Re: [Anima] Mirja Kühlewind's No Objection on draft-ietf-anima-bootstrapping-keyinfra-22: (with COMMENT)
Mirja Kuehlewind <ietf@kuehlewind.net> Thu, 18 July 2019 15:00 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67A89120784; Thu, 18 Jul 2019 08:00:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ibFZ63EtIJm9; Thu, 18 Jul 2019 08:00:24 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A4FC120780; Thu, 18 Jul 2019 08:00:24 -0700 (PDT)
Received: from 200116b82c886c005093af0e85c019b4.dip.versatel-1u1.de ([2001:16b8:2c88:6c00:5093:af0e:85c0:19b4]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1ho7tK-00081X-LD; Thu, 18 Jul 2019 17:00:18 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <16131.1563383078@localhost>
Date: Thu, 18 Jul 2019 17:00:17 +0200
Cc: draft-ietf-anima-bootstrapping-keyinfra@ietf.org, tte+ietf@cs.fau.de, anima-chairs@ietf.org, The IESG <iesg@ietf.org>, anima@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <EECE938C-B86D-4F8B-8C8F-9A6CAE6FAD82@kuehlewind.net>
References: <156285232840.32370.18027192977627346503.idtracker@ietfa.amsl.com> <24814.1563296511@localhost> <DB320B9E-2AB8-4EFB-A50B-F7207D59C068@kuehlewind.net> <16131.1563383078@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1563462024;c161fedb;
X-HE-SMSGID: 1ho7tK-00081X-LD
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/tYCKAOZvAMvmJtVViEO11M0oCsg>
Subject: Re: [Anima] Mirja Kühlewind's No Objection on draft-ietf-anima-bootstrapping-keyinfra-22: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 15:00:30 -0000
Hi Michael, Okay sounds good. See some minor comments below. > On 17. Jul 2019, at 19:04, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > Mirja Kuehlewind <ietf@kuehlewind.net> wrote: >>> okay. >>> >>>> to section 10.2: if ownership is "enforced" by the manufacturer, >>>> there should also probably be a way for the buyer to check if >>>> ownership was transferred by the saler during the re-sale process. >>> >>> So you are asking for an additional API from the JRC to the MASA. It >>> would need to include something like: >>> >>> a) a POST from selling-JRC to MASA to ask MASA for if a resale would >>> be granted. This could result in some statement that the seller could >>> show to the buyer that would validate that the transaction can occur. >>> b) a POST from selling-JRC to MASA to indicate to whom the sale was >>> made, this would have to include some reference to the buyer. c) a >>> GET from the selling-JRc and also buyer-JRC that would ask who the >>> current owners is supposed to be. >>> >>> (c) could in theory be done with the auditlog, provided that the (b) >>> process installed the buyer as an authorized entity that could query >>> the auditlog. It would probably be better to have the MASA do the >>> thinking here, rather than the JRC. >>> >>> I can imagine creating such APIs. There probably needs to be some >>> buyer-JRC/seller-JRC APIs, or at least conventions. This could easily >>> become a rathole attracting all sorts of online sales API. Were this >>> to be added to this document, or to an extension document, I'd want to >>> have significant involvement from some people who build >>> financial/sales systems, or at least From the operations divisions of >>> some buyers (operators) and sellers (vendors). > >> I was mostly thinking about discussing this case in the text, rather >> than add a specific mechanism. E.g. you could say c) is an option that >> can be used right away and a more dedicated interface could be >> considered in future. > > The auditlog can not be used in advance to see if ownership will be > transfered. It's retrospective. So it does not provide a way for the buyer > to check if ownership can/will be transfered. We would still need (b) in > order to notify the MASA of the intent to sell. > > If the IETF wants to get into APIs for sales integration, I would be there, > but my feeling is that this is layers above where we normally go. (My > colleague Joseph Potvin hopes to convince us otherwise with with a HotRFC > talk on sunday). Okay understood. I guess you could still say in this document that should a mechanism would be useful but left for future work (somewhere)... > >>>> Two other small comments on more load related points: >>> >>>> 1) sec 4.1: "Connection attempts SHOULD be run in parallel to avoid >>>> head of queue problems wherein an attacker running a fake proxy or >>>> registrar could perform protocol actions intentionally slowly. The >>>> pledge SHOULD continue to listen to for additional GRASP M_FLOOD >>>> messages during the connection attempts." One minor comment: Maybe >>>> also say explicitly, while running in parallel, one should not send >>>> all initial messages at exactly the same time but pace them out >>>> (e.g. one every 3 secs) to avoid network overload when initial >>>> connectivity is very constraint. >>> >>> I take your point. In the ANIMA ACP situation, please think about the >>> situation as being a multiport BFR with three+ 100G fiber connections >>> to other cities. Or, one or more ports plugged into some (unmanaged or >>> probably outsourced) L2 fabric that has multiple other ACP devices on >>> it. > >> I guess that doesn’t map to the IoT case that is also discussed in the >> doc. However, this is a usual safety measure we are building in all >> protocols (expect there is a good reason to do otherwise), e.g. also >> for routing protocols, because you never know for sure how future >> deployment scenarios will look like. > > I have added some text as you suggest, btw. > I am concerned about the "IoT case that is also discussed", as we are trying > hard to not say anything normative about IoT in *this* document, because one > size does not fit all. Yes, but even though you never now how such protocols are used in the end. And either your make clear that usage is clearly restricted to certain scenario for a good reason or you try to cover as much as you can. Mirja > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > >
- [Anima] Mirja Kühlewind's No Objection on draft-i… Mirja Kühlewind via Datatracker
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Michael Richardson
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Mirja Kuehlewind
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Michael Richardson
- Re: [Anima] Mirja Kühlewind's No Objection on dra… Mirja Kuehlewind