[Anima] continuing BRSKI design team calls

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 07 January 2021 22:45 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93043A0B9E for <anima@ietfa.amsl.com>; Thu, 7 Jan 2021 14:45:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QwA1gqH_PEHK for <anima@ietfa.amsl.com>; Thu, 7 Jan 2021 14:44:58 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 041E73A0B68 for <anima@ietf.org>; Thu, 7 Jan 2021 14:44:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A92FD38982 for <anima@ietf.org>; Thu, 7 Jan 2021 17:46:06 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JdYT5L_g3F4a for <anima@ietf.org>; Thu, 7 Jan 2021 17:46:05 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 56397389AD for <anima@ietf.org>; Thu, 7 Jan 2021 17:46:05 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 30E1B4BE for <anima@ietf.org>; Thu, 7 Jan 2021 17:44:54 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <161002942752.25870.3859445401436401105@ietfa.amsl.com>
References: <161002942752.25870.3859445401436401105@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Thu, 07 Jan 2021 17:44:54 -0500
Message-ID: <23005.1610059494@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/upxmqK9FcHnXNw8HtcMFhsqt4R8>
Subject: [Anima] continuing BRSKI design team calls
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 22:45:01 -0000

Hi, the BRSKI design team met this morning at "7:30AM EST", i.e. 1230UTC.
We have met most weeks since 2020-10-01.
We are using: https://meet.sandelman.ca/BRSKIDesignTeam (a JITSI instance)
and the password, if asked is "anima".
We meet weekly.

Typical attendees include:
        * Peter van der Stok
        * Ejko Dijk
        * Thomas Werner
        * Aurelio Schellenbaum
        * Steffen Fries
        * Michael Richardson
        * Wei Pan
        * Hendrik Brockhaus
        * Eliot Lear

We are working on the following documents/repositories:

  https://github.com/anima-wg/anima-brski-async-enroll
  https://github.com/anima-wg/constrained-voucher
  https://github.com/anima-wg/constrained-6tisch-anima-dtls-join-proxy.git
and perhaps:
  https://github.com/mcr/anima-jose-voucher

This morning we dealt with:

1) https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-brski-async-enroll-01
That is, the changes that Steffen has done to brski-async-enroll,
specifically section 5.2.  We discussed how we could create an assertion from
the *PLEDGE AGENT* that it in fact has proximity to the PLEDGE.

This section introduces DPP-like QR code using a PSK.
There are many manufacturing challenges with a QR code, which are similar to
those created by an IDevID.
Having the result be a PSK further complicates things as it must now not just
be synchronized, but kept private.
(Though, DPP also requires that the printed public key remain essentially
private, as if it's actually the private part of the keypair)

We agreed that Steffen would post the -01 version above so that we can
have a larger discussion about this.
In particular, Eliot asked about the relationship between the pledge-agent
and the Registrar: what is it?

2) We worked on two of the three currently open pull requests.

a) https://github.com/anima-wg/constrained-voucher/pull/68
   rewrite intro and abstract
   -- make intro text match intention that this is about:
           - constrained voucher
      AND  - constrained BRSKI
   -- probably the title needs to change too.

b) https://github.com/anima-wg/constrained-voucher/pull/69
   Voucher pin considerations

   This adds a diagram about certificate chains and how BRSKI 5.5 says to do
   things, and how that translates to COSE.
   My advice is to put the x5bag in the protected headers, but there are some
   concerns about what things mean.
   We could do some interesting things by assigning semantics to whether
   the certificate is in a protected or unprotected header.  That  might
   not be good.

c) https://github.com/anima-wg/constrained-voucher/pull/67
   clarify BRSKI-EST and BRSKI-MASA protocols

   We did not get to this item.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide