Re: [Anima] Mirja Kühlewind's No Objection on draft-ietf-anima-bootstrapping-keyinfra-22: (with COMMENT)
Mirja Kuehlewind <ietf@kuehlewind.net> Wed, 17 July 2019 09:21 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E9B12063D; Wed, 17 Jul 2019 02:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1n-2adJ--qVR; Wed, 17 Jul 2019 02:21:18 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 527A1120637; Wed, 17 Jul 2019 02:21:18 -0700 (PDT)
Received: from 200116b82c292800c8cfb4743a3e4aca.dip.versatel-1u1.de ([2001:16b8:2c29:2800:c8cf:b474:3a3e:4aca]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hng7d-0006PD-Ni; Wed, 17 Jul 2019 11:21:13 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <24814.1563296511@localhost>
Date: Wed, 17 Jul 2019 11:21:10 +0200
Cc: draft-ietf-anima-bootstrapping-keyinfra@ietf.org, tte+ietf@cs.fau.de, anima-chairs@ietf.org, The IESG <iesg@ietf.org>, anima@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB320B9E-2AB8-4EFB-A50B-F7207D59C068@kuehlewind.net>
References: <156285232840.32370.18027192977627346503.idtracker@ietfa.amsl.com> <24814.1563296511@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1563355278;f881d165;
X-HE-SMSGID: 1hng7d-0006PD-Ni
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/U_i_oQdQLAePGEEMA4FK5r9Oq6k>
Subject: Re: [Anima] Mirja Kühlewind's No Objection on draft-ietf-anima-bootstrapping-keyinfra-22: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2019 09:21:21 -0000
Hi! Please see below. > On 16. Jul 2019, at 19:01, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > {I almost hit the 'n'ext key on this email when I read you had No > Objection... I wonder if the DT should link the comments in the DT > to the thread that results} No problem. I guess the discusses are more important to figure out first anyway. > > Mirja Kühlewind via Datatracker <noreply@ietf.org> wrote: >> I agree with Alissa's discuss that the conclusion of section 10(.3) >> should be to recommend a manual configuration mode. Also with respect > > okay. > >> to section 10.2: if ownership is "enforced" by the manufacturer, there >> should also probably be a way for the buyer to check if ownership was >> transferred by the saler during the re-sale process. > > So you are asking for an additional API from the JRC to the MASA. > It would need to include something like: > > a) a POST from selling-JRC to MASA to ask MASA for if a resale would be granted. > This could result in some statement that the seller could show to the > buyer that would validate that the transaction can occur. > b) a POST from selling-JRC to MASA to indicate to whom the sale was made, > this would have to include some reference to the buyer. > c) a GET from the selling-JRc and also buyer-JRC that would ask who > the current owners is supposed to be. > > (c) could in theory be done with the auditlog, provided that the (b) process > installed the buyer as an authorized entity that could query the auditlog. > It would probably be better to have the MASA do the thinking here, rather > than the JRC. > > I can imagine creating such APIs. There probably needs to be some > buyer-JRC/seller-JRC APIs, or at least conventions. This could easily become > a rathole attracting all sorts of online sales API. Were this to be added to > this document, or to an extension document, I'd want to have significant > involvement from some people who build financial/sales systems, or at least > From the operations divisions of some buyers (operators) and sellers (vendors). I was mostly thinking about discussing this case in the text, rather than add a specific mechanism. E.g. you could say c) is an option that can be used right away and a more dedicated interface could be considered in future. > >> Two other small comments on more load related points: > >> 1) sec 4.1: "Connection attempts SHOULD be run in parallel to avoid >> head of queue problems wherein an attacker running a fake proxy or >> registrar could perform protocol actions intentionally slowly. The >> pledge SHOULD continue to listen to for additional GRASP M_FLOOD >> messages during the connection attempts." One minor comment: Maybe >> also say explicitly, while running in parallel, one should not send all >> initial messages at exactly the same time but pace them out (e.g. one >> every 3 secs) to avoid network overload when initial connectivity is >> very constraint. > > I take your point. > In the ANIMA ACP situation, please think about the situation as being a > multiport BFR with three+ 100G fiber connections to other cities. Or, one or > more ports plugged into some (unmanaged or probably outsourced) L2 fabric that > has multiple other ACP devices on it. I guess that doesn’t map to the IoT case that is also discussed in the doc. However, this is a usual safety measure we are building in all protocols (expect there is a good reason to do otherwise), e.g. also for routing protocols, because you never know for sure how future deployment scenarios will look like. > >> 2) sec 4.3: " It must be sufficiently low that the aggregate amount of >> periodic M_FLOODs from all EST servers causes negligible traffic across >> the ACP." I know this is a little bit a blurry requirement but I would >> still like to see a MUST here. Or maybe give an upper bound for the >> maximum frequency, e.g. MUST NOT send more than once per minute...? Not >> sure it there is a reasonable value here. > > I'm hesistant to write anything specific here. There are two reasons. > One is that we really don't have any experience running ACPs yet, or how much > bandwidth will typically be available, and we also don't know how many JRCs > a typical operator might deploy. > > The second reason is that I think that this should really be dealt with in: > https://datatracker.ietf.org/doc/draft-ietf-anima-autonomic-control-plane/ > (or mabe https://datatracker.ietf.org/doc/draft-ietf-anima-grasp/) > > ACP section 6.1.4.1 defines an M_FLOOD for the SRV.est. This is not > necessarily the JRC, btw, as certificate renewal might be performed by > a different system than enrollment. It does say: > > The M_FLOOD message MUST be sent periodically. The default SHOULD be > 60 seconds, the value SHOULD be operator configurable but SHOULD be > not smaller than 60 seconds. The frequency of sending MUST be such > that the aggregate amount of periodic M_FLOODs from all flooding > sources cause only negligible traffic across the ACP. > > I will copy this text. That would be good! Thanks! Mirja > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > >
- [Anima] Mirja Kühlewind's No Objection on draft-i… Mirja Kühlewind via Datatracker
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Michael Richardson
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Mirja Kuehlewind
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Michael Richardson
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Mirja Kuehlewind