IETF Logo Mail Archive

[Anima] Re: Mohamed Boucadair's Discuss on draft-ietf-anima-brski-prm-18: (with DISCUSS and COMMENT)

"Fries, Steffen" <steffen.fries@siemens.com> Thu, 10 April 2025 16:08 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@mail2.ietf.org
Delivered-To: anima@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3DC5A1A4320B; Thu, 10 Apr 2025 09:08:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTEj5mNYu7qf; Thu, 10 Apr 2025 09:07:59 -0700 (PDT)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2040.outbound.protection.outlook.com [40.107.104.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CE67B1A431FF; Thu, 10 Apr 2025 09:07:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ydcd/dyDu9vzAdCh7bnBYqZm+g3KVaVHFwDzWtFirXUiC9P56p5v8fjKb96F6LaelZtj2YkamtSiPufGq5G7Ply0zMfAPo9qOcDzKAhN6uSORRQ9SgR1Mw1Ou/lsrAspQJgkqOZuFqruU73NP0xVWXmVpL1hiaKefZWQHuLJkYD+S6qb7F/CxwnsKwZMX195a23tOW16eXVbrFfRUdlC0qN2zJmPn6kvveVWB0NL/ZVmXGLMrWBbYHcnEuconlda3v4E+3ZbemQ/Lulz7TScZgEaz7yWwD65gjRt2ktk07K8s17YM/RFnJgIuZnuzvlWcePnpCPVq84sEtMyi0pWwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P6QPDNT1ec/xZHEErX5I3foYtW7eHxSx0sYffgTSZiM=; b=RO8A8gaBVkxcM4773gdq4rELu/L4yBmJ/FReq4CFzZV/NgJO7KJY2zR92vZ0HccBfcXyk3+jeOOlqxIY4yXoumSUMfG3eaOS3ns7Z7dAt2nqCtQ+bMCbpyxfnILBbBYQ44mj3+33y21U73xWuipMM0aFPd6BjB3aR3O00wtVcMCRTJAclyjzTmSvH6gELm7QoI2lapQs76K4wT2HQCWwHgpjAORxLknNebQj/NPbcmFHg0DI8t6JX3pxUxrTC7VGDV3hy99g+kU5dQAOWeis1nY/qBKpD6eJRsyoOgmPqRI0EJMiIoODsvXkHH334pYNSLHKSgUeTaaYNqkHkWrCWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P6QPDNT1ec/xZHEErX5I3foYtW7eHxSx0sYffgTSZiM=; b=j10r6tf4o4rgjWUZjcY1i+N71RI61YzUnev4Y/wjDwRnPnvyGM7Ye4ZQP0OdrgM7j8zyr3LG9WBU+XCcjeSfIx8jI0KpaLnH8epRP0l4ONmZhwShWjF1wcvLWiowzvacY8OXQMl0zXHZGulUNATtTbVHZ/5wZkJcSxdQNrfJUUPSqkxl+AogfkIBj4PksBMPZSTxMOE1Y/YN4SX2pqvEq7Aqt9iMPU6qvsj9Zrnh6RFG4reLu8Ounsl0UmpfmQsI7peGRGYrh4VHxDQS+7PDSO0QMQMHuas6pA56lznCpS1Mrcpf/hK7zzp+wH1sZnu6x/ul3nS61M6LgoWtDzPG5A==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by DU0PR10MB6535.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:404::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.23; Thu, 10 Apr 2025 16:07:58 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::634b:e5d0:8c00:762a]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::634b:e5d0:8c00:762a%7]) with mapi id 15.20.8606.029; Thu, 10 Apr 2025 16:07:57 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Fries, Steffen" <steffen.fries=40siemens.com@dmarc.ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Mohamed Boucadair's Discuss on draft-ietf-anima-brski-prm-18: (with DISCUSS and COMMENT)
Thread-Index: AQHbqFOTTI7XaRZuokWNemVp02Vn37OZuR7wgAKkE4CAABw1kIAAmmGAgAAAHrA=
Date: Thu, 10 Apr 2025 16:07:57 +0000
Message-ID: <DB9PR10MB6354BD337C574BCFF59937B7F3B72@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <174395186493.249581.5702510245186761176@dt-datatracker-64c5c9b5f9-hz6qg> <DB9PR10MB6354832B631265E3B2B6A8BFF3AA2@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <MR1PPF6395AA9E669F62F704D9545C9A1C688B52@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM> <DB9PR10MB6354D719EEC1955A4CFFEA37F3B52@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <PASP264MB5786023DB103D2D1CED0789D88B72@PASP264MB5786.FRAP264.PROD.OUTLOOK.COM> <DB9PR10MB6354256C79A87DAFE4D01F2FF3B72@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <MR1PPF6395AA9E69BE66C2A227076E53CB988B72@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM>
In-Reply-To: <MR1PPF6395AA9E69BE66C2A227076E53CB988B72@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=4eed68b2-5667-4a9e-9ec2-64711b7250f5;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2025-04-08T06:29:08Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=b1111952-4074-4782-96e8-e31da1f0a93a;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2025-04-07T05:46:55Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Tag=10, 3, 0, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|DU0PR10MB6535:EE_
x-ms-office365-filtering-correlation-id: de404c98-f22e-480a-f7c0-08dd7849dc28
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018|7053199007;
x-microsoft-antispam-message-info: EH/N2u483LY96NuFJ6VUG0OdschPn182pA7+KwSQmeW48+66hXrUUn6gQkUOTB5X9RxiDHEJKmGUXoPD1T+hbXgEvbTXHixq2HNoFHRMOUVq23J8U90NM9DPQG2k/VT1qkQAIWPoUHA9+WHQUCi6gqBElLP1hR+mm6nJTXSgtEc8BMUr69zEQrjXZvK1JbOlkEyAlbmRqX7dgM3c4s5W/dqmfV+6rjcc7sHO/HkjZKAl62LAr7DNx36gHagLF2Vbo3fIr2aahS2HAmiSmvyn7WEmgzcyg2lnj+8siHwvDR7nuSpAeHA8gZ2Ks98N3ksMZHbI/LyyWNKI7wQHGACzLP0/utQo4u5t/0pKY2PejFP8MF9lp5ICQ9Gu0BVIVargCOofrRXDXi8PxZawHxWz3YHwdUOeYRY1nwr81nd2kFO1r0M6AMUA0tPAWNdrBGMu36Bw4pGD1hRaRFAe1CXQhWy+RHhYaSYz0VAqaX2PINPr1G6TLnLjbd59BnZ7DGCJD6bxErEG9VHk3cn0P/1GBiEX5deiN0x++jup+ASpCztj7SAY7q/ysQHUDCFQ2wpIkGxzD+/qHbHtwS6HI55w3XoRPf2isUsQMJK/x7ClVxx6udo8optumvsIt3ZZ4lQ6/KsOX97Gruqscs74NJ/DC1qgL+9PTQtxqDIVYiAGsJ2/4J7l72l9Al9sYwtZCEtiqccg5e5/MWlWi1Z0ahG5AqRaQ1yPmyCGBtlz1DvKUKvmDNL0SXpgCLyaWFTcXdAYlr9aLwxKs3KPsc/4AdoZkZhThhvE0y43ifXNPZdr98QeX5aiAAQFLsWOEcA48JeBoBLSUyTvqWud5ph2JHS8Vami+8tC6CPkTSpUlHdUSoSsazCC8Xp8yNdl9b7/GnRgaJIef6fJv3rV8Gns6+GwEthcvOGTN1YWOnzsmy9nrAWbCJZrprDDqSgiO3QFnC9cerBuDchPjoCExwVEFIalk+COZ6HF7dkTcmFO8dDXDJJorDAycLaqyqyA2RrGnuAKlJ5T0so6BRH5tFvwuxy1Qlqrhn6ljWmlhi8/Tvpfc4UY+QTi2wclhDleW2z3DSTPgu5YKtw8QHZ5omFh5UmxS22uanVshMvB3UcDVLUlta5Fxd5aKj5lgbqSrXSepTf9dLLYOCBt9ruywA0luHqXu/CsoiKprK87SqxzZdruhy3w+bz6wt6aOeaV2jK11uHcFoMuF7wb6dYDsBg5AEZba++lM2eM4cfY4nW+7HdjWke1u+uJTfjvhjht2iD00QDmxYZn7qh8f0j1xXpI8hV3Wf22SdHDto6v5DJ6pyejMA/XCACSg7n/ZtctrgoPJvsIABSlX+scK/vyR6FCRlgO3IeDrt3KXq6qT1rh+qMwUxyL6bew9klaZS1G4HKc7zYUEciJNe+Ccj0XsmEKsLadtNPTdjdYPLR7fi6eR5dmOm+tFrcXgTBLReuqsIw53I2R
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X47N4VAUUzWXTh5QekS+MoSw5J7GIlquWjxFyOmPIc1mrOSi89/D2qzJeWXFzkFJTReeuA4f6ZWl4fn9sVX80WAcxVp03vA44ujX7AaJP69agMScd8PacIgmL9u0aYqgdLsvsDcm13kQ9Mjw8LT9MOxqTA4diXQ1sJWn5hmIlBnsQ8iBEGybTTnphVyVVjOmQHEDRmQwDxIEosl9bsyb7NbZanxDGSTksXnBrU4UiDiOziGq7WbdwDcaDxV+8DNKw0YMG0uhT9aC7xDZCQCGrjH35vnsGgTjCTFjXeVE3QaBS5vS8/MbUPo29wtDb252d1LX/JD07x9MsJMhndXyZZh/3xaf6B0gjtvgOgKIzc/IsamZcBoQgPk3/7bTqTBGzBkDP1iT4cnkJCWRPcW1WmkpXchDO13XO4q0Yu+/R6yI7ic4Mjrg0saH1mRil69UJjaV+TYJm228Rt7bcjOSvNAeadICY1eufdIme1Etp6MGJgzUmbBHzOtvqIRKGgRj2bGyhLs3f//wX+lZMO/WutCkDt9z12ztBWx4Z29mvG3jBVEoxINqKv/E9/8vR5V+0oxf7mtejwbUvi4n756oK4+RVnTkE6iGYun4bgNeWP3fatgo8Di7qmG5rC7v7FmKbh2FKyw/ddxSzeeOFrOMu/wn1ncjyw8rAW+6OgTS0Iv0UGjCJ/iuC5FMMbpC/OSL0TFXu1R0gJO/SuVmMxuBR4eTKAuqNFLVFjCZfQs10VIOJ3X+Irj91xtX45XwpsGoydSZtfSBYOhOrU2dS54ucCPDVYlyJmUz1It36l3goK37V0Oh8xfUM3TahqNkD0wBfHEORZF0SaJOW4WieLsrp0CH2ZyyHAJNveKpolJ7iczD6nIqtII8tuhmHIyARMmA4XPRZA03UFGKmgANTKykQlVkQZEkKQPP0cjKtDkyErqGcKp9yJu/8W1rPoC5kmUHS4Kw8jcnD2ecvtXqolraweusa5t6gqdcXAEowOaoH0cQEO2phIBijtRsUrKzYgpaA1CbC3SNLlYlEwIl7HBMsihhhiIbTW1XvIXiRq4U5+CmTvCP6W+isvRTaM360Jv+zhorNzk65K+DlFuLbkztRccG4XSiXd9ojAZEOVtzpTbd3cq4spnpxmr9aWj/7z0FN2TxcyCxacEXuwZE78e5v69mKzTnaRcGWaeYmejpFmGuNSl/LyYTgyDczuAeL4a0Q7/zGQCkWYouRiht4pIukLU7gkDNGIGbliQ2Wb0q2dBKBsbH4RRxvB4OjCgJ2xpCveiqsn2NG/QEF+WzlZA2yKU0TDAPXhDri5eXyK0/3xvROOIc+s/s24D4SR0xiJw6Bf/r1T4fEoId778DJubN6KLBbw2aOdmkgLlEm5wYDq8TGvDNBpVcYg7EytUnIju/OZaKk0tzD13uyfr4j/4ZNqmxZ5K0H4PEEaBU90ggaLH5ae1fEGknjjBwCmDIODHNH7yQ7QH3nIu6gG4GyuD5dAYm2PaNusmTo4l1N3XLctpsCWYIUpMYiSXXi7As1R1B54wOXsw58VyBc4KsHzLx/NTq+0t3zZL/hoRudMei8ZGpFecoiTLn1pb43gnyWFjlHU/mEnrKO6s7A1vFOt7VbA==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: de404c98-f22e-480a-f7c0-08dd7849dc28
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2025 16:07:57.7981 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KaNSTNCJJBllqnM6I6SMhITOjm30XgIb9PoMEf7Ts+C7U9YUYubrYalDsl9fH5lDYd4SVpybDn/zS+zwA/NBFgqKf9lZL+8OQBASMChvObc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6535
Message-ID-Hash: 6PAU6OEMSA6R735R3DKZCSIBWF2QYFCH
X-Message-ID-Hash: 6PAU6OEMSA6R735R3DKZCSIBWF2QYFCH
X-MailFrom: steffen.fries@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-anima-brski-prm@ietf.org" <draft-ietf-anima-brski-prm@ietf.org>, "anima-chairs@ietf.org" <anima-chairs@ietf.org>, "anima@ietf.org" <anima@ietf.org>, "ietf@kovatsch.net" <ietf@kovatsch.net>, "tte@cs.fau.de" <tte@cs.fau.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Anima] Re: Mohamed Boucadair's Discuss on draft-ietf-anima-brski-prm-18: (with DISCUSS and COMMENT)
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/qvVh6mDvSNNe6sRNzXRIFNO-7Mk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Hi Mohamed,

Ah sorry, forgot to include the info regarding open-brski. That implementation is an example implementation of BRSKI-PRM and parts of cBRSKI and was done as part of a master thesis. The implementation bases on OpenSSL and utilizes to my knowledge TLS 1.2.

Best regards
Steffen

> -----Original Message-----
> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> Sent: Thursday, April 10, 2025 6:04 PM
> To: Fries, Steffen <steffen.fries=40siemens.com@dmarc.ietf.org>; The IESG
> <iesg@ietf.org>
> Cc: draft-ietf-anima-brski-prm@ietf.org; anima-chairs@ietf.org; anima@ietf.org;
> ietf@kovatsch.net; tte@cs.fau.de
> Subject: RE: Mohamed Boucadair's Discuss on draft-ietf-anima-brski-prm-18: (with
> DISCUSS and COMMENT)
> 
> Re-,
> 
> Thanks, Steffen.
> 
> I think we are almost there, modulo the "paused" item and recording the limitation.
> 
> > > BTW, what is currently supported by implementations such as
> > open-brski?
> > [stf]
> >
> 
> [Med] It seems this was one was incomplete. I'm interested still interested, but
> that's fine if we don't have an answer. Thanks.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Fries, Steffen <steffen.fries=40siemens.com@dmarc.ietf.org>
> > Envoyé : jeudi 10 avril 2025 17:35
> > À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>;
> The
> > IESG <iesg@ietf.org> Cc : draft-ietf-anima-brski-prm@ietf.org;
> > anima-chairs@ietf.org; anima@ietf.org; ietf@kovatsch.net;
> > tte@cs.fau.de Objet : RE: Mohamed Boucadair's Discuss on
> > draft-ietf-anima-brski-
> > prm-18: (with DISCUSS and COMMENT)
> >
> >
> > Hi Mohamed,
> >
> > Thanks for your comments. As last time, I leave the comments with
> > reactions and dropped the closed ones for easier reading.
> > The draft with the updates has been put on the usual place in github
> > (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Feur
> >
> 03.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%25252&d
> >
> ata=05%7C02%7Csteffen.fries%40siemens.com%7C1afd21e6721341eb8a9308dd7
> 8
> >
> 495eba%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6387989786909
> 06742
> >
> %7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMD
> AwMCIsI
> >
> lAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=
> crY
> > y0R759q139IOXkuJl4imtDXICDfeHhLlSkSnn3M4%3D&reserved=0
> > Fgithub.com%2Fanima-wg%2Fanima-brski-prm%2Fblob%2Fmain%2Fdraft-
> > ietf-anima-brski-
> >
> prm.md&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C94792fe975f
> >
> 94fd8972f08dd784543bc%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7
> >
> C638798961115558475%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnR
> ydW
> > UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3
> >
> D%3D%7C0%7C%7C%7C&sdata=0ibhUGU1HfNOMvByzeiLbmnrUu5ruMeye%2B
> %2FYND
> > Ev7iE%3D&reserved=0).
> >
> > Best regards
> > Steffen
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> > <mohamed.boucadair@orange.com>
> > > Sent: Thursday, April 10, 2025 7:11 AM
> > > To: Fries, Steffen (FT RPD CST) <steffen.fries@siemens.com>; The
> > IESG
> > > <iesg@ietf.org>
> > > Cc: draft-ietf-anima-brski-prm@ietf.org; anima-chairs@ietf.org;
> > > anima@ietf.org; ietf@kovatsch.net; tte@cs.fau.de
> > > Subject: RE: Mohamed Boucadair's Discuss on
> > > draft-ietf-anima-brski-prm-18: (with
> >
> > > > > > > --------------------------------------------------------
> > ----
> > > > > > > DISCUSS:
> > > > > > > --------------------------------------------------------
> > ----
> > > > > > > # DISCUSS
> > > > > > > # Compliance with HTTP BCP (RFC9205)
> > > > > > >
> > > > > > > CURRENT:
> > > > > > >    If the pledge is unable to create the PVR, it SHOULD
> > respond with an
> > > > > > >    HTTP error status code to the Registrar-Agent.  The
> > following client
> > > > > > >    error status codes SHOULD be used:
> > > > > > >
> > > > > > > The use of normative language is IMO not compliant with
> > the
> > > > > > > guidance in RFC9205, about error handling.
> > > > > > [stf] I created a new issue for this:
> > > > > > From RFC 9205 I understood that we could use the HTTP
> > status
> > > > > > codes in this way. What would you suggest here?
> > > > > >
> > > > >
> > > > > [Med] A simple fix here is to remove the normative language.
> > > > > Listing the appropriate codes is definitely right, but need
> > to
> > > > > redefine the error codes, just be affirmative. For example,
> > an
> > > > > entity will return 404 when there is no resources, etc.
> > > > [stf] Hm, after the discussion in the design team, we are not
> > quite
> > > > sure about your concern. Is it the one.-to-one mapping
> > referenced in
> > > > section 4.6 of RFC 9205 or the understanding we re- define
> > status
> > > > codes?
> > > >
> > >
> > > [Med] I'm afraid that you are redefining those. We don't need
> > new
> > > normative HTTP behavior here. I suggest we simply make this
> > change
> > > (and similar)
> > >
> > > OLD:
> > >    If the pledge is unable to create the PER, it SHOULD respond
> > with an
> > >    HTTP error status code to the Registrar-Agent.  The following
> > client
> > >    error status codes MAY be used:
> > >
> > >    *  400 Bad Request: if the pledge detects an error in the
> > format of
> > >       the request.
> > >   ...
> > >
> > > NEW:
> > >    If the pledge is unable to create the PER, it responds with
> > an
> > >    HTTP error status code to the Registrar-Agent.  The following
> > client
> > >    error status codes can be used:
> > >
> > >    *  400 Bad Request: if the pledge detects an error in the
> > format of
> > >       the request.
> > >    ..
> > [stf] Okay, got it, made the changes as proposed for the different
> > HTTP status codes
> >
> 
> [Med] Thanks.
> 
> >
> > > > > > > # Cluster with 8366bis
> > > > > > >
> > > > > > > CURRENT:
> > > > > > >
> > > > > > >    The JSON PVR Data MUST contain the following fields
> > of the "ietf-
> > > > > > >    voucher-request" YANG module as defined in
> > > > > > > [I-D.ietf-anima-rfc8366bis];
> > > > > > >
> > > > > > > I think this spec should be clustered with 8366bis.
> > There are
> > > > > > > several structure that used in this document and which
> > depends on what is defined in 8366bis.
> > > > > > > Changes to the bis will have implications on this one.
> > > > > > >
> > > > > > > With that in mind, I tend to suggest holding approval of
> > this
> > > > > > > specification till we finalize the bis spec.
> > > > > > [stf] As indicated by Michael, we already have a cluster
> > for
> > > > RFC
> > > > > > 8366bis and further drafts related to BRSKI variants to
> > take
> > > > > > care of mutual influences. I opened an issue
> > > > >
> > > > > [Med] ACK.
> > > > [stf] Also discussed in design team meeting today. It is less
> > about
> > > > changes in the draft but more to the processing. The intention
> > is
> > > > that all other BRSKI variant documents currently handled will
> > go
> > > > into MISSREF, as draft-ietf-jws-voucher waiting for 8366bis.
> > 8366bis
> > > > collects considerations from the different documents and is
> > likely
> > > > not to lead to addition of new information in the respective
> > drafts
> > > > (at least that is the intention).
> > > >
> > >
> > > [Med] I would be more comfortable if I had more stability signs
> > of
> > > 8366 ;-)
> > >
> > > That's said, I think that I have the discussion I wanted to
> > have. I
> > > leave it to Mahesh to decide.
> > [stf] Okay, agreed
> >
> >
> > > > > > > # Requires TLS1.3
> > > > > > >
> > > > > > > CURRENT:
> > > > > > >    As already stated in [RFC8995], the use of TLS 1.3
> > (or newer) is
> > > > > > >    encouraged.  TLS 1.2 or newer is REQUIRED on the
> > Registrar-Agent
> > > > > > >    side.  TLS 1.3 (or newer) SHOULD be available on the
> > registrar, but
> > > > > > >    TLS 1.2 MAY be used.  TLS 1.3 (or newer) SHOULD be
> > available on the
> > > > > > >    MASA, but TLS 1.2 MAY be used.
> > > > > > >
> > > > > > > Please update to take into to reflect draft-ietf-uta-
> > require-tls13.
> > > > > > [stf] I saw that there was already discussion on this
> > issue. I
> > > > > > created a corresponding issue as We will discuss the use
> > of TLS
> > > > > > 1.2 and if there is a desire to also allow or existing
> > pledges,
> > > > > > that may have no option to only allow TLS 1.3, we would
> > add a
> > > > > > note as suggested and explain the necessity.
> > > > > >
> > > > >
> > > > > [Med] ACK. I'm neutral on the outcome here, but I'd like we
> > back
> > > > > the design and include some reasoning if we don't follow the
> > UTA reco. Thanks.
> > > > [stf] BRSKI-PRM is an extension of existing BRSKI, which
> > requires
> > > > TLS 1.2. We aligned with that and also included it in BRSKI-
> > PRM.
> > > > TLS1.3 is currently widely used in browsers, but industry
> > adoption
> > > > is not as fast. There are constraint devices using SDKs, which
> > are
> > > > not updated fast.
> > > > We enhanced the part with following to state the consideration
> > of
> > > > the uta draft.:
> > > > OLD
> > > > As already stated in {{!RFC8995}}, the use of TLS 1.3 (or
> > newer) is
> > > > encouraged.
> > > > NEW
> > > > As already stated in {{!RFC8995}}, and required by {{I-D.ietf-
> > uta-
> > > > require-tls13}}, the use of TLS 1.3 (or newer) is encouraged.
> > > >
> > >
> > > [Med] I suggest we pause on this one and reflect the outcome of
> > the
> > > ongoing discussion.
> > [stf] Okay, agreed
> >
> > >
> > > I would at least see in the text a brief mention of the SDK
> > > limitations you mentioned.
> > [stf] Yes, it is likely good
> > >
> 
> [Med] ACK
> 
> > > BTW, what is currently supported by implementations such as
> > open-brski?
> > [stf]
> >
> 
> [Med] It seems this was one was missing. I'm interested, but that's fine if we don't
> have an answer. Thanks.
> ______________________________________________________________________
> ______________________________________
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou
> copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le
> signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si
> ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged
> information that may be protected by law; they should not be distributed, used or
> copied without authorisation.
> If you have received this email in error, please notify the sender and delete this
> message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.

v2.31.3 | Report a Bug | By Email | System Status