NOT be made available on the Northbound interfaces.

This new sentence reads slightly strangely, since private keys must never be available anywhere! Sow what exactly SHOULD NOT be available to the North?

Regards
    Brian

On 15-May-23 07:36, Michael Richardson wrote:
> 
> internet-drafts@ietf.org wrote:
>      > Diff:
>      > https://author-tools.ietf.org/iddiff?url2=draft-richardson-anima-registrar-considerations-07
> 
> The document was due for renewal, and I tried to add some text about how a
> composite architecture may make PoP on the U_w/W (BRSKI-MASA) side difficult if
> the private key is associated only with the U_v interface(s).
> This relates the design team discussion we had around draft-selander-lake-authz.
> 
> I wonder if some more diagrams would help, as I sensed a lot of confusion
> during the call.
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima