Re: [Anima] [Netconf] Cross-WGs WGLC (second) on draft-ietf-anima-voucher-04 - Respond by Aug 08, 2017
Kent Watsen <kwatsen@juniper.net> Wed, 16 August 2017 18:24 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED704132396; Wed, 16 Aug 2017 11:24:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.011
X-Spam-Level:
X-Spam-Status: No, score=-3.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNtqnQqwEQ_Q; Wed, 16 Aug 2017 11:24:44 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0135.outbound.protection.outlook.com [104.47.42.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 473FB13236E; Wed, 16 Aug 2017 11:24:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=H0/fmDme6sgMCxhTEYxVkdV33CsQd5KmFleERR0f4PE=; b=R4prDRqXt9f6+azBBQgSLRRyAVuWS1y9pTzJQB6O7REIYO93r2R8QsxB5LWOXGIxx5jZRscEFvRYyOyPokURqOL0N6xXxQ99UTRI0d3BJXIO3UlHkw/QiNaP6BV1YghhPzKq+M3+xUD9SOlnzdcjPe4AoLIULkXUeYdRbZoof8A=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1172.namprd05.prod.outlook.com (10.160.113.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1362.12; Wed, 16 Aug 2017 18:24:43 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1362.018; Wed, 16 Aug 2017 18:24:43 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, Sheng Jiang <jiangsheng@huawei.com>
CC: "anima-chairs@ietf.org" <anima-chairs@ietf.org>, "6tisch@ietf.org" <6tisch@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Netconf] [Anima] Cross-WGs WGLC (second) on draft-ietf-anima-voucher-04 - Respond by Aug 08, 2017
Thread-Index: AdMKmFTPR22MviVNQvGwNG9FbFt4tQAG0+8AAvnwfwA=
Date: Wed, 16 Aug 2017 18:24:42 +0000
Message-ID: <3F9D68E6-57C9-48EF-A4EB-3CA8B613D42D@juniper.net>
References: <5D36713D8A4E7348A7E10DF7437A4B927CE3D826@NKGEML515-MBX.china.huawei.com> <76229c58f5d60d3a0c185c6645ba4355@xs4all.nl>
In-Reply-To: <76229c58f5d60d3a0c185c6645ba4355@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1172; 6:MWnHxsBWuJeJSNd5Jgx+JU9ZjwEI7BKQZMpkxEBEMLu8ME9nZG7mtWU4Id+oQLmHWczVOKQQM3yPN2ZT4zeaBEX+ZWI4cP5nvs54AijNv15hG8YFsofNn0WmDfioUoDUvZVKyvCsVKVpqrp4taqJwdQ+5W6WhSqAZfYXe0pr/2mldmwE3Zmdr+60wL5rTUXUYsBIVDjVcgVSXJibCVYCJrUNVmGVgFwTOQmL7y3fgosloyEMAnzoDf6VqA4xGD9FJgGR9DUg6qSqUY9XmW9e+L+Iies/EEOy/SkHEHLs/Ty+SDgkPeCdtzA/Sd7DHqVIKjLJ9/x90sRW+0rprXFc4Q==; 5:aG+d/XdY+C+lpCUM6MtRyEnAaY55BFylq6zRuYdDqjiz3VSxSAwUGCeB8SeUvme5IbJgIvHJKIZK4LoZvbl8zOuwG53ODOzq3e7RxtyAN2/k8xmr9Dpk5hVaZUhz2bj57qLBSP2OjIsPMZ/4AT/TLw==; 24:OD3pcLZxbksicQkgcDmuf8cUCUZb3DAq5IPRvGTVVT1MV/YzhXmTjg4jYNYes9vHjAzcaHWJsQvW7dRnqj56zzLDHdedx+ccxZRiiFHNMu4=; 7:U8oVOtNAsQ2x/95YIGv57E0Kmr/+0QEeFobk5u2E7uiA/BBg7ur7rSg/cMXZMQLXV+CtI44E19OsZzYwAfcartiS7sdXLkpIlk7YUOcb4+yebFYqq/rgbX5qSsr8F8pwUtgBwRYWxLFQXx6y6vVYsHsmxfrLCrvZMY60OLCSC1yauQ+PjOsJxmMob4iMFaH+q4YsHSmJEP+cpJrz9kQKrUkuQSDkLZS6a4nZMuz8njA=
x-ms-office365-filtering-correlation-id: afedee4f-fcd3-4c40-f364-08d4e4d410b1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1172;
x-ms-traffictypediagnostic: BN3PR0501MB1172:
x-exchange-antispam-report-test: UriScan:(60795455431006);
x-microsoft-antispam-prvs: <BN3PR0501MB1172BFEE50DC27380657353AA5820@BN3PR0501MB1172.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1172; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1172;
x-forefront-prvs: 0401647B7F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(189002)(199003)(51444003)(43544003)(40224003)(53754006)(189998001)(2900100001)(33656002)(66066001)(82746002)(25786009)(6246003)(53936002)(6512007)(99286003)(4326008)(6436002)(54906002)(230783001)(106356001)(105586002)(101416001)(50986999)(76176999)(54356999)(6486002)(77096006)(6506006)(36756003)(14454004)(2950100002)(229853002)(83716003)(2501003)(5660300001)(86362001)(8936002)(81166006)(83506001)(81156014)(4001350100001)(8676002)(7736002)(3660700001)(68736007)(2906002)(97736004)(3846002)(478600001)(102836003)(6116002)(305945005)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1172; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D698210A8821664A88D02C2BF9F35840@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2017 18:24:42.9598 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1172
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/swlb5pFs5d4QepyF7CQXFHvLHZ4>
Subject: Re: [Anima] [Netconf] Cross-WGs WGLC (second) on draft-ietf-anima-voucher-04 - Respond by Aug 08, 2017
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 18:24:47 -0000
Hi Peter, Thanks for your review. Please find responses to your comments below. Max, please note your attention is needed. Thanks, Kent -- Hi all, I read this document, and find it well written and understandable. I do have some remarks about the content and several editing remarks. Content remarks: section 6, leaf prior-signed-voucher, at the end: The MASA SHOULD remove all "prior-signed-voucher". I would encourage a "MUST" instead of a "SHOULD" when thinking of transporting vouchers over constrained networks. <Kent> this leaf has been moved to the BRSKI draft, so this comment is no longer an issue on this draft. section 6.3: leaf idevid-issuer, description, paragraph 2, "populated for serial numbers that are not otherwise unique" to be replaced by "populated when serial numbers are not unique". My proposed text is less selective, and consequently less error prone. <Kent> Fine, text updated. > Can a discussion section about "manufacturer additions" be > added. Pointing out the consequences for interoperability > when using "Augment" to add manufacturer specifics can be > helpful. I'm confused, which section does this comment regard? Editing remarks: Introduction, first phrase: pledge -> candidate device (pledge) <KENT> done. page 3, PKCS#7 add RFC2315 reference, and may be add RFC7154 as JSON reference. <KENT> done. Section 2; mention terminology from RFC7950 <KENT> What is this? Are you asking for the draft to import terms from RFC7950? Which terms page 4 line 5; "process. i Typically" remove the "i" <KENT> fixed. page 4, Voucher: add: that "acknowledges ownership of the pledge and" indicates... <KENT> what does "acknowledges ownership of the pledge" mean? how is it different than "indicates to a Pledge the cryptographic identity of the Domain it should trust"? page 5 Authentication of: First appearances of PKIX, DNS-ID, and CN-ID abbreviations. <KENT> I added a definition for PKIX, but I think that Max needs to take care of the DNS-ID and CN-ID parts. It's his text, and there things have since been removed from the YANG. Max, these show up in three places... page 5, add (MiTM) after Man-in-The-Middle. <KENT> added. page 6 table: Voucher name -> Voucher type <KENT> changed. Nonceless Audit Voucher: "to support network partitions" -> "to withstand network partitions" <KENT> changed. Owenership audit Voucher: "Voucher's" -> "Vouchers", and remove "an ideal" otherwise explain what that means and why it is true. <KENT> I'll leave this for Max. > Add type in: > Ownership ID voucher "type" is named > Bearer Voucher "type" is named <KENT> you only mention these two, but none of the voucher type descriptions have "type" in them, or maybe I'm missing something. > section 6 > "The voucher is signing structure that" -> "The voucher signing > structure" <KENT> done. section 6, paragraph 6, all "of" the certificate, remove "of" <KENT> done. section 6 page 7 below, First appearance of CA and JWS abbreviations <KENT> acronym expansions introduced. section 6.1 (see section 4) add "see" <KENT> done. section 6.3 page 10, module description: "securely assign one or more pledges to an 'owner'" seems to contradict section 7.2 voucher per pledge <KENT> correct, fixed. > section 7.1 last line: "there is a delay" is that delay between creation > and consumption and when is the delay unacceptable? the text is (on > purpose?) vague. <KENT> The previous sentence says "...there may be a significant delay between when a voucher is created and when it is consumed." and the remainder of the line you're citing says "to ensure that the assertions made when the voucher was created are still valid when it is consumed." This is vague? section 8.1 first paragraph: "no understandING of time", add "ing" <KENT> done. section 8.1 paragraph 2: ephermal -> ephemeral <KENT> fixed. section 8.2 compromized -> compromised? <KENT> fixed.
- [Anima] Cross-WGs WGLC (second) on draft-ietf-ani… Sheng Jiang
- Re: [Anima] Cross-WGs WGLC (second) on draft-ietf… peter van der Stok
- Re: [Anima] [6tisch] Cross-WGs WGLC (second) on d… Michael Richardson
- Re: [Anima] [Netconf] Cross-WGs WGLC (second) on … Kent Watsen
- Re: [Anima] [6tisch] [Netconf] Cross-WGs WGLC (se… peter van der Stok
- Re: [Anima] [6tisch] [Netconf] Cross-WGs WGLC (se… Kent Watsen
- Re: [Anima] [6tisch] [Netconf] Cross-WGs WGLC (se… peter van der Stok
- Re: [Anima] [6tisch] [Netconf] Cross-WGs WGLC (se… Kent Watsen
- Re: [Anima] [6tisch] [Netconf] Cross-WGs WGLC (se… peter van der Stok