IETF Logo Mail Archive

Re: [Anima] Adoption call for draft-fries-anima-brski-async-enroll-03, ends July 1st 2020

"Fries, Steffen" <steffen.fries@siemens.com> Mon, 22 June 2020 08:41 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 392813A0BAD; Mon, 22 Jun 2020 01:41:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHCUYvqZRlrT; Mon, 22 Jun 2020 01:41:46 -0700 (PDT)
Received: from gw-eagle1.siemens.com (gw-eagle1.siemens.com [194.138.20.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2AC53A0BA9; Mon, 22 Jun 2020 01:41:45 -0700 (PDT)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de [139.25.224.78]) by gw-eagle1.siemens.com (Postfix) with ESMTPS id A14D44F003E; Mon, 22 Jun 2020 10:41:42 +0200 (CEST)
Received: from DEMCHDC89YA.ad011.siemens.net (demchdc89ya.ad011.siemens.net [139.25.226.104]) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id 1092315522179; Mon, 22 Jun 2020 10:41:41 +0200 (CEST)
Received: from DEMCHDC8A1A.ad011.siemens.net (139.25.226.107) by DEMCHDC89YA.ad011.siemens.net (139.25.226.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Mon, 22 Jun 2020 10:41:41 +0200
Received: from DEMCHDC8A1A.ad011.siemens.net ([139.25.226.107]) by DEMCHDC8A1A.ad011.siemens.net ([139.25.226.107]) with mapi id 15.01.1979.003; Mon, 22 Jun 2020 10:41:41 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: Sheng Jiang <jiangsheng@huawei.com>, Anima WG <anima@ietf.org>, "anima-chairs@ietf.org" <anima-chairs@ietf.org>, "Rob Wilton (rwilton)" <rwilton@cisco.com>
Thread-Topic: [Anima] Adoption call for draft-fries-anima-brski-async-enroll-03, ends July 1st 2020
Thread-Index: AQHWSDBtaclimbANOkiK+Y6kXbVaTajkH8nQ
Date: Mon, 22 Jun 2020 08:41:41 +0000
Message-ID: <9641bc176f334dec818c0105e64d4a39@siemens.com>
References: <f8c2df730dad489d88303c6d8682caee@huawei.com> <8922.1592787566@localhost>
In-Reply-To: <8922.1592787566@localhost>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.145.220.65]
x-tm-snts-smtp: EE15CAB3470FEF24060FF60D628F3A6AE0CC542A71683FA3BBC1EC75FD070F2D2000:8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/WQLr3QraDn0fDAK7s2kJF0eVdC4>
Subject: Re: [Anima] Adoption call for draft-fries-anima-brski-async-enroll-03, ends July 1st 2020
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 08:41:47 -0000

Hi Michael

> -----Original Message-----
> From: Anima <anima-bounces@ietf.org> On Behalf Of Michael Richardson
> Sent: Montag, 22. Juni 2020 02:59> 
> I have read draft-fries-anima-brski-async-enroll-03 and I would be happy to
> have it as the basis for an extension.   PLEASE ADOPT.

Thanks for the support.

> ---
> 
> While I think that section 4 is very well fleshed out, I think that section 5 will
> need revisions.  While it attempts to mirror the structure of the BRSKI
> document, I think that probably is both unnecessary, and also too verbose.
I'm currently about to update that section as well as section 6 to remove any duplication of BRSKI approaches already described and kept unchanged.

> I think that use of EST is probably wrong: more choices here is not better.
> CMP is the right protocol, because there will not be a consistent transport to
> secure.  I am not sure how to integrate RFC8366 vouchers into CMP.
We strive for a protocol agnostic approach, which allows to use existing enrollment protocols. As EST also supports signed objects with fullcmc it can be used as well. It would most likely require to enhance EST to specify how fullcmc is supported, which may go into a similar direction as the lightweight CMC. 
Also, in BRSKI we did not change the defined voucher exchange to be carried out with other enrollment protocols. We have not seen this as integral part of EST. At least for CMP it would be possible to transmit the voucher as part of a general message. But we tried to leave as much as possible from the original approach to keep the registrar enhancements focused on the enrollment only. 

> I believe that this work needs focus on the lightweight CMP profile.
> I don't know CMP well enough to comment on how to do this yet.
We currently have a usage mapping to lightweight CMP and EST included in section 7.

> Since we are dealing with signed objects, I wonder if COSE/CoID objects
> would not be better signed containers.  That's clearly *not* bits-on-the-wire
> CMP, but if it's 1:1 with CMP objects, then it may be easier to integrated into
> existing CMP infrastructure.
Good point. While we are currently focusing on being protocol agnostic, object agnostic came into the game as well. In the next update we also support a discovery mechanism for supported enrollment protocols on the registrar, which should also allow to transport the information about the different encodings supported by the registrar as context type. 

Best regards
Steffen
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email