IETF Logo Mail Archive

Re: [Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).

Esko Dijk <esko.dijk@iotconsultancy.nl> Mon, 16 May 2022 10:22 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C42D3C15E6D2 for <anima@ietfa.amsl.com>; Mon, 16 May 2022 03:22:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVyNGyA09ppx for <anima@ietfa.amsl.com>; Mon, 16 May 2022 03:22:36 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0719.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72905C15E6CA for <anima@ietf.org>; Mon, 16 May 2022 03:22:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mfwFwfGyHuwqtbHMF8crnrHJs5MYyGqJM8HmMZjKDTjE+qxb6ZR7x8rMIiQYbWE2nefd7NpBNlUZdYiRm72fhIxam7xfnUtatWNmnxIY3LrKFO7p98/1owflg7hRFobok7LU/AHiWzEnX6Xq4RR5pxh40Sf7ArW30qSw3NIsfICNU/3myIEWmiobpV3vNjCiI3KTMFgLj/rHWGyLDTDddPGt14tU+UXMe3sLEYoK2+YfWr/M3eOdQaa88rrX3iRW22SPaWjOGZJmHYVTViBtFRrglz7CoHKudYvJhqY7lCfNSH/kFzdvkQ/dwHmo+pMGEiw6RstOXxwjjDgnUmL2lA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KMD09mwlKaPh+4TvtT1qLVK+KwhjmpVqLB6qvjQa158=; b=mdxZOYJbNiv4xhRoIB+yYJDbHUHzGaAWTuIMbcKlspYiAm0yO2MEvkFho8WCSvBoLj1OONW8UFs/ed8Rnko4CuUxHpXcjU3eNOnhiX78qUIC4Nq4zAiYi32qz1ZksnZqZhXavfPnazAfpmG8lzSHN8m72EQWPbb4xAPNqXf/UjWhFkRIegUob6o/GFkZZicR+DI7uKRSSFF41hPjZPAl0I5+JRuoQrlVqoFpHjsd/A4gmDAx9HQHNQBNt8bUqZHXvDsVFqSJmcc6wj1jCaoiNEL8TCUQt6e+oejaV+t54UTmb2MpKkg64N+Du/ktQC6aihahwB0voMGUP1gr3w+q9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KMD09mwlKaPh+4TvtT1qLVK+KwhjmpVqLB6qvjQa158=; b=w49onfGkPu7QAx2G5q1FWska/GqxufiwcxGiiCZo1Lr+8iomxLDvWif0O9PSHAw4ilgUzvAxGQt2agkZ2qsIw4asSkBMZ4Pq2WjUFT1TM7mU37qtfswsFhx588p6RHOQJdG7lbEvkyyS4vOXXKb0F7oBE20q9KdOT2ExqN6z2zo=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by AM4P190MB0194.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:63::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Mon, 16 May 2022 10:22:30 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::d19a:a24c:bd5c:95da]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::d19a:a24c:bd5c:95da%9]) with mapi id 15.20.5250.018; Mon, 16 May 2022 10:22:30 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Toerless Eckert <tte@cs.fau.de>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).
Thread-Index: AQHYX+3kkcRI3BJHtEeIFEJzMi8CIq0Qh8cAgABB44CAAztGgIABOLMAgAwaCNA=
Date: Mon, 16 May 2022 10:22:30 +0000
Message-ID: <DU0P190MB1978E535580A55DCE9BD5BCAFDCF9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <YlWUA7xhMU2XtJsz@faui48e.informatik.uni-erlangen.de> <388791.1649870361@dooku> <Ymc57cpieDGAcn1X@faui48e.informatik.uni-erlangen.de> <8866.1651512153@localhost> <YnLVDjRUP/ZrT4kd@faui48e.informatik.uni-erlangen.de> <14843.1651770972@localhost> <YnQ9odb1fVakhs4E@faui48e.informatik.uni-erlangen.de> <16752.1651962777@localhost> <Ynf56DAvhfljJiRy@faui48e.informatik.uni-erlangen.de>
In-Reply-To: <Ynf56DAvhfljJiRy@faui48e.informatik.uni-erlangen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f20c802e-5f1d-46fc-53ef-08da3725fbe4
x-ms-traffictypediagnostic: AM4P190MB0194:EE_
x-microsoft-antispam-prvs: <AM4P190MB019464CED65F3A3A64D93D68FDCF9@AM4P190MB0194.EURP190.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Zg8yEx9yTp9efGd0bidEFrzNbP0pu5DChs/cbNU2JTefwSXd1e78ZA+wDinTChsY/RUiDejehfVe9sjTEtlVyAHXNKoFvgUoPZSVDqAFvNFgGVdyiFRsUu3JlvekyIHU9sZnjrCwxfBUo2NcSET5WFHYeNdpL/7Dgh6IzOrKYDe0ixyvRlajKW7quIlAmFnvoezjnP/mYvci4nHVY8PMrt1Xh9XNcN6hs4Vcu8lP0C6BMGjm6eyHi5K3VlCNQTEFf4xiHbWPVnhAtMetexFMfED7DPRT5/qwuT1qKjiMEV30mC8/M0aYwz+DuDwEjjEa2fHJT4Xa63lSzwmM4j8MKqtkTh0Ycd73AbAp5HzC/Sy9zOU5GMxVKABpEdpqeJ//mpJANJxV6xN+1xqj0sbdyPFb+I9vqESyqLmYKjYZvnHvrAP+vQ9qZ9QtQxhy9w0eF1dNWTHV1rt3kVlWIc0jC/IVVNHGpMJuxhGSbC8MEVnxcUK+1SIT2k2/fj6m3nD2J3pKxz5PG5BlpYKMqZvuVxm3b9se1ieOLi8ooGKKgbmNxnpqnAFWaOpmlxDO0c6/0hUv17Pb2Wk44nSnseVUAtzb9KnhYSBzweGKUuOk9v5k2TFO4STR6oZZ4Ks/lQOSf75RrC7/TtGu4D+9CjaDHSlAgLn/57pcsxMmfKDd0OeTkTNeP+FZfN+2Jo0jBJRdQ7QDGJZv5RkfwoTk4UWHClquYqrrg/la+tfAd9sVsevZ0BRevpR+y2NfJRzsUO8P+7FZ2r5Qc90iqO53E7JzkArZZjjX321WdCjqQiGNDB421FFWaXq0HkbKXxUWFRwt
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(396003)(366004)(346002)(39830400003)(136003)(376002)(966005)(38070700005)(83380400001)(110136005)(38100700002)(86362001)(76116006)(4326008)(41300700001)(5660300002)(84970400001)(44832011)(52536014)(508600001)(8936002)(66476007)(6506007)(7696005)(55016003)(33656002)(8676002)(66946007)(71200400001)(122000001)(53546011)(2906002)(66556008)(66446008)(64756008)(316002)(9686003)(186003)(21314003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: rm7WG1dY0qWeSAlBHwoUuPcv4swvBcKHNmj9TlQbPctMcMcPvHzXCsiwr1gD1FGCwe9r1U5QES7umPIPx/haOS036FHRp0gVdRpkOk+/dv6HukEVH8/9Pu7akZIJj0atfGYF8cCRPWJaA9UiJB/GSyj1fj2/sOpMkKZUGLEbN1PdnelzA/TqB+7ZW6cEw+mxCWkNp1c5oDYHb1JjvWPZmsBZyesMwdK0H742AGS3eqVFFKfWrvfjhFylKcByu374NmRDvcCfA5t99++UpVj9zmEyyh1ewvXQifH6QRWd0h9+ixplBmm9RCKrOW7iS3vg8tSx2zZwzq9Xf+okjHL2mxIy54RpFZc2c4vBJGFscZ6caTwFHJODpjLELylFoHMCgGWt9sNtvrX1kMMlfRuqRyAwdlpdzi7u1zwsJ4ZyBkxqvwSoq/C2naYQ4kTjRW2i2SZJpmrE173gF9CFkbd+cutHooEgIrJ2DvD954QUCy5qZwrPXFfKyhwMygXE1yQhisj6zYo5bmhbwjlbp/IINt1Nr7asleaLsytuwtXi8dJ0P53f+nHH34nV/9qe46TOLvnCGZiCeh6pGMq9QlJMMlwQtXWsQLK8HSlFUKxc5q+Z3eNKRH5w/EMpAdwBGhkN/ZVCTrx7jyxzIMOwwZYJVF2wVw/vh2ZKElE2UqSJ87CriforSH5bVVq7fteWXvgHJseRxo7KrBcJvs7SkbxVAciaQ/PIvwU5kWpRQ7NdANERDRgENnK5OdkWRtYMuVvISJpc2j00e12KxDramYicB95IeFz4T5EMsT47UVlWnbAEKqgGuUGpZ0Fy8ZMifX1ae88NH26H/fvp5uv4y1bgo17fipj24KAHQSCIXizHzdtpZUXRXUqdwjExoxQTKFlPs8WEWsOqWzgRTodIVpfiGoN6tNS4TXQzSB8DIq9g3SMKURgTuAUeC97LRQALP8JLgFnL/4a+pYU3JUG8qfx3lkRWCvzkHRNzzdYrZ9gH0dp4KaaPCxJ/bt9kp2XO3r+9U7NCcjvxa4wI33XmP7cFTW0802Q7LJMNdYm2YBMz3tUGJwZQ/is+lRezKMPfkXwTy68uE6WtLmSX+hQVECIpGK/zY5lPRsLtowO+d5hSKSmpFJzaeJ4C7O7UYtrGTqokQhNkBbGxdu8GzqdUsQ8cLPBeaiq0o5sV5UO6XxbocYQ5+ytmCmN9ZN7t9d6XM2bN4L5g8yNRevemn6PlxN+FTd7MO4iYEW4WJd5DGlHDrSGgSF3E+gYQ5zce9WaFLhwKFFRwMJ6kQ3kks7qMsXLVzpDOC0FogkYDY/EsebScsnT7z0o86mAqtecevLi1tq8XeCB0QCpOCWgwiIDHFtmnK9OyVFcJxJ8xr751UShJLFj0HGoMhDYwTuAwvZ9UPX8uyk/KHfHWT3Ut+MSuHm2Hy16ITWyWHkDxNUrqs3AYza8uzgLshu1WwyUXMNfsum7dauF3dJcJRW7uUberLZ7vOL8u3n8ZoQCbm7+ISn8nO/Mr/7tW5kqgkF9whI/gVTZed8KoWoQyP8iALWECbAs5018HPUirtNiJTKAwscm1ps6pCE3G95Y8rvWJZA3udqM5I6XqPtisa463FDmpTIixOrH6/RFAgakn+7/+1F44dRT8JWU2/d5jBZPHlbLhcnWYCZlJVItdVlESZKrJxz6n65gXiZZly8qH4gFlHsF9OikcyVQ5edvA9gKolSxu82QuVXDtvVq5WV8XTJEsWnBvXGmWDP8MmYwjlayfwxo+jGl94VE8EdD46v4izKuRqHeG3AuHTEF9
x-ms-exchange-antispam-messagedata-1: 0PJe7sHRhCOsAhXSm4eLBwK9REqV9f3qB1w=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f20c802e-5f1d-46fc-53ef-08da3725fbe4
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2022 10:22:30.5552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: voGJUm0yvzRyStYMeyw2c7qfVAi/fl/GAyUsdG6sPoG97LYQAkRumX0ASwxjHxMDg0elcwYXhQjEvkBkwigvqEOeu0MOmMu+gKjcv2+iWiA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0194
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/QBbiHtnCr15LMghbupUUSOfoR9Q>
Subject: Re: [Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2022 10:22:41 -0000

> > est-coaps and constrained-voucher/brski could have been one document.
>
> Yes. Aurelius said that the other groups like thread, who are working on enrollment
> seemingly haven't started to think about renewal... Maybe thats why nobody brought it
> up (yet).

Is this about discovery of a Registrar and why nobody yet brought up yet how to do this? 

Speaking for the OpenThread case at least, it is not because we didn't think about renewal. Renewal is done using EST-coaps, triggered either internally (by the device itself when its certificate is close to expiry) or by an external management tool (that sends a proprietary, secure message to trigger the renewal process).
Currently there's an alternative to standardized discovery methods defined - so a proprietary unicast method that a mesh device can use to get any additional data it needs for network operation. And that includes the Registrar's IP address.  We're looking into if that proprietary method can just be replaced by DNS-SD unicast query because that feature has been recently added to OpenThread (https://openthread.io/reference/group/api-dnssd-server  - it's actually a client).

Adding my 2 cents to the discussion: we currently have defined "Constrained BRSKI" as really a different protocol from "BRSKI". It is not just about running BRSKI over a different transport - it defines a fair amount of optimizations, shortcuts etc. to make it more suitable for constrained nodes & networks. REST resource names are also different; procedures are deviating, etc. So at least we can consider it as a different protocol and assign a different service-name.

>     > c) Can i circle that argument back to you and ask why we should actually
>     > introduce brski.jp/brski.rjp if we already have brski-proxy and brski-registrar ?

For CoRE Link Format discovery, there's a wish to make the names as short as possible. And if we consider Constrained BRSKI a different protocol then these names can differ too. So it is not just the same as a CoRE representation of a DNS(-SD) service.
Also, the brski.rjp is really a different thing from brski-registrar - the brski.rjp denotes a server that's able to handle the "JPY" protocol that's defined in 5.3 of draft-ietf-anima-constrained-join-proxy. 

Regards
Esko

-----Original Message-----
From: Anima <anima-bounces@ietf.org> On Behalf Of Toerless Eckert
Sent: Sunday, May 8, 2022 19:12
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: anima@ietf.org
Subject: Re: [Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).

On Sat, May 07, 2022 at 06:32:57PM -0400, Michael Richardson wrote:
> 
> Toerless Eckert <tte@cs.fau.de> wrote:
>     >> I'm not sure that I agree with the name "est-coaps", as I think it's still
>     >> "est" with a transport of CoAP/UDP.
> 
>     > a) I think you're logically right, but practically we do not have any actual
>     > formal service specification agnostic to transport for that abstract EST,
>     > such as a TAP-like service interface definition. We only have stuff in
>     > rfc9148 and ANIMA cBRSKI draft that reads: "this does the same as XXX
>     > in RFC7030/RFC8995".
> 
> I thought in DNS-SD, one would ask for _est._udp.local?

Yes, someone could register service-name "est" for UDP and refer to rfc9148.
That was not my point. My point was that i don't think EST/HTTPs and EST/COAPS
are just one protocol with different underlying transports. Not because
they shouldn't, but just because our specs are too weak to formally make that
claim (IMHO!).

But i am somewhat inconsistent in my arguments here ;-))

>     > to see how far one could get with actual code and a set of API functions
>     > shared bteween BRSKI/cBRSKI..
> 
> I haven't read that code due to unclear IPR around the patents in Thread.
> 
>     > c) Can i circle that argument back to you and ask why we should actually
>     > introduce brski.jp/brski.rjp if we already have brski-proxy and brski-registrar ?
> 
> I'm open to any name.

If we can agree on parameters for objective-value and DNS-SD TXT proto= key to
distinguish the different transport/variations, then IMHO it would be nicest
to stick to just brski-proxy and brski-registrar.

>     > For unicast, what exactly is then the method to discover the URI of the
>     > registrar (across >= 1 L3 hop) ? If there is some mandatory support
>     > not only for unicast DNS (requests) but also automatically working
> 
> GRASP SRV.est?

Yes. Except that if we do not adopt my proposed draft(s) that formally introduce
the SRV.* notion, i am not sure how long i want to explicitly explain that name choice ;-)

>     >> If not for the above, I think that we would not have split RFC9148 out.
> 
>     > What do you men with "split out" ?
> 
> est-coaps and constrained-voucher/brski could have been one document.

Yes. Aurelius said that the other groups like thread, who are working on enrollment
seemingly haven't started to think about renewal... Maybe thats why nobody brought it
up (yet).

Cheers
    Toerless

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

v2.23.0 | Report a Bug | By Email