Re: [Anima] Moving forward with draft-ietf-anima-autonomic-control-plane
Eliot Lear <lear@cisco.com> Tue, 23 June 2020 06:51 UTC
Return-Path: <lear@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A273A3A17BA for <anima@ietfa.amsl.com>; Mon, 22 Jun 2020 23:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qn7rIIuAunid for <anima@ietfa.amsl.com>; Mon, 22 Jun 2020 23:51:23 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D95E3A17BB for <anima@ietf.org>; Mon, 22 Jun 2020 23:51:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6062; q=dns/txt; s=iport; t=1592895083; x=1594104683; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=TmQwtCsgFiOUoW7UvwXxcZaEsbgYADP9bQTwZqJTqAo=; b=HmKRB2Bq4PHpbd/2wtLbnpPfyrbwdC6G24PPi2Da9IMpvYWHB/UnPqwo 35HjpdeSQfmavQecBlBgoxVWCRw9CFre1ayEEhniVf6yQpifqUH5zaC1p 4DjVNrH09Cth8cDC+3pqGo78NTRDix16AKY0TTFwpeHltejCXq/vxY7US 8=;
X-IronPort-AV: E=Sophos; i="5.75,270,1589241600"; d="scan'208,217"; a="27300361"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jun 2020 06:51:21 +0000
Received: from [10.61.204.134] ([10.61.204.134]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 05N6pKnK021216 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 23 Jun 2020 06:51:21 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <6EA0BD6D-2B81-4428-A45A-24A0A21B73D0@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_149AD8D2-18F1-423A-9F94-A7DEA30EF5F5"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 23 Jun 2020 08:51:20 +0200
In-Reply-To: <20200623033116.GG58278@kduck.mit.edu>
Cc: Eric Vyncke <evyncke@cisco.com>, Eric Rescorla <ekr@rtfm.com>, Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>, Anima WG <anima@ietf.org>, "Michael.H.Behringer@gmail.com" <Michael.H.Behringer@gmail.com>, "tte+ietf@cs.fau.de" <tte+ietf@cs.fau.de>, "Joel M. Halpern" <jmh@joelhalpern.com>, "warren@kumari.net" <warren@kumari.net>, "sbjarnason@arbor.net" <sbjarnason@arbor.net>, "jiangsheng@huawei.com" <jiangsheng@huawei.com>
To: Benjamin Kaduk <kaduk@mit.edu>
References: <1C60B01B-3258-4F93-A782-2B2940CAAC49@cisco.com> <20200623033116.GG58278@kduck.mit.edu>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Outbound-SMTP-Client: 10.61.204.134, [10.61.204.134]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/VyfCkziHEKlSXkrsSnb-debgxv0>
Subject: Re: [Anima] Moving forward with draft-ietf-anima-autonomic-control-plane
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2020 06:51:27 -0000
Hi Ben > On 23 Jun 2020, at 05:31, Benjamin Kaduk <kaduk@mit.edu> wrote: > > Russ has been helping reach out to more of the PKIX community; one > suggestion that came up so far is to consider defining a dedicated URI > scheme and using a uniformResourceIdentifier SAN -- did the WG consider > that in the initial discussions? I don’t know if the group looked at this, but I can say that from a public CA standpoint, it’s not much different from otherName because there is a requirement to validate the name. A new URI scheme would require a new resolution mechanism. Perhaps that is needed as part of ACP anyway. The one value of URI is that it is easier to configure in some of the tooling like OpenSSL. What disturbs me about all of this is that public CAs will accept otherNames and produce garbage out. That’s just asking for a boot to the head* from a vulnerability perspective. Eliot *https://www.youtube.com/watch?v=-V1Mn5-xF0w <https://www.youtube.com/watch?v=-V1Mn5-xF0w> ** (And one for Jenny and the whimp)
- [Anima] Moving forward with draft-ietf-anima-auto… Eric Vyncke (evyncke)
- Re: [Anima] Moving forward with draft-ietf-anima-… Benjamin Kaduk
- Re: [Anima] Moving forward with draft-ietf-anima-… Eliot Lear
- Re: [Anima] Moving forward with draft-ietf-anima-… Eric Rescorla
- Re: [Anima] Moving forward with draft-ietf-anima-… Eliot Lear
- Re: [Anima] Moving forward with draft-ietf-anima-… Eric Rescorla
- Re: [Anima] Moving forward with draft-ietf-anima-… Eliot Lear