IETF Logo Mail Archive

Re: [Anima] verification of manufacturer in BRSKI

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 23 February 2018 23:01 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6994126BF7 for <anima@ietfa.amsl.com>; Fri, 23 Feb 2018 15:01:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnzAhCE0N26v for <anima@ietfa.amsl.com>; Fri, 23 Feb 2018 15:01:54 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 573C8120725 for <anima@ietf.org>; Fri, 23 Feb 2018 15:01:54 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id B810A20090 for <anima@ietf.org>; Fri, 23 Feb 2018 18:09:22 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 43E3180BE3 for <anima@ietf.org>; Fri, 23 Feb 2018 18:01:52 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <20180223154847.GB7254@faui40p.informatik.uni-erlangen.de>
References: <003101d3a570$32e4c510$98ae4f30$@cdac.in> <22127.1519000017@obiwan.sandelman.ca> <005b01d3a95e$f0ba5680$d22f0380$@cdac.in> <18734556-d4a9-560f-724c-09287d4e0f20@gmail.com> <003501d3aa07$a37f0560$ea7d1020$@cdac.in> <3963.1519350905@obiwan.sandelman.ca> <013e01d3ac75$0773ff70$165bfe50$@cdac.in> <20180223154847.GB7254@faui40p.informatik.uni-erlangen.de>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 23 Feb 2018 18:01:52 -0500
Message-ID: <8345.1519426912@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/uVy5LBqxMWhmwu3trPPJvZ6zexY>
Subject: Re: [Anima] verification of manufacturer in BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2018 23:01:57 -0000

'Toerless Eckert' <tte@cs.fau.de> wrote:
    >> Now when a pledge wants to validate the JRC, he simply needs to verify
    >> the signature of MI on the invoice. No communication with MASA or even
    >> MASA itself is not required.

    > Yes. I have this picture in my head of a guy (called Scotty ;-) holding
    > a printed sales receipt with QR-code and trying to show it to his new
    > router/equipment.

("But, Dr. McCoy how do ya know this guy isn't the guy who invented secure enrollment?")

    > The classicial representation of an offline voucher is a USB stick and a
    > pair of sneakers to represent the physcial media and transport channel,
    > but i like the QR-code too to represent the potential complexities of
    > offline vouchers.

The voucher-on-USB-stick case is represented in the NETCONF work.

    >> It is just like the way, JRC verifies the pledge using the IDevID certificate issued by MI.

    > If you have a side-channel to get the voucher into the pledge, yes. But
    > very often in "professionally managed networks" (ANIMA charter), the guy who
    > gets the sales receipt could be (hundreds of) miles away from the pledge,
    > so in those environments its much more likely that any type of offline
    > voucher can easily be injected into the Registrar first than through a side
    > channel physcially into the pledge.

Additionally, equipement is often shipped directly to the data center where
it will be installed.

Upon arrival, the *data center* staff can be paid to remove it from the box
and physically install it.  This is called "remote hands".
       http://searchdatacenter.techtarget.com/definition/remote-hands
       http://www.365datacenters.com/services/remote-hands-services/

Remote hands can often be instructed to do things, but it requires a very
senior engineer to guide them, because they have to know PRECISELY what
should appear and all the situations that could go wrong.  I've worked this
kind of thing.  Too often an operational engineer flies there and does it
directly.  That's the kind of thing we are working to deal with.

Usually all one has the remote hands do is to configure some kind of
connectivity.
This means today:
     a) a "lights out" (iLO, iDRAC, etc.) network connection if it's a server.
     b) a craft (serial) console if it's a router.

The ACP document goes into this at length... the point is that BRSKI can
bootstrap that equipment even if it's the core routing equipment, as long as
the long-haul fiber goes into a compatible optical module.
(And the right lambda is used... I'd like to write a specification for
auto-detecting that part.  I suspect it doesn't need standardization)

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email