IETF Logo Mail Archive

Re: [Anima] Last Call: <draft-ietf-anima-bootstrapping-keyinfra-20.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard

Eliot Lear <lear@cisco.com> Sat, 08 June 2019 13:37 UTC

Return-Path: <lear@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCB61200B2; Sat, 8 Jun 2019 06:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rdZb5wPspBR8; Sat, 8 Jun 2019 06:37:30 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80DA01200A1; Sat, 8 Jun 2019 06:37:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6661; q=dns/txt; s=iport; t=1560001050; x=1561210650; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=8RbUz7tuJV5B7lySmxgLYLpQ27OaUErUsGc7O51jxF8=; b=EGN/pryYo4P1rEvuVEEZEMTcrv0PfMEgNwD8bhvuaWKIDNYRhbc/UoPd QIHpMVDdSMchFIBQajIa5bjF/d9sKYLlxdiuD6h2l71x24kccQpWeua57 npTyebKbPfewaZoR6UUNMDeUa3LezvcpvE+lNDvo4xjCrzdjF3MfSka+B A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOAADsuftc/xbLJq1dCRkBAQEBAQEBAQEBAQEHAQEBAQEBgVQBAQEBAQELAYJ6UjIohBWIe4tfJZh0gWcJAQEBDAEBGA0KAQGEQAKDDTcGDgEDAQEEAQECAQRtHAyFSgEBAQECAQEBIQRHCwULCw4KAgIRDgcCAicwBhODIgGBew8Ppxx+M4QyARNBhSuBDCgBiRKCYIF/gREnDBOCTD6CYQEBAwGBGBsDDxg/gksygiYEiz0zh0KVdQmCEYIbhCmKTYIxG4IlaYYTjXqUJowggwcCBAYFAhWBZSIdgTszGggbFTsqAYINATMJNYFYMIM5hRSFQT0DMI1QAg0XB4IPFgEB
X-IronPort-AV: E=Sophos;i="5.63,567,1557187200"; d="scan'208";a="12935599"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Jun 2019 13:37:20 +0000
Received: from ams3-vpn-dhcp2071.cisco.com (ams3-vpn-dhcp2071.cisco.com [10.61.72.23]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x58DbIVO007766 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 8 Jun 2019 13:37:19 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Eliot Lear <lear@cisco.com>
In-Reply-To: <20190607211720.y63ysayeqtkgi3lj@faui48f.informatik.uni-erlangen.de>
Date: Sat, 08 Jun 2019 15:37:16 +0200
Cc: ibagdona@gmail.com, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, IETF discussion list <ietf@ietf.org>, anima-chairs@ietf.org, tte+ietf@cs.fau.de, anima@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <60BB0A11-A12B-4EA5-9379-12C75100D64C@cisco.com>
References: <155847367546.2608.5031283783681425886.idtracker@ietfa.amsl.com> <02DFBB01-F7BA-4BCA-B8C5-CF14E8B7A6F4@cisco.com> <20190604192843.gbavqofsq4btcgx3@faui48f.informatik.uni-erlangen.de> <045A7809-CB6F-493E-B9F2-FBF563AD5378@cisco.com> <20190607211720.y63ysayeqtkgi3lj@faui48f.informatik.uni-erlangen.de>
To: Toerless Eckert <tte@cs.fau.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-Outbound-SMTP-Client: 10.61.72.23, ams3-vpn-dhcp2071.cisco.com
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/VvPSFuWROVI-ekdun_XKSY6aYDo>
Subject: Re: [Anima] Last Call: <draft-ietf-anima-bootstrapping-keyinfra-20.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2019 13:37:33 -0000


> On 7 Jun 2019, at 23:17, Toerless Eckert <tte@cs.fau.de> wrote:
> 
> Ok, now i got you (i hope ;-).
> 
> I really liked the c1sco example (not sure if we should mention a real
> company name in such an rfc someone not reading the draft might take
> offense, maybe examp1e.com insted though).

This is a bit tricky with the glyph attack, but certainly the base should be
example.com.


> 
> But taking your thought into account: There is a fundamental difference
> betwen TOFU and out-of-band-authentication/approval (pick a term),
> and the fact that different such mechanisms may have (often human)
> weaknesses does not change this fundamental difference ??


I think the key is that humans oughtn’t rely solely on a visual inspection of whatever is presented in front of them, but rather that they might rely on alternative inputs, such as recommendations made by the registrar provider, or federated services.


> 
> Maybe you want to propose text ?

Manual approval by administrator or selection by administrator.

Eliot
> 
> Cheers
>   Toerless
> 
> On Wed, Jun 05, 2019 at 01:09:09PM +0200, Eliot Lear wrote:
>> Hi Toerless,
>> 
>>> On 4 Jun 2019, at 21:28, Toerless Eckert <tte@cs.fau.de> wrote:
>>> 
>>> Thanks, Eliot,
>>> 
>>> re-reading 10.3, my impression is:
>>> 
>>> a) The use of TOFU in 10.3 seems to exceed the explanatory definition in 1.2.
>>> The sentence stubs in 103 mentioning TOFU also don't seem to add value, the text
>>> doesn't become IMHO worse if they are simply removed. And i am sure
>>> there can easily be similar non-cyptographic leap of faiths in sales integration,
>>> or consortium memberships trust chaing establishment.
>> 
>> My point is that those are no longer leaps of faith.
>> 
>> Eliot
>> 
>>> 
>>> b) The text could IMHO be crisper:
>>> 
>>> "will have no problem collaborating with it's MASA" ->
>>> "will have no problem collaborating with it's malicious MASA" ->
>>> 
>>> "the domain (registrar) still needs to trust the manufacturer" ->
>>> "the domain (registrar) still needs to authenticate the MASA" ?
>>> (i hope the latter is the correct interpretation of the text)
>>> 
>>> Cheers
>>>   Toerless
>>> 
>>> On Tue, Jun 04, 2019 at 06:33:00PM +0200, Eliot Lear wrote:
>>>> Just on this text:
>>>> 
>>>> In Section 10.3 the following text exists:
>>>> 
>>>>  o  A Trust-On-First-Use (TOFU) mechanism.  A human would be queried
>>>>     upon seeing a manufacturer's trust anchor for the first time, and
>>>>     then the trust anchor would be installed to the trusted store.
>>>>     There are risks with this; even if the key to name is validated
>>>>     using something like the WebPKI, there remains the possibility
>>>>     that the name is a look alike: e.g, c1sco.com, ..
>>>> 
>>>> First, this isn???t REALLY Trust-On-First-Use, and I would prefer that the term be replaced with something like "out-of-band approval".  This would also be a good area for certification services to step in to indicate the trustworthiness of a manufacturer.
>>>> 
>>>> Eliot
>>>> 
>>>>> On 21 May 2019, at 23:21, The IESG <iesg-secretary@ietf.org> wrote:
>>>>> 
>>>>> 
>>>>> The IESG has received a request from the Autonomic Networking Integrated
>>>>> Model and Approach WG (anima) to consider the following document: -
>>>>> 'Bootstrapping Remote Secure Key Infrastructures (BRSKI)'
>>>>> <draft-ietf-anima-bootstrapping-keyinfra-20.txt> as Proposed Standard
>>>>> 
>>>>> This is a second Last Call. IoT Directorate review was done after the ANIMA
>>>>> WG Last Call and consensus to request the publication, and that review resulted
>>>>> in substantial changes to the document.
>>>>> 
>>>>> The IESG plans to make a decision in the next few weeks, and solicits final
>>>>> comments on this action. Please send substantive comments to the
>>>>> ietf@ietf.org mailing lists by 2019-06-04. Exceptionally, comments may be
>>>>> sent to iesg@ietf.org instead. In either case, please retain the beginning of
>>>>> the Subject line to allow automated sorting.
>>>>> 
>>>>> Abstract
>>>>> 
>>>>> 
>>>>> This document specifies automated bootstrapping of an Autonomic
>>>>> Control Plane.  To do this a remote secure key infrastructure (BRSKI)
>>>>> is created using manufacturer installed X.509 certificate, in
>>>>> combination with a manufacturer's authorizing service, both online
>>>>> and offline.  Bootstrapping a new device can occur using a routable
>>>>> address and a cloud service, or using only link-local connectivity,
>>>>> or on limited/disconnected networks.  Support for lower security
>>>>> models, including devices with minimal identity, is described for
>>>>> legacy reasons but not encouraged.  Bootstrapping is complete when
>>>>> the cryptographic identity of the new key infrastructure is
>>>>> successfully deployed to the device but the established secure
>>>>> connection can be used to deploy a locally issued certificate to the
>>>>> device as well.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> The file can be obtained via
>>>>> https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/
>>>>> 
>>>>> IESG discussion can be tracked via
>>>>> https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/ballot/
>>>>> 
>>>>> The following IPR Declarations may be related to this I-D:
>>>>> 
>>>>> https://datatracker.ietf.org/ipr/2816/
>>>>> https://datatracker.ietf.org/ipr/3233/
>>>>> https://datatracker.ietf.org/ipr/2463/
>>>>> 
>>>>> 
>>>>> 
>>>>> The document contains these normative downward references.
>>>>> See RFC 3967 for additional information:
>>>>>  rfc8368: Using an Autonomic Control Plane for Stable Connectivity of Network Operations, Administration, and Maintenance (OAM) (Informational - IETF stream)
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Anima mailing list
>>>>> Anima@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/anima
>>>> 
>>> 
>>> 
>>> 
>>>> _______________________________________________
>>>> Anima mailing list
>>>> Anima@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/anima
>>> 
>>> 
>>> --
>>> ---
>>> tte@cs.fau.de
>> 
> 
> 
> 
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
> 
> 
> -- 
> ---
> tte@cs.fau.de

v2.23.0 | Report a Bug | By Email