Re: [Anima] AcpNodeName -- Re: I-D Action: draft-ietf-anima-autonomic-control-plane-26.txt
Toerless Eckert <tte@cs.fau.de> Wed, 01 July 2020 23:29 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D909D3A120E for <anima@ietfa.amsl.com>; Wed, 1 Jul 2020 16:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnI4Pry3xJ6N for <anima@ietfa.amsl.com>; Wed, 1 Jul 2020 16:29:57 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 944F73A1202 for <anima@ietf.org>; Wed, 1 Jul 2020 16:29:56 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 61841548068; Thu, 2 Jul 2020 01:29:51 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 530D2440043; Thu, 2 Jul 2020 01:29:51 +0200 (CEST)
Date: Thu, 02 Jul 2020 01:29:51 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: anima@ietf.org
Message-ID: <20200701232951.GB60049@faui48f.informatik.uni-erlangen.de>
References: <159363696301.1694.14970467680230111407@ietfa.amsl.com> <12080.1593643652@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <12080.1593643652@localhost>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/urdjJO3TNa3PD6_gY1TJLpEJjDQ>
Subject: Re: [Anima] AcpNodeName -- Re: I-D Action: draft-ietf-anima-autonomic-control-plane-26.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 23:30:03 -0000
On Wed, Jul 01, 2020 at 06:47:32PM -0400, Michael Richardson wrote: > > As I understand the diff, AcpNodeName seems to be a new extension, > not a SubjectAltName extension, but an extension? No, i think this is why Russ was adament to have subjectAltName mentioned. It is just a new otherName and can therefore theoretically be used everywhere a GeneralName can be used. It MUST be in a subjectAltName / otherName to name the subject. It _could_ be in IssuerAltName if for example an ACP node is a subCA etc. pp. It could be used in IDr / IDi in IPsec too. > I found it difficult, reading RFC5912 to figure out where id-on was located, > and I had to go into > https://www.iana.org/assignments/smi-numbers/smi-numbers.xml#smi-numbers-1.3.6.1.5.5.7.0 > to see. > > Throughout 5912, we have: > id-pkix OBJECT IDENTIFIER ::= > {iso(1) identified-organization(3) dod(6) internet(1) security(5) > mechanisms(5) pkix(7)} > > while ACP says: > > id-pkix > FROM PKIX1Explicit-2009 > { iso(1) identified-organization(3) dod(6) internet(1) security(5) > mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } ; i took pretty much the whole ASN.1 block from RFC8398, given how nobody was jumping forward to suggest writing the ASN.1 code. This RFC looked like the newest/best template for a new string type otherName. > and while I understand that these are "local" variables, it does make > figuring stuff out difficult. May I request that the above link > (smi-numbers.xml ) go into a comment? maybe that's not often done. Can you pls. suggest explicit text, because i am just winging this ASN.1 stuff by stealing text from prior RFCs. > The IANA section is a bit of a clearer pointer, but I sure wish we'd point > people straight at the the place we mean by URL. Suggest text, or pull request pls. I just tried to stay on the safe side, dong what prior RFCs did. Pasting a Title into Google is typically a better way to find stuff than hoping URLs don't change, although IANA is prety stable (never try URL with any vendor WWW server ;-). Cheers Toerless > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima -- --- tte@cs.fau.de
- [Anima] I-D Action: draft-ietf-anima-autonomic-co… internet-drafts
- [Anima] use of CRLs in I-D Action: draft-ietf-ani… Michael Richardson
- [Anima] AcpNodeName -- Re: I-D Action: draft-ietf… Michael Richardson
- Re: [Anima] AcpNodeName -- Re: I-D Action: draft-… Toerless Eckert
- Re: [Anima] use of CRLs in I-D Action: draft-ietf… Toerless Eckert
- Re: [Anima] use of CRLs in I-D Action: draft-ietf… Michael Richardson
- Re: [Anima] use of CRLs in I-D Action: draft-ietf… Toerless Eckert