Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Eliot Lear <lear@cisco.com> Fri, 12 July 2019 07:27 UTC

From: Eliot Lear <lear@cisco.com>
Message-Id: <A1A92C21-91BC-447C-ADED-ABB744EDE98D@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_17F8A2C5-AD67-452B-B8D7-61A3659287A7"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 12 Jul 2019 09:27:11 +0200
In-Reply-To: <4679fba2-fdc9-e5ed-3474-12f4e26eca05@nostrum.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Toerless Eckert <tte+ietf@cs.fau.de>, anima@ietf.org, The IESG <iesg@ietf.org>, anima-chairs@ietf.org
To: Adam Roach <adam@nostrum.com>
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <4679fba2-fdc9-e5ed-3474-12f4e26eca05@nostrum.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/qc48Ty0btNRFc1FKO9lNS2_lv5I>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
Precedence: list

Hi Adam

> On 12 Jul 2019, at 00:25, Adam Roach <adam@nostrum.com> wrote:
> 
> 
> The smallest change that would satisfy my concern would be a statement that says that devices conformant to this specification MUST contain a local means of bootstrapping that does not rely on any specific server being available. As with the security requirements we write into our specs, we'll have no means of enforcement. But as with the security requirements we write into our specs, we'll give interested parties just that little bit more leverage that might tip the scales towards the correct behavior.

I think this is easily possible within the paradigm of the document after the device has first been onboarded. At this stage, I would also suggest that the MUST be a SHOULD for another reason: there may be cases where it is in the customer best interest to prevent onboarding of a device just through proof of possession.  I am thinking of anti-theft mechanisms.  Having a discussion of this and the risks of not having any on-prem method ever seems like a reasonable add.

Eliot

Attachment: signature.asc

[Anima] Adam Roach's Discuss on draft-ietf-anima-… Adam Roach via Datatracker
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Ted Hardie
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Benjamin Kaduk
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Max Pritikin (pritikin)
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel Halpern Direct
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Barry Leiba
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Brian E Carpenter
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Adam Roach
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Toerless Eckert
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Joel M. Halpern
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Michael Richardson
Re: [Anima] Adam Roach's Discuss on draft-ietf-an… Eliot Lear

Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Attachment: signature.asc