[Anima] My comments about draft-richardson-anima-voucher-delegation-00:
"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Fri, 28 February 2020 06:37 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 145AF3A1147 for <anima@ietfa.amsl.com>; Thu, 27 Feb 2020 22:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3b46jL73j7No for <anima@ietfa.amsl.com>; Thu, 27 Feb 2020 22:37:43 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A9693A1146 for <anima@ietf.org>; Thu, 27 Feb 2020 22:37:43 -0800 (PST)
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 6340ECAE5FA861E0AB79 for <anima@ietf.org>; Fri, 28 Feb 2020 06:37:41 +0000 (GMT)
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 28 Feb 2020 06:37:40 +0000
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Fri, 28 Feb 2020 06:37:40 +0000
Received: from DGGEMM404-HUB.china.huawei.com (10.3.20.212) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Fri, 28 Feb 2020 06:37:40 +0000
Received: from DGGEMM531-MBS.china.huawei.com ([169.254.6.69]) by DGGEMM404-HUB.china.huawei.com ([10.3.20.212]) with mapi id 14.03.0439.000; Fri, 28 Feb 2020 14:37:35 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: My comments about draft-richardson-anima-voucher-delegation-00:
Thread-Index: AdXuAWluOjgkqUnQTz6LlayjkXYHRQ==
Date: Fri, 28 Feb 2020 06:37:35 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13EC88B43@DGGEMM531-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.46]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F13EC88B43DGGEMM531MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/dv699_CWkWclSTAS3mHfCFlDXN4>
Subject: [Anima] My comments about draft-richardson-anima-voucher-delegation-00:
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 06:37:46 -0000
Hi Michael, This is an interesting draft, please see my comments as below: pg 2: o while the use of a nonceless voucher (see {{RFC8366} section 4) can permit the MASA to be offline, it still requires the public key/certificate of the Registrar to be known at issuing time comment: don't think it as one disadvantage of the BRSKI. As even for the DASA solution, the public key of the registrar are still required to be known at issuing time. At least, this sentence has not clarified the real problem clearly. pg 2: o the MASA must also approve all transfers of ownership, impacting the rights of the initial seller to transfer ownership as they see fit. comment: here, the initial seller seems not very accurate. Who is the initial seller? Actually, the term of "any re-seller/distributer" are more accurate here. pg 2: o if the Registrar has any nonceless vouchers, then it can not change it's public key, nor can it change which certification authority it uses comment: How can the DASA address this problem? pg 2: o the creator of an assembly of parts/components can speak for the entire assembly of parts in a transparent way comment: the creator means the vendor? pg 2: 1.1.1. Disconnected or Offline MASA A Registrar wishes to onboard devices while not being connected to the Internet. comment: how to achieve this goal? by pro-provisioning the related delegation vouchers to the device? pg 2: 1.1.2. Resale of devices An owner of a device wishes to resale devices which have previously been onboarded to a third party without specific authorization from the manufacturer. comment: Does the resoled devices have to be onboarded before? pg 3: assembly comment: assembly means? pg 3: The sub-components of the assembly needs to communicate with other sub-components, and so all the parts need to transparently onboarded. comment: clarification requested. pg 3: This delegation can potentially be repeated multiple times to enable second, third, or n-th level of resale. comment: So, there should be 0..n intermediate vouchers and only one end voucher in the device. right? pg 3: The delegation voucher pins the identity of the delegated authority using a variety of different mechanisms which are covered in Section 7. comment: why do we need a variety of different mechanisms? Is one mechanism defined in this draft not enough? pg 5: Delegation Voucher: a Delegation Voucher is an [RFC8366] format voucher that has additional fields to provide detailed the entity to which authority has been delegated. comment: nit: to provide details of the entity... We need a very clear relation description among the 3 kinds of voucher: delegation voucher, intermediate voucher and end voucher. Leave it to the later discussion! pg 5: Intermediate Voucher: a voucher that is not the final voucher linking a pledge to its owner. comment: Does intermediate voucher equal to the delegated voucher? I think so. pg 5: End Voucher: a voucher that is the final voucher linking a pledge to its owner. comment: Does end voucher equal to the normal voucher? I think so. pg 5: There are a few new fields: pinned-delegation-certificate-authority, pinned-delegation-name, delegation-count. comment: we need the definition of this new fields, not only in the description of the yang model, I think. and some nits: countdown, miss delegation-voucher and intermediate-identities. pg 7: leaf pinned-certificate-authority { comment: How does the upper-layer MASA/DASA know the pinned-certificate-authority which will delegtate out? pg 7: leaf delegation-voucher { comment: a chain of delegation-vouchers on the delegation path? or a nested voucher structure? And the voucher is a CMS structure with signature, right? if there is delegation information, it should be in this delegation-voucher field. And for the MASA created voucher, it should not include the delegation-voucher, since it is the up-most entity in the supply chain and no other entity can delegate the authority to it, right? How about the new DASA URL? pg 8: leaf delegation-countdown { type int16; description "Number of delegations still available. If zero or omitted, then this is a terminal voucher and may not be further delegated"; comment: terminal voucher is not end voucher! It should be the initial voucher created by the MASA and does not include delegation-voucher field, right? Furthermore, it seems that the countdown field is redundant with the delegation-voucher. pg 8: <CODE ENDS> comment: Who sign the end voucher? Can the intermediate voucher independently exist? pg 8: 3.3. Delegation of multiple devices A MASA MAY delegate multiple devices to the same Registrar by putting an array of items in the "serial-number" attributes. (XXX-how to describe this in the YANG) comment: What is the use case? Current BRSKI does not support this, but should? pg 8: A pledge which has previously stored a delegation voucher and delegated authority, SHOULD include it in its voucher request. This will be in the form of a certificate provided by the "previous" owner. comment: include it = include the delegation voucher? I still think that a delegation voucher can not really exist as an instance, it's actually an end voucher including a series of intermediate vouchers in itself. pg 9: A certificate from the set of intermediate-identities is expected to validate the signature on this zeroth end-entity voucher. (XXX- This attribute can be replaced by the CMS certificate chain) comment: The intermediate-identities list should have the same order with the intermediate voucher chain backwards along the delegation path to the MASA. In last sentence, it said that the zero voucher has not been signed. Here, how to validate its signature? Why is the regarding certificate expected to validate the zero voucher? pg 9: working set of trust anchors. comment: So, the pledge has multiple trust anchors possibly. So, the next question is how does the pledge or the registrar know which trust anchor to choose for next onboarding procedure? B.R. Frank This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
- [Anima] My comments about draft-richardson-anima-… Xialiang (Frank, Network Standard & Patent Dept)