Re: [Anima] Alissa Cooper's No Objection on draft-ietf-anima-bootstrapping-keyinfra-28: (with COMMENT)
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 16 October 2019 21:11 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47F06120111; Wed, 16 Oct 2019 14:11:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id whmY3YkKMCay; Wed, 16 Oct 2019 14:11:45 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7976D12007C; Wed, 16 Oct 2019 14:11:45 -0700 (PDT)
Received: from dooku.sandelman.ca (214-137-20-31.ftth.glasoperator.nl [31.20.137.214]) by relay.sandelman.ca (Postfix) with ESMTPS id B5E781F455; Wed, 16 Oct 2019 21:11:43 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 3B7CF1034; Wed, 16 Oct 2019 23:12:37 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Alissa Cooper <alissa@cooperw.in>
cc: The IESG <iesg@ietf.org>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, tte+ietf@cs.fau.de, anima@ietf.org, anima-chairs@ietf.org
In-reply-to: <157123740701.7846.2279800529937414763.idtracker@ietfa.amsl.com>
References: <157123740701.7846.2279800529937414763.idtracker@ietfa.amsl.com>
Comments: In-reply-to Alissa Cooper via Datatracker <noreply@ietf.org> message dated "Wed, 16 Oct 2019 07:50:07 -0700."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 16 Oct 2019 23:12:37 +0200
Message-ID: <10034.1571260357@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/bXfJPoaOT6VHuOY7eS5kCsz_Jjg>
Subject: Re: [Anima] Alissa Cooper's No Objection on draft-ietf-anima-bootstrapping-keyinfra-28: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 21:11:47 -0000
Alissa Cooper via Datatracker <noreply@ietf.org> wrote: > I think this document would benefit from two concise lists, with notes about > which items in each list are defined in this document and which ones are not > defined: (1) what is operationally required of a manufacturer to support BRSKI, > and (2) what is operationally required of a domain owner to support > BRSKI. Please see a diff at: https://tinyurl.com/y5l4xz3z I will not get to the YANG Doctor review before the IESG call tomorrow, so I won't post -29 until I do. I have add a section with this list: 9.1. Operational Requirements . . . . . . . . . . . . . . . . 70 9.1.1. MASA Operational Requirements . . . . . . . . . . . . 70 9.1.2. Domain Owner Operational Requirements . . . . . . . . 71 9.1.3. Device Operational Requirements . . . . . . . . . . . 72 I have placed it under the Applicability statement to ACP, as I think that other users might need to change things. > = Section 2.3.1 = > What precisely is meant by "TPM identification"? Could a citation be > provided? In -28 we don't have the words TPM identification. We ripped the TPM identification out a few revisions ago. It was a point form about a subjectAltName that might come from the 4108 HardwareModuleName. The text was there as a workaround for legacy/deployed TPM modules out there; it turns out the concerns were ill-founded. > = Section 10.1 = > "The domain can maintain some privacy since it has not necessarily been > authenticated and is not authoritatively bound to the supply chain." > What does this mean? That the domain can expect the manufacturer not to trust > the domainID because it hasn't been authenticated? A domain that didn't want to leave so many traces in the audit-log could cycle through different key pairs much like we do with IPv6 temporary addresses. > = Section 10.2 = > "The above situation is to be distinguished from a residential/ > individual person who registers a device from a manufacturer: that an > enterprise/ISP purchases routing products is hardly worth mentioning. > Deviations would, however, be notable." > What does the last sentence mean? That text was changed in -28 to: The above situation is to be distinguished from a residential/ individual person who registers a device from a manufacturer. Individuals do not tend to have multiple offices, and their registrar is likely on the same network as the device. A manufacturer that sells switching/routing products to enterprises should hardly be surprised if additional purchases switching/routing products are purchased. Deviations from a historical trend or an establish baseline would, however, be notable. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima] Alissa Cooper's No Objection on draft-iet… Alissa Cooper via Datatracker
- Re: [Anima] Alissa Cooper's No Objection on draft… Michael Richardson