Re: [Anima] I-D Action: draft-behringer-anima-autonomic-control-plane-00.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 16 February 2015 02:53 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A5C41A049C for <anima@ietfa.amsl.com>; Sun, 15 Feb 2015 18:53:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WudKz9Q6fmKn for <anima@ietfa.amsl.com>; Sun, 15 Feb 2015 18:53:30 -0800 (PST)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5D061A0451 for <anima@ietf.org>; Sun, 15 Feb 2015 18:53:29 -0800 (PST)
Received: by mail-pa0-f41.google.com with SMTP id kx10so32046854pab.0 for <anima@ietf.org>; Sun, 15 Feb 2015 18:53:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Yb3bnzJBQy/TLy7CcLmK02pNq/S0OJzKWTqgr4n/CpI=; b=NXk6yD1enReFnX5YY9g8nNRYdpXY8MhwPw7EwFeLNXFx9Mvzc3ml9RIDO+ZXIaqa8s pUKIxd1YRBrtSyZ3aA4QquRhpU94y3EuTaq3NJ+jiTkQt0I6tzXJLBeFUnQ8UlwYjzyI QFv+CjSZQ5cnEQiQR9sv/jx5YPrVJbmPzwUisWxkIj/l1gHDtXpZc+8D2VBM6TYEMC56 d3jayA+mVkmimSN1GIrdoklNY7FpgYEAzxdIj2lzTfutbE+ah+MR23NI/J7J9dqsVWWW QFed/2EHj0AdXuQXd/z10zJNTAV4Kk7tb+ycIeK+nEmmAUt4BEF4eSlvZy+xqt5PompB ueNw==
X-Received: by 10.66.119.238 with SMTP id kx14mr940219pab.149.1424055208969; Sun, 15 Feb 2015 18:53:28 -0800 (PST)
Received: from ?IPv6:2406:e007:4e0d:1:28cc:dc4c:9703:6781? ([2406:e007:4e0d:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id qp3sm12357940pdb.11.2015.02.15.18.53.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Feb 2015 18:53:28 -0800 (PST)
Message-ID: <54E15BB5.6020005@gmail.com>
Date: Mon, 16 Feb 2015 15:53:41 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: "Michael Behringer (mbehring)" <mbehring@cisco.com>, "anima@ietf.org" <anima@ietf.org>
References: <20141017131337.4423.84144.idtracker@ietfa.amsl.com> <5457F566.4080409@gmail.com> <54CA9E92.10802@gmail.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF22EB8AB5@xmb-rcd-x14.cisco.com>
In-Reply-To: <3AA7118E69D7CD4BA3ECD5716BAF28DF22EB8AB5@xmb-rcd-x14.cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/bOhf0mhv2Jh5ifzxO9NiScWS77w>
Subject: Re: [Anima] I-D Action: draft-behringer-anima-autonomic-control-plane-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2015 02:53:32 -0000
Hi Michael,
This may be a bit late but we've been working hard on the GDNP protocol spec...
> 3.1. Preconditions
>
>
> Each autonomic device has a globally unique domain certificate, with
> which it can cryptographically assert its membership of the domain.
> The document [I-D.pritikin-bootstrapping-keyinfrastructures]
> describes how a domain certificate can be automatically and securely
> derived ...
One thing we need to agree on is the size of this cert, or rather of
its hash, which draft-pritikin calls the Domain Identity and sets
at 160 bits. In the GDNP draft we picked 128 bits and called it Device
Certifcate Tag. The good news is that we all agree that it's needed.
> 3.2. Adjacency Discovery
This we can certainly do with the GDNP Discovery and Synchronization
mechanisms. Some details TBD of course, but it's a text book
application of GDNP.
>
> 3.3. Authenticating Neighbors
>
>
> Each neighbour in the adjacency table is authenticated.
I think this falls right out of Discovery since the discovery response
would contain the relevant Domain Identity a.k.a. Device Certifcate Tag
and that can be checked with the CA.
Note that draft-ietf-homenet-dncp has a quite complicated "trust verdict"
mechanism. I personally don't think that is necessary, but we should
probably find out why they included it.
> 3.4. Capability Negotiation
...
> To establish a trusted secure
> communication channel, devices must be able to negotiate with each
> neighbour a set of parameters for establishing the communication
> channel, most notably channel type and security type.
I think GDNP is very likely to end up simply using TLS (although that's
not what the draft says right now, the arguments from the DNCP team
have almost convinced me). In any case, secure channels between GDNP
nodes are fundamental, as for the ACP. I have doubts whether we should
leave options or choices in this area: choices always end up causing
problems later.
But if you do want to negotiate the secure channel, GDNP is the
protocol for the job ;-).
> ... using IPv6 link local
> addresses between two adjacent neighbours. This way, the ACP
> tunnels are independent of correct network wide routing. They
> also do not require larger than link local scope addresses, which
> would normally need to be configured or maintained. Each AN node
> MUST support this function.
Certainly that will be the fall-back. We expect GDNP to run over routed
connections too, but link-local must always work. But as you describe in
section 3.7 and 3.8, routed connections using a ULA are also valuable.
(The protocol is not restricted to ULA of course, but the ACP use case
can certainly have that restriction).
Bottom line: I see no primary difficulty in using GDNP both to help
build the ACP and to exploit it. The Domain Identity/Device Certifcate Tag
issue needs to be resolved but that should be easy.
Regards
Brian
On 12/02/2015 08:12, Michael Behringer (mbehring) wrote:
> We are planning an upgrade, but it'll take some time. I suggest you review now, and we include your comments in the next version.
>
> Michael
>
>> -----Original Message-----
>> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E
>> Carpenter
>> Sent: 29 January 2015 21:57
>> To: anima@ietf.org
>> Subject: Re: [Anima] I-D Action: draft-behringer-anima-autonomic-control-
>> plane-00.txt
>>
>> Hi authors of -autonomic-control-plane,
>>
>> I was thinking of reviewing this draft as a potential application of GDNP, but
>> before I do that, are you planning an update soon?
>>
>> Brian
>>
>>
>> On 04/11/2014 10:36, Brian E Carpenter wrote:
>>> Hi,
>>>
>>> This draft seems fairly clear to me, though I assume it will evolve as
>>> other aspects of anima become clear. The proposal to use a ULA prefix
>>> (section 3.7) seems good, since it decouples the ACP from all external
>>> addressing considerations and will work from a pure factory-reset
>>> condition. However, it does raise a question (which also came up in
>>> homenet recently). What happens if the network partitions? The ACP
>>> will automatically partition too, but it will presumably keep the same
>>> /48 ULA prefix everywhere. Does the partitioned network retain the
>>> same domain ID in both parts? What happends in the part that doesn't
>>> include the trust anchor? What happens if the network recombines -
>>> will there be a risk of clashing subnets created during the partition?
>>>
>>> Also what happens if two previously unrelated networks combine?
>>>
>>> Brian
>>>
>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Brian E Carpenter
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Brian E Carpenter
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Michael Behringer (mbehring)
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Brian E Carpenter
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Michael Behringer (mbehring)
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Brian E Carpenter
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Michael Behringer (mbehring)
- Re: [Anima] I-D Action: draft-behringer-anima-aut… Michael Behringer (mbehring)