[Anima] Brian/anima: trust notion of ASA communications
Toerless Eckert <tte@cs.fau.de> Thu, 06 February 2020 20:59 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D75ED12012A for <anima@ietfa.amsl.com>; Thu, 6 Feb 2020 12:59:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.949
X-Spam-Level:
X-Spam-Status: No, score=-3.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yafLqKhfCL0o for <anima@ietfa.amsl.com>; Thu, 6 Feb 2020 12:59:55 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD64812022A for <anima@ietf.org>; Thu, 6 Feb 2020 12:59:55 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id BE824548015; Thu, 6 Feb 2020 21:59:49 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id B7F34440059; Thu, 6 Feb 2020 21:59:49 +0100 (CET)
Date: Thu, 06 Feb 2020 21:59:49 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: anima@ietf.org
Message-ID: <20200206205949.GD14549@faui48f.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/adW7iJfFVtZ_xDCtR-Vrr3WxL94>
Subject: [Anima] Brian/anima: trust notion of ASA communications
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 20:59:58 -0000
Hi Brian, sorry to pick you out, but i think you've got the best overview of the ongoing set of ASA related docs. I just got reminded through ongoing ACP spec review about something that would be good to write into the appropriate ASA spec, but not sure which one: One of the fundamental problems we have to solve longer term is how we can establish better than "Any ANI peer is equally trusted" notion. Short term, i'll propose when i have time to have according roles in the ANI certificates, but thats really a non-autonomic solution because some outside intelligence (operator) has to assign such a role. In reality today, its family,friends,colleagues&media that establish the trust notion for us: trust foo.com to provide service bar, but certainly not acme.com. The fact that you can then cryptographically (web-Cert) assert that you're really talking to foo.com is really just a secondary dependency. I think DINRG is working in this direction, but have failed to track. Maybe there is a way to collaborate on this, aka: see if/when they might have output we could think to adopt/leverae. But its fundamental if we want to move into more autonomic solutions beyond just supporting the current SDN model. Right now we expect objective announcements from any node to be equally trustworthy and decide on selecting one only on announced parameters (also subject to equal trust) and network parameter comparison. And of course, this goes beyond trust into performance vetting by others and so on. Trying to figure out the most easy use-case would also be quite helpfull. aka: what the most short term useful ASA that we'd like to have spread around the network, where we could apply different degrees of these mechanisms... Cheers Toerless
- [Anima] Brian/anima: trust notion of ASA communic… Toerless Eckert
- Re: [Anima] Brian/anima: trust notion of ASA comm… Michael Richardson
- Re: [Anima] Brian/anima: trust notion of ASA comm… Brian E Carpenter
- Re: [Anima] Brian/anima: trust notion of ASA comm… Toerless Eckert
- Re: [Anima] Brian/anima: trust notion of ASA comm… Brian E Carpenter
- Re: [Anima] Brian/anima: trust notion of ASA comm… Michael H. Behringer
- Re: [Anima] Brian/anima: trust notion of ASA comm… Brian E Carpenter
- Re: [Anima] Brian/anima: trust notion of ASA comm… Michael Richardson
- Re: [Anima] Brian/anima: trust notion of ASA comm… Michael H. Behringer