[Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).
Toerless Eckert <tte@cs.fau.de> Wed, 04 May 2022 19:33 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B439C1595E5 for <anima@ietfa.amsl.com>; Wed, 4 May 2022 12:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.871
X-Spam-Level:
X-Spam-Status: No, score=-0.871 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SarnTfzbWTtZ for <anima@ietfa.amsl.com>; Wed, 4 May 2022 12:33:41 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A6B1C1594A7 for <anima@ietf.org>; Wed, 4 May 2022 12:33:40 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id A715858C4B1; Wed, 4 May 2022 21:33:34 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 967D84EADC5; Wed, 4 May 2022 21:33:34 +0200 (CEST)
Date: Wed, 04 May 2022 21:33:34 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: anima@ietf.org
Message-ID: <YnLVDjRUP/ZrT4kd@faui48e.informatik.uni-erlangen.de>
References: <YlWUA7xhMU2XtJsz@faui48e.informatik.uni-erlangen.de> <388791.1649870361@dooku> <Ymc57cpieDGAcn1X@faui48e.informatik.uni-erlangen.de> <8866.1651512153@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8866.1651512153@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/yCYESF6QrNmIcWZerPAbO71u9jk>
Subject: [Anima] FYI: est-coaps registered (was: Re: Discovery of proxy/registrar insufficient (GRASP and) more).
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 19:33:43 -0000
On Mon, May 02, 2022 at 01:22:33PM -0400, Michael Richardson wrote: > > How about cert renewal, did you folks discuss if this would ever be something > > pledges would want to do through the proxy ? In the case of ACP we did > > Nope, never. Just like in BRSKI. Just for the fun of it i just registered service-name est-coaps against RFC9148 with IANA yesterday, like Jack registered "est" against RFC7030 a decade afterwards. That should/could then be used for constrained networks to use any working (*grin*) discovery for automatic cert renewal, which to me is equally important to bootstrap. See for example RFC8994 for SRV.est for how ACP defines to do this with EST/RFC7030 (via GRASP). A lot more disappointed that RFC9148 didn't care about DNS-SD discovery than back when RFC7030 was written, but i guess they probably think their CoAP group communications discovery is better. Except that neither one works for L3 networks multicast IMHO (i am getting no response to that request i sent meaning at least nobody knows or cares), and COAP does not provide unicast discovery like DNS-SD from all i know. I really wonder how networks using RFC9148 intend to automate renewal, even absent automated secure bootstrap. I bet there is not going to be any interop requirements anyhow, and vendors are just hacking in some well-known DNS name for EST servers (est-server.<domain>) and ultimately do rely on unicast DNS. Oh well... Toerless
- [Anima] Discovery of proxy/registrar insufficient… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- Re: [Anima] Discovery of proxy/registrar insuffic… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- Re: [Anima] Discovery of proxy/registrar insuffic… Peter van der Stok
- Re: [Anima] Discovery of proxy/registrar insuffic… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- [Anima] GRASP securty/transport substrate alterna… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Peter van der Stok
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- Re: [Anima] Discovery of proxy/registrar insuffic… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- [Anima] FYI: est-coaps registered (was: Re: Disco… Toerless Eckert
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] Discovery of proxy/registrar insuffic… Michael Richardson
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Carsten Bormann
- Re: [Anima] Discovery of proxy/registrar insuffic… Brian E Carpenter
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Toerless Eckert
- [Anima] Carsten: Re: FYI: est-coaps registered (w… Toerless Eckert
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Michael Richardson
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Toerless Eckert
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Brian E Carpenter
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Michael Richardson
- Re: [Anima] FYI: est-coaps registered (was: Re: D… Esko Dijk