IETF Logo Mail Archive

Re: [Anima] Roman Danyliw's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

"Max Pritikin (pritikin)" <pritikin@cisco.com> Thu, 11 July 2019 03:36 UTC

Return-Path: <pritikin@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B51E120090; Wed, 10 Jul 2019 20:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=N6mc6byZ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=T1eFekTh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZmcV8sD8X-Gq; Wed, 10 Jul 2019 20:36:00 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B62F120098; Wed, 10 Jul 2019 20:36:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18274; q=dns/txt; s=iport; t=1562816160; x=1564025760; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=NwU7GrHaZgVKWXttGn606VkwRKvVe1+dqGz4RJTOZSs=; b=N6mc6byZoUKd/c1zsxEOMMYPU+yR/HdEHNBJQYN1mSAm9h21pGvbmSgd Hu3Kwxk0P5UgMGAgL6HvfI5t5TRFPQvOoBGwKSFCA1JydYnuMfkB6BgAp Tb+CZdGRpPhl+NqeLLkypGwmmn5v35xRcz8Ywn5eBujow7lURR/pixROV A=;
IronPort-PHdr: 9a23:98+sYxOXcFoE6lAM5b0l6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjNv/2bi87GuxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CvAAA7riZd/5FdJa1cCRoBAQEBAQIBAQEBBwIBAQEBgWeBRCQsA2pVIAQLKAqEEoNHA45FgjYlfpZLgUKBEANUCQEBAQwBAScGAgEBgUuCdQIXgjcjOBMBAwEBBAEBAgEFbYU8DIVKAQEBAwESEREMAQEwBwEECwIBBgIYAgIfBwICAjAVEAIEDgUigwABgWoDDg8BAgyRD5BgAoE4iGBxgTKCeQEBBYE2AgELAkABgnsYghIJgQwoi18XgX+BEScME4IXNT6CYQIDAYEhEhQWgwoygiaMDigcgiCbaAkCghmGWIlAg3AbgiyHIoQMiieMUQmIGJAAAgQCBAUCDgEBBYFnIYFYcBU7KgGCQQmCODeCZlSFFIU/coEpi14rgQQBgSABAQ
X-IronPort-AV: E=Sophos;i="5.63,476,1557187200"; d="scan'208";a="591780790"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Jul 2019 03:35:58 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x6B3ZwWN004587 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Jul 2019 03:35:58 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 10 Jul 2019 22:35:57 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 10 Jul 2019 23:35:56 -0400
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 10 Jul 2019 22:35:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NwU7GrHaZgVKWXttGn606VkwRKvVe1+dqGz4RJTOZSs=; b=T1eFekThIr9LMHmGh5aoS9HT7TVpsKwEFd8DYc4tkT0ljxKV34fBQ2c4SsQRdTRx72kCOSk14U8lB9nhalwfsHaKvp195ztgAvVSQIayy9XKYYi7ViACNDFN357mk2rjMmO7jTa9zMOB9tR2gmegnnhWVjebcgaMbKFgGd0RezM=
Received: from BYAPR11MB3525.namprd11.prod.outlook.com (20.177.227.23) by BYAPR11MB3014.namprd11.prod.outlook.com (20.177.225.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Thu, 11 Jul 2019 03:35:55 +0000
Received: from BYAPR11MB3525.namprd11.prod.outlook.com ([fe80::cc5d:56b1:d49d:40b0]) by BYAPR11MB3525.namprd11.prod.outlook.com ([fe80::cc5d:56b1:d49d:40b0%6]) with mapi id 15.20.2052.020; Thu, 11 Jul 2019 03:35:55 +0000
From: "Max Pritikin (pritikin)" <pritikin@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, "draft-ietf-anima-bootstrapping-keyinfra@ietf.org" <draft-ietf-anima-bootstrapping-keyinfra@ietf.org>, Toerless Eckert <tte+ietf@cs.fau.de>, "anima-chairs@ietf.org" <anima-chairs@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
Thread-Index: AQHVNzqkCycerXks7k23GfVFedpIyqbEkmYAgAAyngA=
Date: Thu, 11 Jul 2019 03:35:54 +0000
Message-ID: <BFC9D615-EADD-4670-984A-3D4781D2ED4B@cisco.com>
References: <156277529950.15124.2390956674545685683.idtracker@ietfa.amsl.com> <16705.1562805282@localhost>
In-Reply-To: <16705.1562805282@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pritikin@cisco.com;
x-originating-ip: [72.163.2.253]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 41ffa2d0-b1c9-458c-c668-08d705b0e174
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB3014;
x-ms-traffictypediagnostic: BYAPR11MB3014:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR11MB3014C95BF441BA9F802BD9BFDAF30@BYAPR11MB3014.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4303;
x-forefront-prvs: 0095BCF226
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(376002)(136003)(396003)(39860400002)(189003)(199004)(66476007)(81166006)(81156014)(6116002)(7736002)(53546011)(26005)(316002)(66446008)(66946007)(8676002)(8936002)(66066001)(64756008)(6486002)(76116006)(30864003)(66556008)(2906002)(186003)(6506007)(11346002)(6512007)(3846002)(486006)(256004)(86362001)(476003)(102836004)(5660300002)(14444005)(6436002)(446003)(25786009)(6246003)(53936002)(71200400001)(36756003)(71190400001)(68736007)(229853002)(2616005)(33656002)(305945005)(4326008)(54906003)(76176011)(966005)(99286004)(14454004)(6306002)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3014; H:BYAPR11MB3525.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: chaffL2k3esezfL8j1f75e/Ne9D86bx2yn/rd9WkCS4BJ0T2Ua9G0jxgRd2Qr23XHV6i8IdgxjTltTOQQ4P9+ksOKh4pu2Pfa9+KrF+60QR5arJkkb7IEY38aGfLa6rlqvEghZ5G6k+nfFW+oz8AzyHnO6Aj3nTwLmV/x/aHYlHyFsk/8bpEVj190Ph2kb4uyta5mbcnfV6bAjAeNG60mkC976X6I2mBQ9D7cOQTlBSYLvJq9KHr+cV9QmMG6gFTkhfdeDsFqaJ4TYGK3CDNi79WcjPlYkPVBNWN/g7W7CCCgm3zOKxyrdT4F2m++4QpzlnJcFpxDpPSq6WBN1Gh9eoKuLTofIrUiZ0VahBK9wERFbCC4q/s5HUVzanG5E7cyhZ8HqFKLzU0Bsvj1huVLArsfzZNPTj/4dZ+TkU+aTk=
Content-Type: text/plain; charset="utf-8"
Content-ID: <8BF0203FD31745478C5F17C0DC3F2C5D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 41ffa2d0-b1c9-458c-c668-08d705b0e174
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2019 03:35:54.9714 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pritikin@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3014
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/kklXiBkeMQ9F82OvV07NnnVIIOk>
Subject: Re: [Anima] Roman Danyliw's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 03:36:05 -0000

inline comments, 

> On Jul 10, 2019, at 6:34 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Roman Danyliw via Datatracker <noreply@ietf.org> wrote:
>> (5) Section 1.3.2.  Cite the origin of the taxonomy which defines
>> “class 2+” devices – likely RFC7228
> 
> done.
> 
>> (6) Section 1.5.  Per “Upon successfully validating a voucher artiface, a
>> status telemetry MUST be returned.”, what is a “voucher artiface”?  is
>> that just a “voucher”?
> 
> It's a typo. It should be voucher artifact.
> We used "Voucher Artifact" all over RFC8366.
> 
>> (7) Section 2.6.1.  What is a “Network Time Protocols” – specifically
>> why is protocols plural?  Is this something more than NTP?
> 
> Yes, NTPv4, but it could also be IEEE PTP, or even GSM.
> It doesn't much matter... no network ==> no network time.
> 
>> (8) Section 4.1.  Per “The communication between the pledge is over IPv6
>> Link-Local addresses”, if that is the case, why does Figure 3 show IPv4
>> and Appendix A describes an IPv5 approach?
> 
> Because some members of the WG continued to complain that IPv6 isn't
> ubiquitous, and Appendix A was the compromise.
> I would be happy to rip it out, because I think the argument is specious.
> 
>> (9) Section 5.1., Per “The pledge maintains a security paranoia
>> concerning the provisional state …”, what does it mean to “maintain a
>> security paranoia”?
> 
> I guess I don't know.
> Max?  Seems like useless words.

The intention is to warn implementers that the HTTP and other data received until the voucher content is verified could be from an attacker since the TLS connection is in a provisional mode. Perhaps this is clearer:  

-            <t>The pledge maintains a security paranoia concerning the
-            provisional state, and all data received, until a voucher is
-            received and verified as specified in <xref
-            target="CompletingAuthenticationBootstrapping"></xref></t>
-
+            <t>The pledge performs input validation of all data received
+               until a voucher is verified as specified in <xref
+               target="CompletingAuthenticationBootstrapping"></xref> and
+               the TLS connection leaves the provisional state. Until these
+               operations are complete the pledge could be communicating
+               with an attacker.</t>


>> (10) Section 5.1.  Per “A pledge that can not maintain as many
>> connections as there are eligible proxies.”, this is an unfinished
>> sentence.  What should the pledge do?
> 
> fixed.
>        A pledge that can not maintain as many connections as there are
>    -   eligible proxies.  If no connection is making progess after 5 seconds
>    -   then the pledge SHOULD drop the oldest connection and go on to a
>    -   different proxy: the proxy that has been communicated with least
>    -   recently.  If there were no other proxies discovered, the pledge MAY
>    -   continue to wait, as long as it is concurrently listening for new
>    -   proxy announcements.
>    +   eligible proxies will need to rotate among the various choices,
>    +   terminating connections that do not appear to be making progress.  If
>    +   no connection is making progess after 5 seconds then the pledge
>    +   SHOULD drop the oldest connection and go on to a different proxy: the
>    +   proxy that has been communicated with least recently.  If there were
>    +   no other proxies discovered, the pledge MAY continue to wait, as long
>    +   as it is concurrently listening for new proxy announcements.
> 
>> (11) Section 5.2.  created-on.  The value to use in this field of this
>> field is not described here.
> 
> -            RECOMMENDED to populate this field. This provides additional
> -            information to the MASA.</t>
> +            RECOMMENDED to populate this field with the current date and
> +            time in yang:date-and-time format. This provides additional
> -            information to the MASA.</t>
> 
>> (12) Section 5.2.  Per “All other fields MAY be omitted in the pledge
>> voucher-request”, should this be read as guidance that the fields
>> mentioned above this text are mandatory (i.e., created-on, nonce,
>> proximity-registrar-cert). If so, what value should pledges without
>> clocks use?
> 
> I guess:
>            Pledges that have no real-time clocks MAY omit this field.
> 
>> (13) Section 5.3.  Per “If these validations fail the registrar SHOULD
>> respond
>> with an appropriate HTTP error code”, a few questions:
> 
> Ha, I kept asking for us to be specific about error codes, but I missed this
> part.
> 
> -          If these validations fail the registrar SHOULD respond with an
> -          appropriate HTTP error code.
> +          If these validations fail the registrar SHOULD respond with the
> +          HTTP 404 error code.  If the voucher-request is in an unknown
> +          format, then an HTTP 406 error code is more appropriate.
> +          A situation that could be resolved with administrative action
> +          (such as adding a vendor to a whitelist) MAY be responded with an
> +          403 HTTP error code.
> 
> 
>> ** Is this text suggesting that silent failure?  Given the text says
>> SHOULD,
>> validation could fail and the registrar would not share this failure?
>> ** What specific codes should be used?
> 
> I believe that there may be other error codes that would make sense, so
> I'm sticking with SHOULD.
> 
>> (14) Section 5.4.  Per “The registrar initiates the connection and uses
>> the MASA URL obtained as described in Section 2.8 for [RFC6125]
>> authentication of the MASA.”, RFC6125 doesn’t have a Section 2.8.
>> Please clarify how this connection is made.
> 
> aha. It's section 2.8 of this document! Some punctuation is missing.
> 
> -          <xref target="obtainmasaurl" /> for <xref target="RFC6125" />
> -          authentication of the MASA.
> +          <xref target="obtainmasaurl" />. The mechanisms in
> +          <xref target="RFC6125" /> SHOULD be used authentication of the
> +          MASA.  Some vendors will establish explicit (or private) trust
> +          anchors for validating their MASA; this will typically done as
> +          part of a sales channel integration.  Registars SHOULD permit
> +          trust anchors to be pre-configured on a per-vendor basis.
> 
>> (15) Section 5.5.  What is the relationship between the value of the
>> created-on field passed by the pledge per Section 5.2, and described in
>> Section 5.5 as being populated by the registrar.
> 
> -        <t hangText="created-on:">Registrars are RECOMMENDED to populate
>         this field. This provides additional information to the MASA.</t>
> +        <t hangText="created-on:">
> +          The Registrars SHOULD populate this field with the current date and
> +          time when the Registrar formed this voucher request. This field
> +          provides additional information to the MASA.
> +        </t>
> 
> 
>> (16) Section 5.5. What is a “statistically unique identity” per the
>> “idevid-issuer” field?
> 
> Max?
> 
> I don't think the word statistically is useful here.

It is possibly pedantic. The voucher leaf of idevid-issuer (see RFC8366) is the Authority Key Identifier as defined in RFC5280 and I probably have it in my head that this is only statistically unique when its based on the key identifier (where the keys are only statistically unique). 

-        is included to ensure a statistically unique identity.</t>
+        is included to ensure a unique identity.</t>

> The serial-number extracted from the pledge IDevID is unique per IDevID
> issuer, so we include that here.  I realize that my implementation does
> not include this at all, and I just use the certificate from the
> prior-signed-voucher-request.
> 
>> (17) Section 5.7.  Per the JSON snippet:
> 
>> ** It isn’t labeled as a figure or example; and isn’t referenced in the
>> text.
> 
>> ** This isn’t valid JSON: no commas between items.  What does the
>> notation “/*
>> TRUE=Success, FALSE=Fail”” mean – opening with a /* and closing with a “?
> 
> fixed.
> I need to go back throuth an renumber the figures (or rather,use anchors).
> 
>> (18) Section 5.8.2.  Per “Each time the Manufacturer Authorized Signing
>> Authority (MASA) issues a voucher, it places it into the audit log for
>> that device.  The details are described in Section 5.8.”, this
>> reference to Section 5.8 on how the MASA logs doesn’t seem correct.
>> Section 5.8 describes how a
>> registrar asks a MASA about its logs.
> 
>             Each time the Manufacturer Authorized Signing Authority (MASA)
> -            issues a voucher, it places it into the audit log for that device.
> -            The details are described in <xref target="authzLogRequest" />.
> +            issues a voucher, it appends details of the assignment to
> +            an internal audit log for that device.
> +            The internal audit log is processed when responding to
> +            requests for details as described in <xref
> +            target="authzLogRequest" />.
> 
> Does this work for you?
> It is not our intend to specify how the internal audit log works, just
> what it must be able to produce.
> 
>> (19) Section 5.9.4.  What happens if the pledge doesn’t re-negotiate an
>> EST TLS session after been successful enrolled?
> 
> I'm not sure.
> Max?

If the client skips renegotiating the server does not have operational proof that the client can successfully use the certificate as a TLS client certificate. Instead it will only receive the telemetry message where the client claimed everything is ’SUCESS’. 
I didn’t use ‘MUST' because of the keyusage morass where perhaps the cert is to be used for something where TLS isn’t valid. In other enrollment protocol discussions we either make exceptions for “misuse” of a key type during enrollment itself (such as performing a signing operation when the key usage says not to) or accept that the TLS client authentication might be with a different keypair than the one distributed (such as using EST to maintain and re-enroll a cert that isn’t appropriate for TLS). Using "SHOULD” here avoids having BRSKI take a stance on any of those issues. 

- max

>> (20) Section 5.9.4.  In what way is a the SubjectKeyIdentifier included
>> in the success telemetry message?
> 
> If there is success, I don't think the SubjectKeyIdentifier needs to be
> logged.  If there is failure, then the idea was that it would go into the
> reason in some textual form.
> 
>> (21) Section 6.  What is “../voucherrequest”?
> 
> It's a typo for /requestvoucher!
> 
>> (22) Section 7.  Per “This section is considered non-normative: use
>> suggested methods MUST be detailed in specific profiles of BRSKI” --
>> the clause after the colon doesn’t parse.  What is the guidance
>> relative to profiles?
> 
> How about:
>        This section is considered non-normative: use of the suggested
>        mechanism here MUST be detailed in specific profiles of
>        BRSKI.  This is a subject for future work.
> 
> I don't understand "What is the guidance relative to profiles?"
> 
>> (23) Section 11.0.  The caution about untrusted data and HTTP libraries
>> seems warranted.  Wouldn’t this also apply to the application code too?
> 
> In what way to do you mean?
> Maybe this paragraph has been mis-understood.
> We are trying to say that despite the headers and content being untrusted,
> that mature HTTP libraries should not be particularly vulnerable.  Is
> that what you understood?
> 
>> (24) Section 11.1.  Per the list of examples where a MASA is
>> unavailable or uncooperative, wouldn’t a manufacturing going out of
>> business also be a concern?
> 
> Absolutely.
> One reason why we call it the Manufacturer *AUTHORIZED* signing authority,
> is that we believe that this is something Manufacturers will outsource,
> and buyers will insist that there is an escrow plan.
> 
>> (25) Section D.1.4.  Provide an openssl version and reference that
>> generated this output
> 
> Well, it was done with libcrypto 1.1.1c, from (open source ruby) code linked
> against it.  I can certainly say that, but I don't know what
> "reference" means here.
> 
>> (26) Per Christian Huitema’s Last Call SecDir Review
>> (https://datatracker.ietf.org/doc/review-ietf-anima-bootstrapping-keyinfra-20-secdir-lc-huitema-2019-06-04/),
>> please respond to the last two issues – random number generation and the
>> missing assertion leaf.
> 
> I had not seen this second review, thank you.
> I will read this on Thursday and post additional changes.
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 
> 
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
> 
> 
>

v2.23.0 | Report a Bug | By Email