Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 14 July 2019 21:33 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 187C5120294; Sun, 14 Jul 2019 14:33:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0XcerLWXYDL; Sun, 14 Jul 2019 14:33:07 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C59FD12019D; Sun, 14 Jul 2019 14:33:06 -0700 (PDT)
Received: from dooku.sandelman.ca (CPE788a207f397a-CMbc4dfb96bb50.cpe.net.cable.rogers.com [174.116.121.43]) by relay.sandelman.ca (Postfix) with ESMTPS id 4BF431F44C; Sun, 14 Jul 2019 21:33:04 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id AF7251301; Sun, 14 Jul 2019 17:33:22 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Eliot Lear <lear@cisco.com>
cc: draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Adam Roach <adam@nostrum.com>, anima-chairs@ietf.org, The IESG <iesg@ietf.org>, Toerless Eckert <tte+ietf@cs.fau.de>, anima@ietf.org
In-reply-to: <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com>
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com>
Comments: In-reply-to Eliot Lear <lear@cisco.com> message dated "Thu, 11 Jul 2019 23:49:13 +0200."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 14 Jul 2019 17:33:22 -0400
Message-ID: <8869.1563140002@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/VPd22tt3dGAenvjL0V-VJavoL7k>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2019 21:33:09 -0000
Eliot Lear <lear@cisco.com> wrote: > Whether such a voucher would be pinned is something we do not have to > specify, with the risks of it not being pinned being born by the owner. I beg to differ! I think that the security properties are vastly different. It's why we decided when creating RFC8366 not to do bearer tokens. We simply didn't think we were competent enough to specify it tightly enough to not become a security disaster. An unpinned voucher is some kind of bearer token, and if disclosed has significant operational risk. As such, keeping it around/online is a serious issue. A voucher pinned to the public part of a keypair whose private key is kept offline (to be turned over to a new owner) is different because there are potentially far fewer things to keep private. Worse case, it's perhaps the same, I would agree. The bigger problem is that I don't see a way to define such an artifact in a timely fashion, nor do I know which WG we'd do it in. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Anima] Adam Roach's Discuss on draft-ietf-anima-… Adam Roach via Datatracker
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Ted Hardie
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Benjamin Kaduk
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Max Pritikin (pritikin)
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel Halpern Direct
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Barry Leiba
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear