Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-autonomic-control-plane-19: (with DISCUSS and COMMENT)

Michael Richardson <> Thu, 06 February 2020 20:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 12FD212011D; Thu, 6 Feb 2020 12:38:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 2.377
X-Spam-Level: **
X-Spam-Status: No, score=2.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.275, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Dju8NCeQHqdv; Thu, 6 Feb 2020 12:38:25 -0800 (PST)
Received: from ( [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A8651201E5; Thu, 6 Feb 2020 12:38:25 -0800 (PST)
Received: from (unknown [IPv6:2a02:8109:b6c0:52b8:1993:81d7:2ab0:b9b6]) by (Postfix) with ESMTPS id 6E61D1F45A; Thu, 6 Feb 2020 20:38:23 +0000 (UTC)
Received: by (Postfix, from userid 179) id F04621A0955; Thu, 6 Feb 2020 21:38:21 +0100 (CET)
From: Michael Richardson <>
To: Toerless Eckert <>, Benjamin Kaduk <>, The IESG <>,
In-reply-to: <>
References: <>
Comments: In-reply-to Toerless Eckert <> message dated "Tue, 04 Feb 2020 05:49:33 +0100."
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 06 Feb 2020 21:38:21 +0100
Message-ID: <19293.1581021501@dooku>
Archived-At: <>
Subject: Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-autonomic-control-plane-19: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Feb 2020 20:38:27 -0000

Toerless Eckert <> wrote:
    > Thanks a lot for the review, just committed -22 to answer to your
    > review, providing separate diffs inline for the rfc822 vs IPsec parts
    > to easier separate out the fixes for you. For everybody else, they can
    > just do a diff -21 -> -22, which will also include the input changes to
    > your review.

After all the nice text in section 6.3 on page 37 justifying why the
objective is called IKEv2, why did the title of 6.7.1 change to IPsec?
IPsec is manually keyed. IKEv2 is not.

If this is too confusing to TLS people, then perhaps we could say:
   6.7.1 ACP via IKEv2 (IPsec)

As for the rfc822Name debate, it is a format (other than pure FQDN),
which lets us use ACME with the proposed email-reply-00 challenge in
The only other alternative is FQDN with dns-01, and that would likely be uglier.

If these unnamed PKIX experts would like to debate this with us openly, they
know where to find the WG.

Michael Richardson <>, Sandelman Software Works
 -= IPv6 IoT consulting =-