Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-28: (with DISCUSS and COMMENT)

Michael Richardson <> Tue, 31 December 2019 19:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9EB1A120047; Tue, 31 Dec 2019 11:37:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id R5aq0dW3jIoq; Tue, 31 Dec 2019 11:37:57 -0800 (PST)
Received: from ( [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 42C31120026; Tue, 31 Dec 2019 11:37:57 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 3C29138981; Tue, 31 Dec 2019 14:37:41 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id A62C83FE; Tue, 31 Dec 2019 14:37:55 -0500 (EST)
From: Michael Richardson <>
To: tom petch <>
cc: Alissa Cooper <>, IESG <>,,,,
In-Reply-To: <>
References: <> <9637.1574756997@localhost> <> <20062.1576526178@localhost> <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
X-Attribution: mcr
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 31 Dec 2019 14:37:55 -0500
Message-ID: <28309.1577821075@localhost>
Archived-At: <>
Subject: Re: [Anima] Alissa Cooper's Discuss on draft-ietf-anima-bootstrapping-keyinfra-28: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 31 Dec 2019 19:38:00 -0000

A diff against -31 is at:
and will grow to include my responses to Ben's 2019-12-20 comments later today.

tom petch <> wrote:
    > Yes you have removed the second YANG module which addresses my comments
    > about the second YANG module but my other comments mostly remain.
    > Those about the YANG prefix are fixed.

    > RFC8040 needs to be in the I-D References

    > IANA Considerations mentions the removed module but lacks the two
    > required actions for the remaining module

I understand now.  I wonder if idnits could be taught to find such issues :-)
Please see commit:

    > XXXX is used as a place holder for a document name which is not that of
    > this I-D and does not exist AFAICT

Do you mean the self-reference should say "XXXX"?  I have used "THIS
DOCUMENT" in the past.

    > The YANG module must be plain text - [RFC8446] looks like HTML/XML

I'm confused by this comment. I see:

    > Michael, my initial posts were a response to the Genart review and so
    > did not include your name, just Anima, Anima chairs, ibagdona, IETF;
    > you are in this one as (but IETF mailers may have
    > a habit of thinking you will get an e-mail via one way and suppress
    > other ways with different e-mail addresses).

Yes, I wasn't complaining about your actions, but more just lamenting: my
impression is that the problem is that DMARC is getting in the way, since the
DT acts as a remailer.   However, has a p=none policy, so it
shouldn't be a problem... however, maybe it fails the SPF tests themselves.
{I was forced to switch spam processing systems in the spring, and it really
has been a PITA to get it configured sensibly.  Very few of them support
IPv6, and a surprising number of them will not use TLS for final delivery.
I specifically need to whitelist everything coming from the IETF SMTP machine,
and I don't think I've accomplished that perfectly yet.}

        leaf proximity-registrar-cert {
          type binary;
            "An X.509 v3 certificate structure as specified by RFC 5280,
             Section 4 encoded using the ASN.1 distinguished encoding
             rules (DER), as specified in ITU-T X.690.

             The first certificate in the Registrar TLS server
             certificate_list sequence  (the end-entity TLS certificate,
             see [RFC8446]) presented by the Registrar to the Pledge.
             This MUST be populated in a Pledge's voucher request when a
             proximity assertion is requested.";

I'm not sure I see how you are seeing HTML here.
If you are looking at:
then the links you are saying are because the HTMLizer sees the reference and
HTMLizes it.

    > Security Considerations lacks the required boiler plate for a YANG
    > module

I see. I have adapted the text from RFC8366, as we extend it, and the normal
template does not apply.

Fixed in commit:

    > Appendix A still has a typo

secification -> specification. plege->Pledge.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]        |   ruby on rails    [