Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 16 July 2019 19:49 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5375712004C for <anima@ietfa.amsl.com>; Tue, 16 Jul 2019 12:49:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBBna0VrNCfz for <anima@ietfa.amsl.com>; Tue, 16 Jul 2019 12:49:34 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F328120041 for <anima@ietf.org>; Tue, 16 Jul 2019 12:49:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 45p9vy1Q0zzpj3h; Tue, 16 Jul 2019 12:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1563306574; bh=NxE+OKkKGhPZ7j8CutkJJJbR4tfsmtucO23gcTV8yy4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=P24fbe1HY44SzMDVa2yFeBsLGFK8exCxz8D46xJC8180I78VP/fyiPrStG46IfOmQ i/GmAhbd8tU6wAasQjgM7d4hTfXSITMAlTKhDwOlBggrg5G+0g5Zq4vzQqcW7kyYO6 54BBAwYU1ajfo/xhCOkRpkbhLjRlGfqvIfLAHd4g=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [172.20.7.244] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 45p9vw63qKzpghP; Tue, 16 Jul 2019 12:49:32 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Eliot Lear <lear@cisco.com>, Adam Roach <adam@nostrum.com>, anima@ietf.org
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <E2DA8D30-805E-478D-925D-534C04A0727F@cisco.com> <8869.1563140002@dooku.sandelman.ca> <cedc515e-22ab-94a9-e6ef-c55b345687ba@joelhalpern.com> <376eee31-0264-38a8-1d32-901bb1a0671b@gmail.com> <9e341730-dc47-8860-47d4-6421ab04d0dc@nostrum.com> <6ecdae7f-4fb7-d9fc-f19f-bf742c6fe83c@joelhalpern.com> <193EB8D1-3E58-4570-AC4D-55737E3D36CF@cisco.com> <a544c69a-38e2-4e6e-bc4f-752bbe524fa8@joelhalpern.com> <5240.1563306433@localhost>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <c4ce950e-9588-a65f-4007-230479b088a3@joelhalpern.com>
Date: Tue, 16 Jul 2019 15:49:32 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <5240.1563306433@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/nwZTx35YqOe8JDWX8jmBz-IEpBU>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 19:49:36 -0000
Thank you Michael. I saw the proposed change in section 9. I wonder if that is hiding the MUST, since the mechanisms are in section 7... Having said that, I can live with it as you have proposed. Yours, Joel On 7/16/2019 3:47 PM, Michael Richardson wrote: > > Joel Halpern Direct <jmh.direct@joelhalpern.com> wrote: > > It allows someone who > > controls their network, and who physically controls a new device, to > > put that new device in their network without asking anyone's > > permission. > > Right, get your "blue cable" out, connect it to the serial console, bring up > minicom, and tell the device to enroll. Verify the registrar's certificate > when prompted, perhaps. > > You can still use GRASP to find the Registrar, and all the rest of the ACP > mechanism.... or not. > > That's been in section 7.2, but the complaint was that it was not normative. > So, we have added in section 9, for the ACP use case, that implementing > something is a MUST. I don't think it will work for lightbulbs, but whomever > writes that Applicability Statement will have to cope with that. > (it will be me: I have a document in 6tisch, which is that document. I would > appreciate your thoughts on what might be acceptable there) > > BTW: A number of router manufacturers have BRSKI-like mechanisms already, but they > only really work when you drink all their koolaid, and build your network > exclusively with their equipment. At one ISP that I consult for, they wound > up turning the super-duper auto-join management system off because it ate all > of a very high end VM platform, and they just couldn't afford that at the > time... Maybe cross-vendor mechanisms will result in some competition and > some better products. > > > Now it may be that the particular approach I suggested won't work. But > > it seems to me that there needs to be a way for folks to keep using, > > and to keep re-selling, devices without the support of the vendor. > > That usage may not get all the zero-touch advantages that supported > > re-sale would get. But it has to work. And putting the onus for that > > on the original vendor does NOT seem an effective solution. > > As long as vendors support blue cables, and are willing to provide firmware > updates, I don't see any change. >
- [Anima] Adam Roach's Discuss on draft-ietf-anima-… Adam Roach via Datatracker
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Ted Hardie
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Benjamin Kaduk
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Max Pritikin (pritikin)
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel Halpern Direct
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Barry Leiba
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
- Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear