Re: [Anima] [Gen-art] dealing with many the secdir and genart comments [on draft-ietf-anima-bootstrapping-keyinfra]
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 03 December 2018 00:06 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C34130DDB for <anima@ietfa.amsl.com>; Sun, 2 Dec 2018 16:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFwcDFM41cdO for <anima@ietfa.amsl.com>; Sun, 2 Dec 2018 16:06:41 -0800 (PST)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23CC8129533 for <anima@ietf.org>; Sun, 2 Dec 2018 16:06:41 -0800 (PST)
Received: by mail-pf1-x432.google.com with SMTP id b7so5411836pfi.8 for <anima@ietf.org>; Sun, 02 Dec 2018 16:06:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=0xaVhjSCxSjsAGwroCkCaWs09vZPnkjDrcJxlTVE0lM=; b=H+oDylSHvyDgUY73/XkfDDpqMX+Lq5cQgFQ6AcYWOIigS+Il5Jo8YjJ3gFNqFD5JGz 8gnHWoTu0wsygs5kzoMk1IrGwjXb4z+oxa8Go5GK/f1GxWcvsmZ8v3oAfbSwPqeOi1Pn Qa/8PvcPBb4siIEPZ/jTQsevSYXpNw4BrheZHVRFoU59uD00WLkEE/YGDpEqW40XOU6c 6a93jQr53iDYvIs9u5DLmy/lQPTNwq5y6QfHz4DrjH38izJ+UavSJTXdiWXYhA0pZdxK Qbj9DiZlfFEoOPHAp1BQedCxQs0YXLD66MP5Y4PgoICCBTOCeVZpb0iuorNKGCWnUCy7 hAoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=0xaVhjSCxSjsAGwroCkCaWs09vZPnkjDrcJxlTVE0lM=; b=S/HaujWB4qu6cToXUEZmtVF4mHRocfIu6E1V02TQ/01khljzE2bgK8ZeDo1t5k/RQ1 s9YLCKus2rEwP/IK7q79ZHXUJLmhC8KGljoz9aev1nfh79PuZ2ZRAAMa9+jyIFNI9OAD KkgPUefKx7FGbn8IJNbhrm9+ngWFA9kj9Atzh/N/ieZKIv9YRJSTJxFQgflavXeQuMny j7uUNc6/9UAnsXvMJcHwUIRMyMw/QfMfh5vhOAs9XcArD4VLTXb9L2zjDilpclSJoF13 Pqh8i7QvSnaB7gkygCUEXytQksdBa/e6jOk29DBjg82MaSC8tm59oDxGrBsC4E2klW6d Bgcw==
X-Gm-Message-State: AA+aEWYTS8u1SHs/bLCnlMwmbx9sB6qHE5ZfpXpg91qt7AqzwvFS/1y1 /UHoYz2zGUNDemqlcC5b+4GE8xKD
X-Google-Smtp-Source: AFSGD/W0M8+fi3UGhTvGnR+Y9WIC4Lbh02Zosa7VQ1yvbP0lE0vPYpxDObfv5lPX9IhJ9s++ySkS2Q==
X-Received: by 2002:a62:546:: with SMTP id 67mr13479767pff.99.1543795600175; Sun, 02 Dec 2018 16:06:40 -0800 (PST)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id w88sm4087510pfk.11.2018.12.02.16.06.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 02 Dec 2018 16:06:39 -0800 (PST)
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima@ietf.org
References: <153826253306.18743.9250084704876465818@ietfa.amsl.com> <153874289877.989.15433226866680411112@ietfa.amsl.com> <24358.1543530974@dooku.sandelman.ca> <0b517731-ef11-4484-7bf8-46e313a2ac49@gmail.com> <24016.1543794827@dooku.sandelman.ca>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <f6002a83-b292-b323-04ee-d0d26acdd782@gmail.com>
Date: Mon, 03 Dec 2018 13:06:33 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.2
MIME-Version: 1.0
In-Reply-To: <24016.1543794827@dooku.sandelman.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/eCqd6V80ORCO1_9tJ9M8ufvqP3g>
Subject: Re: [Anima] [Gen-art] dealing with many the secdir and genart comments [on draft-ietf-anima-bootstrapping-keyinfra]
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 00:06:44 -0000
On 2018-12-03 12:53, Michael Richardson wrote: > > Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > >> The authors seriously believe that this will result in an attempt to > >> boil the ocean. Yes, BRSKI is exciting for many and opens many doors, > >> but in the context of the *ANIMA* Charter, we strongly think that this > >> document should leave the oceans alone, and deal only with the ANIMA > >> ACP usage. > > > Yes, violent agreement. From all the interest outside ANIMA, the basic > > idea of BRSKI is a big hit and will be re-used in other contexts. I > > think a strong statement about the specific scope of *this* document > > belongs in the Abstract and Introduction, with a comment that variant > > usages of BRSKI in other scenarios will be documented separately. > > Brian, these are my proposed changes to the abstract, intro, > and adding a section on ACP Applicability. I think that there is probably > more to say there. Perhaps, but I think these changes clarify the scope correctly. Thanks Brian > > This has become issue #116. > > diff --git a/dtbootstrap-anima-keyinfra.xml b/dtbootstrap-anima-keyinfra.xml > index 78ce2a3..e705904 100644 > --- a/dtbootstrap-anima-keyinfra.xml > +++ b/dtbootstrap-anima-keyinfra.xml > @@ -82,19 +82,21 @@ > > <abstract> > <t> > - This document specifies automated bootstrapping of a remote secure > - key infrastructure (BRSKI) using manufacturer installed X.509 certificate, in > - combination with a manufacturer's authorizing service, both online and offline. > + This document specifies automated bootstrapping of an Autonomic > + Control Plane. To do this a remote secure > + key infrastructure (BRSKI) is created using manufacturer installed > + X.509 certificate, in combination with a manufacturer's authorizing > + service, both online and offline. > Bootstrapping a new device can occur using a routable address and a > cloud service, or using only link-local connectivity, or on > limited/disconnected networks. Support for lower security models, > including devices with minimal identity, is described for legacy reasons > > @@ -103,7 +105,22 @@ > <t> > BRSKI provides a solution for secure zero-touch (automated) bootstrap of > virgin (untouched) devices that are called pledges in this > - document. These pledges need to discover (or be discovered by) an > + document. > + </t> > + > + <t> > + This document primarily provides for the needs of > + the ISP and Enterprise focused ANIMA > + <xref target="I-D.ietf-anima-autonomic-control-plane">Autonomic > + Control Plane (ACP)</xref>. Other users of the BRSKI protocol > + will need to provide separate applicability statements that > + include privacy and security considerations appropriate to that > + deployment. Section <xref target="acpapplicability" /> explains the details > + applicability for this the ACP usage. > + </t> > + > + <t> > + This document describes how pledges discover (or be discovered by) an > element of the network domain to which the pledge belongs to perform > the bootstrap. This element (device) is called the > registrar. Before any other operation, pledge and registrar need to > > @@ -2755,6 +2772,64 @@ Reference: [This document] > </t> > </section> > </section> > + <section anchor="acpapplicability" title="Applicability to the Autonomic > + Control Plane"> > + <t> > + This document provides a solution to the requirements for secure > + bootstrap set out in <xref target="RFC8368">Using an Autonomic Control Plane for > + Stable Connectivity of Network Operations, Administration, and > + Maintenance </xref>, > + <xref target="I-D.ietf-anima-reference-model" >A Reference Model for > + Autonomic Networking</xref> and specifically the > + <xref target="I-D.ietf-anima-autonomic-control-plane">An Autonomic > + Control Plane (ACP)</xref>, section 3.2 (Secure Bootstrap), and > + section 6.1 (ACP Domain, Certificate and Network). > + </t> > + <t> > + The protocol described in this document has appeal in a number of > + other non-ANIMA use cases. Such uses of the protocol will be > + deploying into other environments with different tradeoffs of > + privacy, security, reliability and autonomy from manufacturers. > + As such those use cases will need to provide their own applicability > + statements, and will need to address unique privacy and security > + considerations for the environments in which they are used. > + </t> > + <t> > + The autonomic control plane that this document provides bootstrap > + for is typically a medium to large Internet Service Provider > + organization, or an equivalent Enterprise that has signficant layer-3 > + router connectivity. (A network consistenting of primarily layer-2 > + is not excluded, but the adjacencies that the ACP will create and > + maintain will not reflect the topology until all devices participate > + in the ACP). > + </t> > + <t> > + As specified in the ANIMA charter, this work "..focuses on > + professionally-managed networks." Such a network has an operator > + and can do things like like install, configure and operate the > + Registrar function. The operator makes purchasing decisions > + and is aware of what manufacturers it expects to see on it's > + network. > + </t> > + <t> > + Such an operator also is capable of performing the traditional > + (craft serial-console) based bootstrap of devices. The zero-touch > + mechanism presented in this and the ACP document represents a > + signficiant efficiency: in particular it reduces the need to > + put senior experts on airplanes to configure devices in person. > + There is a recognition as the technology evolves that not every > + situation may work out, and occasionally a human still still have to > + visit. > + </t> > + <t> > + The BRSKI protocol is going into environments where there have > + already been quite a number of vendor proprietary management > + systems. Those are not expected to go away quickly, but rather to > + leverage the secure credentials that are provisioned by BRSKI. The > + connectivity requirements of said management systems are provided > + by the ACP. > + </t> > + </section> > <section anchor="privacyconsiderations" title="Privacy Considerations"> > <section title="MASA audit log"> > <t> > @@ -3292,6 +3367,7 @@ Reference: [This document] > > <?rfc include="reference.I-D.ietf-anima-autonomic-control-plane" ?> > <?rfc include="reference.RFC.8366" ?> > + <?rfc include="reference.RFC.8368" ?> > <?rfc include="reference.I-D.ietf-anima-grasp" ?> > > <reference anchor="IDevID" > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima >
- [Anima] Secdir last call review of draft-ietf-ani… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Joel M. Halpern
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Joel M. Halpern
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] [secdir] Secdir last call review of d… Uri Blumenthal
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] [secdir] Secdir last call review of d… Max Pritikin (pritikin)
- [Anima] dealing with many the secdir and genart c… Michael Richardson
- Re: [Anima] [Gen-art] dealing with many the secdi… Brian E Carpenter
- [Anima] gen art issue 7: serial-number in voucher… Michael Richardson
- [Anima] security review issue 11: what if MASA re… Michael Richardson
- Re: [Anima] security review issue 11: what if MAS… Brian E Carpenter
- Re: [Anima] gen art issue 7: serial-number in vou… Kent Watsen
- [Anima] a multiplicity of pinned certificates Michael Richardson
- Re: [Anima] security review issue 11: what if MAS… Brian E Carpenter
- Re: [Anima] [Gen-art] dealing with many the secdi… Michael Richardson
- Re: [Anima] [Gen-art] dealing with many the secdi… Brian E Carpenter
- Re: [Anima] [Gen-art] dealing with many the secdi… Michael Richardson
- Re: [Anima] a multiplicity of pinned certificates Kent Watsen