Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-28: (with DISCUSS and COMMENT)

tom petch <> Tue, 31 December 2019 21:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9511812004C; Tue, 31 Dec 2019 13:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 35gcd8cmZ_6e; Tue, 31 Dec 2019 13:22:37 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fe0c::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C37A3120013; Tue, 31 Dec 2019 13:22:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=SvhUH02u8MWjNCM+WCsUgEwCt0UZbReh1A2Q9i385ouGy3NaQ+SH7YrQsal58onKaehruQ7IoMwq9/rf5d9u5YdqcicYd5om838nqFF8AjgNfp8Fkv1C/2XRVQAFyEzuvO7s9WewTk4WxFyxFYXUW/z7865cG0ByiAu1lA2vPNdhrUR+jT4Vy9Tid7e13V+rKkCl8N7I2dnNKH6Rr+DlZbqlDPFzrJgX4ca1QL1FZSjuin76KUvSRPu7wLAGjAtrPQ2DnLUk91L40Fop3emiRaZYM4OIMkpEWfKYruyA04q3ZzDM0YMoKgTNON0aoAbhlU5U8Hkdq26bIT3gW+gMcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SE4L9HL89OG0N5jpj4ra73R+40k6YhwJWasB0MhqrBw=; b=Zf+5TtYMGKipRW48scErxxYqFA0w08UCLOzgoia4oxTL66YDGJP7/BhF7SB9CmII68lMtz5b1Yyf86KZuHBotyTDd7T9E7WpTqyRmpzgsg8+laNxJnVFkLhS0Hjt374j8wjBOQ3F6fcJaLrrpTt+sk5FG5/Axjo8i5+zm6kLZj7NpYhQh52Dlt3TI1OsSwXLqTYFxt1vwgEg6WzsXdfj/pOWND/6Dp/pkCi770HNr8ATXP4HRWhFV1+YwsMfPGBhwSpY88v9+Fr9Yb5IgPLAxVaIdStu+cNgBBggHVPwRHdH+cZ8VV7/K1t5kppyZnm9Pln9GAu8ETJ/r2D7VkI1Zg==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SE4L9HL89OG0N5jpj4ra73R+40k6YhwJWasB0MhqrBw=; b=mYzldYy741kOSR/i/c2G79MS4PnuhlOtBiRM7HXAZXK+t0/ZtsOXuVtGFMvBQxIR4fj4gD+dFtX3vq6p30asaZksldfn4EwKt5aeUnyqwidkVQYmVtuoBRslRFplNE1EbQa/jYEKw9ywSF3skViRQoAyFUsaETy+05escybwzNM=
Authentication-Results: spf=none (sender IP is );
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.8; Tue, 31 Dec 2019 21:22:34 +0000
Received: from ([fe80::4156:4119:dd89:95f7]) by ([fe80::4156:4119:dd89:95f7%5]) with mapi id 15.20.2602.010; Tue, 31 Dec 2019 21:22:34 +0000
To: Michael Richardson <>
References: <> <9637.1574756997@localhost> <> <20062.1576526178@localhost> <> <28309.1577821075@localhost>
Cc: Alissa Cooper <>, IESG <>,,,,
From: tom petch <>
Message-ID: <>
Date: Tue, 31 Dec 2019 21:22:31 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <28309.1577821075@localhost>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO2P265CA0384.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a3::36) To (2603:10a6:208:11e::24)
MIME-Version: 1.0
Received: from [] ( by LO2P265CA0384.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a3::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2581.11 via Frontend Transport; Tue, 31 Dec 2019 21:22:33 +0000
X-Originating-IP: []
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a6adf92e-6724-4836-75ce-08d78e378d6c
X-MS-TrafficTypeDiagnostic: AM0PR07MB4692:
X-Microsoft-Antispam-PRVS: <>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0268246AE7
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(366004)(136003)(376002)(39860400002)(346002)(396003)(189003)(199004)(54094003)(66946007)(4326008)(16526019)(186003)(2616005)(4001150100001)(966005)(66556008)(66476007)(478600001)(2906002)(5660300002)(26005)(53546011)(956004)(33656002)(6486002)(16576012)(8676002)(8936002)(81156014)(54906003)(316002)(81166006)(86362001)(52116002)(36756003)(87266011); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB4692;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
Received-SPF: None ( does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ex2N6MEJOyHk4Xbh7NY1mNba9+TFthx3xaa19Xr24Yv59/a11WxdHz8+/rZjwFV6vW+bgnAtM2crlMrljA4lYgu6XDVg5Q0pVvrjZ67+C6examZhxK3zYUXPHPnLdQgj/ojhq5UvHXQC74N1uHqmSs/v1ZTtyC9uLpHbLYOTX106IueSOAhskFPfHtEANcjSKRrzhvcQyMKg696N5MrT/1+QTCerMKWLs5hdSHgSLgdLR1PUtKTGyUWaT8CghthHOZxULf/nr3qRqR52oNRNeWpd67Uc/jO1/FXpECYxqQipPbs1EvF8omLEcgLZMZ8E3DuGsDYbtAaC1nwGOa78TBrtIx9dWFdxPohGRuV+y+E5HXLQoXFuoZiy43qhlUh/hxScdghNiHL0J8/m3hq58cGxBS5hr1qnqXQmFQwgx/yQBiftJLvXC60aBDH2zr9rD/a6Qk2grZWQ9yjXvwGtgXE+eAo47GLlKfaYhr36m6gCG0qlUD3lOQ9p0xiNrxvZrVnZhQcgd5d2qeY4xHRiKAXmQT77lAb51Fc+ntkQsjU=
X-MS-Exchange-CrossTenant-Network-Message-Id: a6adf92e-6724-4836-75ce-08d78e378d6c
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Dec 2019 21:22:34.4784 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: qCZaVx0T6a8XrdIuzk/W7IIdd2rvREu9EFSdGt5G9mfc2eDZLJg5bSKGIU/TKp5bLH3odF4EIaQvPzjh7CmfIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4692
Archived-At: <>
Subject: Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-28: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 31 Dec 2019 21:22:39 -0000


My e-mail has been rendered almost unusable so I struggle (I cannot 
access the I-D or much else from this PC:-(

My comment about XXXX is that you ask RFC Editor to supply the RFC 
number for an I-D with a name you give but that name is not the same as 
the name at the front of the I-D:-(

When I see [RFC8446] those square brackets make me suspect HTML/XML 
which must not appear in the YANG module which must be plain text.

Security Considerations, the YANG Guidelines RFC says that you must 
mention TLS, HTTPS, etc and give pro forma text for doing so.  As long 
as you still have a YANG module, as you do in s.3.4, I would expect 
those guidelines to apply and so to see something like the pro forma text


tom petch

with apologies to the IESG for all this noise - I would like to drop 
them from the Cc: list but do not quite dare.

On 31/12/2019 19:37, Michael Richardson wrote:
> A diff against -31 is at:
> and will grow to include my responses to Ben's 2019-12-20 comments later today.
> tom petch <> wrote:
>      > Yes you have removed the second YANG module which addresses my comments
>      > about the second YANG module but my other comments mostly remain.
>      > Those about the YANG prefix are fixed.
>      > RFC8040 needs to be in the I-D References
>      > IANA Considerations mentions the removed module but lacks the two
>      > required actions for the remaining module
> I understand now.  I wonder if idnits could be taught to find such issues :-)
> Please see commit:
>      > XXXX is used as a place holder for a document name which is not that of
>      > this I-D and does not exist AFAICT
> Do you mean the self-reference should say "XXXX"?  I have used "THIS
> DOCUMENT" in the past.
>      > The YANG module must be plain text - [RFC8446] looks like HTML/XML
> I'm confused by this comment. I see:
>      > Michael, my initial posts were a response to the Genart review and so
>      > did not include your name, just Anima, Anima chairs, ibagdona, IETF;
>      > you are in this one as (but IETF mailers may have
>      > a habit of thinking you will get an e-mail via one way and suppress
>      > other ways with different e-mail addresses).
> Yes, I wasn't complaining about your actions, but more just lamenting: my
> impression is that the problem is that DMARC is getting in the way, since the
> DT acts as a remailer.   However, has a p=none policy, so it
> shouldn't be a problem... however, maybe it fails the SPF tests themselves.
> {I was forced to switch spam processing systems in the spring, and it really
> has been a PITA to get it configured sensibly.  Very few of them support
> IPv6, and a surprising number of them will not use TLS for final delivery.
> I specifically need to whitelist everything coming from the IETF SMTP machine,
> and I don't think I've accomplished that perfectly yet.}
>          leaf proximity-registrar-cert {
>            type binary;
>            description
>              "An X.509 v3 certificate structure as specified by RFC 5280,
>               Section 4 encoded using the ASN.1 distinguished encoding
>               rules (DER), as specified in ITU-T X.690.
>               The first certificate in the Registrar TLS server
>               certificate_list sequence  (the end-entity TLS certificate,
>               see [RFC8446]) presented by the Registrar to the Pledge.
>               This MUST be populated in a Pledge's voucher request when a
>               proximity assertion is requested.";
>          }
> I'm not sure I see how you are seeing HTML here.
> If you are looking at:
> then the links you are saying are because the HTMLizer sees the reference and
> HTMLizes it.
>      > Security Considerations lacks the required boiler plate for a YANG
>      > module
> I see. I have adapted the text from RFC8366, as we extend it, and the normal
> template does not apply.
> Fixed in commit:
>      > Appendix A still has a typo
> secification -> specification. plege->Pledge.
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]        |   ruby on rails    [