IETF Logo Mail Archive

Re: [Anima] Iotdir telechat review of draft-ietf-anima-bootstrapping-keyinfra-17

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 13 December 2018 20:40 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8241F130E90; Thu, 13 Dec 2018 12:40:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mY9WsYcrtoEP; Thu, 13 Dec 2018 12:40:29 -0800 (PST)
Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A076A130E86; Thu, 13 Dec 2018 12:40:29 -0800 (PST)
Received: by mail-pl1-x644.google.com with SMTP id p8so1608311plo.2; Thu, 13 Dec 2018 12:40:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ssd4juQyABmZDmu00fO+wXbM0HdQqrvNwDK9OQGY34M=; b=ma3nHYSY2sbullxo3NbIBlmn4WVrj/Re7cNmh8WI/WVFewKWbB8WrOoETxBt9EHaTj siuWAk1yVZ6QcWLA2db/mdAGhMx+Fiso+5kjWApTXEqYQLmkv0bFK91Yf98+11nNWY2i ipD+mTiBY9Br/6iDvKaGQHuDBJfH2q0hhLOgFOm5KR8lwdfPn8yvWeymvv78lPRAmhHQ kVIn1XJXMj6PUGqjN44IYZPHKdQCPltNs+cwdBixvULjtlrdVZG7wUGxF/z/bGD0oQjR 7B1wQbRdrC3a0YVzlPi2Q131dDLEbnAeXU4VySqIrHfB2d2DJJbzdabsT6SUZsxiixZd D98w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ssd4juQyABmZDmu00fO+wXbM0HdQqrvNwDK9OQGY34M=; b=QMLM0pbvz/cJyMiEYdp1acnHGDDLacfdwNkOjfN+40lXq9XDAG2ZR1znSVGqQd/+Rm cogPxxTI9J9rDKCba17SzNHm4WYErKsSL5OQXV3hRIfjkoJbCGvCIAGBjtZI6YYAF9AK cAndeZHJu+/rIu+QhfZBgiZzKHVaYBPAMEw54q9kTHFJLFMZge8fDZAmhbHOxXoBrZZN 6Wx+iGjbIH8wexLPzBUOaWGqWTn429nZDcqE8JBy7fHXS9VSDlvJcD0D879jl7cGp5go hiRMwDdigZjngrXmVVqTf8fgG4OyKl3ExqYjxhFQkAvHghVzO7GuwUZw6h9e8LMNp0wO eoWw==
X-Gm-Message-State: AA+aEWZAxjSg5ZCrI/jY87Jwvb7BqXMekm4jNeds32WsmPVj3WeN1wjg pGfo0wozTLJjZ7Ug9atYbWCbSDP7hY4=
X-Google-Smtp-Source: AFSGD/XHVMOa7YNLaAtCEGX6cswHzHMyG+X3Z+3AFz3CUHf6vcLFMGogBNUHW6KCJg41VGCrRKypDA==
X-Received: by 2002:a17:902:4464:: with SMTP id k91mr285282pld.13.1544733628936; Thu, 13 Dec 2018 12:40:28 -0800 (PST)
Received: from [10.100.9.248] ([58.84.227.247]) by smtp.gmail.com with ESMTPSA id a18sm3632854pgj.30.2018.12.13.12.40.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Dec 2018 12:40:28 -0800 (PST)
To: Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org, anima@ietf.org, IETF <ietf@ietf.org>, "iot-dir@ietf.org" <Iot-dir@ietf.org>
References: <154388094719.4951.644465000786184923@ietfa.amsl.com> <20444.1544718427@localhost> <0AB99A18-C0D0-4F99-9416-FBD8350E4502@vigilsec.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <3a30b5b0-7487-deb1-539e-d95a0471db74@gmail.com>
Date: Fri, 14 Dec 2018 09:40:19 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <0AB99A18-C0D0-4F99-9416-FBD8350E4502@vigilsec.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/p3LwD125fG7egVBVkcp5t6T3VAY>
Subject: Re: [Anima] Iotdir telechat review of draft-ietf-anima-bootstrapping-keyinfra-17
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 20:40:32 -0000

On one point:

On 2018-12-14 06:16, Russ Housley wrote:
...
>>> I think that the CDDL in Sections 4.1.1 and 4.3 are supposed to be
>>> structures.  If that is correct, the structure should look something
>>> like the following, which includes type information:
>>>
>>>   basic-header = [
>>>     field1: int,
>>>     field2: text,
>>>   ]
>>>
>>>   advanced-header = [
>>>     ~basic-header,
>>>     field3: bytes,
>>>     field4: ~time,
>>>   ]
>>
>> We are filling in the gaps for the definition in GRASP M_FLOOD
>> mechanism.  We aren't defining a new structure.
>> I'm not sure if we can do this any other way.
> 
> Something needs to be done to set the context.  Clearly, I misunderstood the intent.

The CDDL which is being extended is defined in https://tools.ietf.org/html/draft-ietf-anima-grasp-15#section-5,
and that draft is fully approved but waiting in MISSREF limbo.

I don't have any concerns about the BRSKI CDDL because I did a toy implementation (Pledji.py, Procksy.py and Reggie.py at https://github.com/becarpenter/graspy). The CDDL in the draft has changed very slightly since then; when I have some free time I can update my Python code, but the differences are negligible.

[Side note: I don't think anybody would claim that they can automatically generate running code from CDDL yet. If that becomes realistic, it would be the acid test for CDDL used in protocol specs. But it's quite a way in the future, IMHO.]

Regards
    Brian

v2.23.0 | Report a Bug | By Email