IETF Logo Mail Archive

Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 16 July 2019 20:31 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA1D6120113 for <anima@ietfa.amsl.com>; Tue, 16 Jul 2019 13:31:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BeQikQ06opv for <anima@ietfa.amsl.com>; Tue, 16 Jul 2019 13:31:42 -0700 (PDT)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7AE3120041 for <anima@ietf.org>; Tue, 16 Jul 2019 13:31:42 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id w10so9995607pgj.7 for <anima@ietf.org>; Tue, 16 Jul 2019 13:31:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=izO8fldMWnwL68MK8+py+bB3cZQHt5lu2qI9NpFN4tw=; b=JAHUHRMj0je5CWVzwAnZWfhmrR0oQThSQrAeYW4J+CcmOBHWqXz8T7KjLCcXKu+BTh 5dXgBV78sH2V1HnEHnywbzmZUXuouXrW2ryXtenfgUu2gwoLwlhmge9PoItcKOcIMUpd fH5mYJ9SePVkKjwzIvc2eLMZ61w6X78X9v/8PdxdmseXOjP7N9UQsM4VqfrfIedbBdEX abBZ/Hfeh+b7vNFo2nPqGgLgh/CxQzJmgvdc77vcAYbeYtEh1XKV2dA5NSujoqzZv+jZ IKwH9KA/HHYU8bNHDU2sE4MNfc7BK8ImgMzz/ltuEFlYWqbNDuvJrgEJYqsFaPf9K42b YpzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=izO8fldMWnwL68MK8+py+bB3cZQHt5lu2qI9NpFN4tw=; b=HZD2MwxY5IQysru4eTKv/oMn+mz/Ktt5yOcBrsG1J3iBwA6UsrkaLKrmb2nE3953dF Wf4p8Jvj+FQXWaqKGY/0mjjG8am9lrMS4wvdqir4m8IZsReCzIJx3gItbm3TKehd3iL7 aTZac4I29yz6rIk68y3B5EjM7vBExXKlt10twMAOuStEBYf1VPCzfE/wKJwLEwAyeGB9 cl3hjs42XC5cAb0TqukithZyOi655ucl95VuSxEAzMH3rQDBZZPWitusJPfx0a+e2sJv iz5AapObXZnFiOVtG8wnMEnj6Ee/ITN2g4+bwmRgD8+u2l97qlRo8wAmgLv+09HgIUUC zBRw==
X-Gm-Message-State: APjAAAWPrRnklaG1aHPv8SWLoNRwYWq/qp67D/uKnxfWYOtvfMdcQgEp nrlP0lUJy8SRL4pOGI74ObmeRaA2
X-Google-Smtp-Source: APXvYqxpq3D77aMLpkfb2A9fRQKrnwiFFD2xOgYeIl37Ghad2V2C+Qy65Hs/2rR0odp6Yf+7gHkj5g==
X-Received: by 2002:a17:90a:8c90:: with SMTP id b16mr38699578pjo.133.1563309102001; Tue, 16 Jul 2019 13:31:42 -0700 (PDT)
Received: from [192.168.178.30] (40.226.69.111.dynamic.snap.net.nz. [111.69.226.40]) by smtp.gmail.com with ESMTPSA id c69sm24317694pje.6.2019.07.16.13.31.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jul 2019 13:31:41 -0700 (PDT)
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Eliot Lear <lear@cisco.com>
Cc: Adam Roach <adam@nostrum.com>, anima@ietf.org
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com> <8869.1563140002@dooku.sandelman.ca> <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com> <376eee31-0264-38a8-1d32-901bb1a0671b@gmail.com> <9e341730-dc47-8860-47d4-6421ab04d0dc@nostrum.com> <6ecdae7f-4fb7-d9fc-f19f-bf742c6fe83c@joelhalpern.com> <193EB8D1-3E58-4570-AC4D-55737E3D36CF@cisco.com> <a544c69a-38e2-4e6e-bc4f-752bbe524fa8@joelhalpern.com> <70FB01AF-08A1-4542-B944-556F51F98E5F@cisco.com> <fa09c4fa-c923-babd-735b-72741d41a35b@joelhalpern.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <505f5437-8626-ab42-9eae-f5e1c3ac7a43@gmail.com>
Date: Wed, 17 Jul 2019 08:31:36 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <fa09c4fa-c923-babd-735b-72741d41a35b@joelhalpern.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/VqOvi4UYaPDqkgvNYxK3MoMwLng>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 20:31:45 -0000

Up-levelling the topic a little bit:

It seems to me that from the amount of interest and discussion, BRSKI
is going to be quite important (or a resounding failure, in which case
this is all beside the point). Assuming it's a success, there will
inevitably be updates and enhancements.

So, I'd prefer that we don't try to solve all problems now. I'd rather
get the first version to Proposed Standard next week...

Regards
   Brian Carpenter

On 17-Jul-19 01:57, Joel M. Halpern wrote:
> I can't tell from this whether you agree that it is reasonable to put in 
> some mechanism to address this issue?
> 
> Yours,
> Joel
> 
> On 7/16/2019 9:40 AM, Eliot Lear wrote:
>> Hi Joel,
>>
>>
>>
>>> On 16 Jul 2019, at 14:59, Joel Halpern Direct <jmh.direct@joelhalpern.com> wrote:
>>>
>>> I am having trouble connecting your reply with my request.
>>> Let's take the direct issue first, and then the analogy.
>>>
>>> I had suggested a specific enhancement to device behavior.  The response was "but that removes the theft protection."  It is that form of theft protection that I am objecting to.  As far as I can tell, the mechanism I suggested does not break zero touch.  It allows someone who controls their network, and who physically controls a new device, to put that new device in their network without asking anyone's permission.
>>> It does not permit someone with a device, but not network control, from adding that device to the network.  It does not permit someone with control of the network, but not physical access to the device, to achieve anything special.  So it seems compatible with the goals.
>>
>> My apologies I took your statement as something more general than you intended.  With respect to this from earlier:
>>
>>> I have assumed that what we needed is the ability for a buyer, who has physical possession of the device, and possibly some simple (non cryptographic) credentials provided by the seller to force the device to reset what it thinks it is part of, and to emit in some accessible form the information the buyer needs to be able to make this device part of his network, using his authentication servers, etc.
>>
>>
>> That was indeed what we discussed.  We just got into means a bit more than perhaps necessary.  I’ll point out that it’s always going to be a manufacturer call on how best to do this; and how to transport credentials, and how to keep them safe, even.
>>
>>>
>>> In terms of the analogy, I would have problem with IEtF defining a new protocol that added significant risk to the buyer when they buy from new vendors.
>>> And existing vendors do go out of businesses.  And vendors do end-of-life products.  (You can't get a new key to your car because the vendor has stopped supporting that model???)
>>
>> I wouldn’t implement a 1:1 mapping products->MASA server function.  That seems excessive.  And rare is the case when a vendor EOLs a product and then cripples it through an update mechanism.  The only issue here is whether a database entry would stay around.
>>
>>
>>>
>>> Now it may be that the particular approach I suggested won't work.  But it seems to me that there needs to be a way for folks to keep using, and to keep re-selling, devices without the support of the vendor.  That usage may not get all the zero-touch advantages that supported re-sale would get.  But it has to work.  And putting the onus for that on the original vendor does NOT seem an effective solution.
>>
>> I think you mean, “requiring the vendor to stay around for ever doesn’t seem like an effective solution.”  Again, I don’t want to overgeneralize.
>>
>> Eliot
>>
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email