IETF Logo Mail Archive

Re: [Anima] FW: New Version Notification for draft-mohammed-anima-voucher-security-profile-00.txt

"Srihari Raghavan (srihari)" <srihari@cisco.com> Thu, 08 June 2023 10:02 UTC

Return-Path: <srihari@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DF81C15107C for <anima@ietfa.amsl.com>; Thu, 8 Jun 2023 03:02:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.596
X-Spam-Level:
X-Spam-Status: No, score=-14.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="DH8Lqj3a"; dkim=pass (1024-bit key) header.d=cisco.com header.b="nq8OYfKP"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyQL1HUxOxxH for <anima@ietfa.amsl.com>; Thu, 8 Jun 2023 03:01:58 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B44E4C14EB1E for <anima@ietf.org>; Thu, 8 Jun 2023 03:01:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5170; q=dns/txt; s=iport; t=1686218519; x=1687428119; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=eiF7UZ32tHIr5p3A/TXY11DXysPKPZ+nzQUPnzAO9jA=; b=DH8Lqj3aY0kkykngU6cVQfoalkllK57BNDrj84V5KssxcjbSG3Yx06Gu DjDeqRoHyr55gZ3/iKQN54uM42NiwPZI+J3Exb7AfegZGouHiMhn3oTD2 j4rtCY41lgiKxbaLCPGs/hj2H9OV2D+PdcBLyAlEyApmAXwR9+WgROALe c=;
X-IPAS-Result: A0ADAABmpoFkmJFdJa1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQCWBFgUBAQEBCwGBXFJzWzxHhFGDTAOETl+GLoIkA4ETkBmMP4ElA0IUDwEBAQ0BAUQEAQGBUz+CdAIWhVYCJTQJDgECAgIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFOwYnDYYEAQEBAQIBEhERDAEBNQMEBwQCAQgRBAEBAQICIwMCAgIwFAEICAIEARIiglyCOiMDAaFfAYE/AookeoEygQGCCAEBBgQFnyYJgRUtAYk5iCYnG4INgRUnHIIwOD6CYgKBdQKDRDmCDCKLOw2CYoMLi3qBKW+BHoEiB3gCCQIRQSaBCghQEIFhAwxAAg1VCwtjgR1SPYFGAgIRKRMOBwVIex0DBwQCgQUQLwcEMgkVCQYJGBgYJwZTBy0kCRMVQgSDWQqBEEAVDhGCYjACBxY3AxkrHUADC3A9NQYOHwYmAR4CKgGBVzCBTUihBBlGGgoEgSNIATcHByIsD5M7gx6tagqECKEaBC+EAaRxYpgVIIIvoDgJhHwCBAIEBQIOAQEGgWM6gVtwFWUBgjxSGQ+MUYFPDA0JFYM9j3l1OwIBBgEKAQEDCYhuLYIrAQE
IronPort-PHdr: A9a23:hDsEjh8lqiw9I/9uWO7oyV9kXcBvk6//MghQ7YIolPcUNK+i5J/le kfY4KYlgFzIWNDD4ulfw6rNsq/mUHAd+5vJrn0YcZJNWhNEwcUblgAtGoiEXGXwLeXhaGoxG 8ERHER98SSDOFNOUN37e0WUp3Sz6TAIHRCqLhB0Ju3vG6bZjt+80Ka5/JiAKwlNjSC2NKt7N w7+7R2Er9Qfm4JkNqc3x1PFo2AdfeNQyCIgKQeYng334YG7+5sLzg==
IronPort-Data: A9a23:U7SOc6xvZiIDEe3yeBJ6t+dUxirEfRIJ4+MujC+fZmUNrF6WrkVSy zQYCmCPPfeOYWGhfNElboS1oRxUuZeAzdVkQAI5rFhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJloCCea/H9BC5C5xZVG/fngqoHUVqicYkideSc+EH160Uw7y7Zg6mJVqYHR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4sQKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+qIxMvkHZ11vsSSIs9R24 vd0rrmXYxh8a8UgmMxFO/VZOzt1MasD87jdLD3u98eS1EbBNXDrxp2CDmlvYtZeobkxUDoIr KBFQNwORkjra+ae26i6SuB2h+woLdLgO8UUvXQIITTxU697H8+YGviiCdlw1xYQ3sNQXuTlI PEoYjNjNCbOWR9eEwJCYH45tL742iagG9FCk3qco6sy6kDSwRB/lr/3P7LolseiX85ZmAOTo XjLujW/CRABP9vZwj2Amp6xugPRtSfxXoEJGqeAzO9rrFmU7E4qEzgxf0Tu9JFVlXWCc95YL kUV/A8noq4z6FGnQ7HBs/uQ/SDsUvk0BoY4LgEq1O2e4vGLvFvBVwDoWhYEOYN27pZnLdA// gbRx4uBONB5jFGCpZugGlq8tzi+P20eKnUPIH5CRgoe6N6lq4Y25v4ucjqBOPDs5jEWMWigq 9xvkMTYr+lK5SLs//7rlW0rexr2+vD0ovcdv207pF6N4AJjf5KCbIe181Xd5vsoBN/HHgfY4 iJax5DPvbxm4XSxeMqlHr1l8FaBuqbtDdEgqQUH82QJrm70oCfzIei8HhknfRY2Wir7RdMZS BaD5VwOjHOiFHCrdqRwK5mgENgnyLOIKDgWfq68Uza6WbAoLFXv1Hg3PSa4hjmx+GByyvtXE cnALq6R4YMyVP4PIMyeHblNiNfGB0kWmAvueHwM507+j+XCOSTEFOdt3ZnnRrlR0Z5oaT79q r53H8CL0B5YFub5Z0HqHUQ7dzjm8VBT6UjKlvFq
IronPort-HdrOrdr: A9a23:QHVvVK3c/KDZ/faZknHCBQqjBR1yeYIsimQD101hICG9Lfb4qy n+ppomPEHP5wr5AEtQ5exoWJPrfZtFnaQFrbX5To3SIzUO31HYY72KjLGSjgEIfhefygcz79 YZT0ETMqyUMbE+t7eG3ODaKadv/DDkytHSuQ629R4EJm0aCNAD0+46MHfgLqQcfnggOXNNLu vk2iMxnUvHRZ14VLXeOpACZYX+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwJ85mF K10zDR1+GGibWW2xXc32jc49B9g9360OZOA8SKl4w8NijssAC1f45sMofy/wzd4dvfqmrCou O85yvIDP4DrE85uVvF5ycF7jOQlQrGLUWSkGNwz0GT+fARDwhKdfapzbgpAycxrXBQ/e2VFM lwrjikX109N2KaoMy2jeK4Jy1Chw66p2EvnvUUiGEaWYwCaKVJpYha509NFowcdRiKoLzPPd Meev003swmOG+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNAaVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaM6Ag3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu7ZjDlhCy8nBrZbQQFi+oQoV4ridSt0kc7/mZ8 o=
X-Talos-CUID: 9a23:EJoFhW8+YaDD7RigG2GVv0oeHMM+fGfl9mbRD0u/I0RQU5iyY0DFrQ==
X-Talos-MUID: 9a23:Dkk5CAyck1QWJ49bPafkr/tx2KCaqK+PKBgOj9YUgI6/BCd5N2+vgg61U6Zyfw==
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Jun 2023 10:01:58 +0000
Received: from rcdn-opgw-2.cisco.com (rcdn-opgw-2.cisco.com [72.163.7.163]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 358A1v8J019388 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <anima@ietf.org>; Thu, 8 Jun 2023 10:01:57 GMT
Authentication-Results: rcdn-opgw-2.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=srihari@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.00,226,1681171200"; d="scan'208";a="2716199"
Received: from mail-bn8nam12lp2172.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.172]) by rcdn-opgw-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2023 10:01:57 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PqUBwgfC0vje2UzYgpdUw1ifkT4qAEGVL7MJBsGVymUY28gzquI8LMoe7W7iyZNjOh4Brwf2kVB6dn0Y8xYMtgMdJulr+KuZljoXk5V681mCcwMAYDQAkxmzhawq0Zfe5nxAyASDCBKeJdZZtKfiWyC0wb/ki74a3BwxU5EUELtE6f8y9GempqyyFrrOboDAxzQZMzZaG8ckMZKF7kSYbNUSEEHjQVZ7Rs5/wWQor4v2oftFNXgr/zgDdy+VA9tWlPmm9Iq3y+nozMsEdf+3FY1TsSjZ66t66Vr8Ce2kRHIj4X6fbJY3YP9GEAe3ZZ+UUsCAoDX+bPl9Btc5Al0Qpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eiF7UZ32tHIr5p3A/TXY11DXysPKPZ+nzQUPnzAO9jA=; b=jITZKAKD7QSbJsWyBLxdvJLu67V1LPkKV/tLz35qF3Uo4zDUdnswxSPYDoC7uRGyQtaRy5Sbxl2h8xp1IVuMagSMa/APTQUNbdasok80VBJYjgVNSoXUgoGQGPhVGVrPDasGdPnS/oeyfQ1Hl1o82HGwNbjsF6GHP6Fkm94c7f0mdlO0nESl52wgFCCOA7klZoBBvikHLpH0HXw18J4Er28BX2JMYBMOUh77Y6gYwQf5q2ngxHRPBd2dBVDNxjUvLauY5EiBAiT0KI1bd08+NyuZEDS1Tfw5Ze2wMYgSBhkSjYO+pqMdD7RhCJs88Vd+VUEujBq9ulcKKJlIl3UNmg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eiF7UZ32tHIr5p3A/TXY11DXysPKPZ+nzQUPnzAO9jA=; b=nq8OYfKP4z2pUsmd8k2I8dok9ego2SLYvs/2yTENyDESFQYW0Fy5bN6ht4QWxdbXlLmQXGPeP9JQVDSl6zbanQgx3xvmRtnVBuCsUIiWvN3TzRyhRxpDh//zXOntHp+Dxmzvfq3OP+Jo44dQJS4P1VKStyHTHb1pzKkBLF83DzE=
Received: from BYAPR11MB3815.namprd11.prod.outlook.com (2603:10b6:a03:fa::27) by DM4PR11MB5389.namprd11.prod.outlook.com (2603:10b6:5:394::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.19; Thu, 8 Jun 2023 10:01:55 +0000
Received: from BYAPR11MB3815.namprd11.prod.outlook.com ([fe80::b569:93c6:dd47:809e]) by BYAPR11MB3815.namprd11.prod.outlook.com ([fe80::b569:93c6:dd47:809e%4]) with mapi id 15.20.6455.030; Thu, 8 Jun 2023 10:01:55 +0000
From: "Srihari Raghavan (srihari)" <srihari@cisco.com>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>, Michael Richardson <mcr+ietf@sandelman.ca>, "anima@ietf.org" <anima@ietf.org>, "jabir Mohammed (jamohamm)" <jamohamm@cisco.com>, "Reda Haddad (rehaddad)" <rehaddad@cisco.com>, "Sandesh Rao (sandeshr)" <sandeshr@cisco.com>
Thread-Topic: [Anima] FW: New Version Notification for draft-mohammed-anima-voucher-security-profile-00.txt
Thread-Index: AQHZktDn1f0sjF4tvUacYT89CYY8ja9y3Y4AgAAbeICAAGFjgP//rJqAgAxo6GCAAacnAA==
Date: Thu, 08 Jun 2023 10:01:55 +0000
Message-ID: <6B3CDC36-DF29-4BDA-B3E3-9C3FB437602B@cisco.com>
References: <168543538755.57544.11025538238647976477@ietfa.amsl.com> <78D5263E-C7B4-40A8-91E3-949B78DD801C@cisco.com> <3424246.1685462203@dyas> <A7BFB9F8-132C-4E10-92F2-C48AE8B9F17C@cisco.com> <3431043.1685465207@dyas> <DU0P190MB197888430BC0180EF61A116CFD50A@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <DU0P190MB197888430BC0180EF61A116CFD50A@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.73.23052700
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB3815:EE_|DM4PR11MB5389:EE_
x-ms-office365-filtering-correlation-id: ebe0391c-6608-4088-c391-08db680763ea
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SqnSgHHEV8wlpj5htWFtAGjgPm1MODHQ/9WaX9Ukzm2SxmTZhKQkEb0X42GXytKogGs2i1A5VLsCOaGt06+bD6+qj2Sx9TVzabSqvam8caCuKVLkdJbnwMEWre4y+JNP9RjrIq4AX+sgSfx3eHK7usV4cr9TIgkR3ALdmUfp08EpgsllzUw5QyxFGWanXmqEpHfimtiVZ6lXApGApryI94rTikMKt+Dk223ySfNqz6odDJKMIf0lqrzUXZGZUw/dWQJO225cOcCdGUmvifihKFXbTuWS6tHWIEr+Mb3grT+l9pqyvweLSubb+u4EY6LL7xDRkpntYUaYdqJoDweREijNhy1pCfexUK8+hcDmkI2AMqKvb0fZWRy2c7kkXp3P9GtJ0zWimnF8SQHvZ6KPGn4HnKfmfMARhPcgEsdL6wg3A/igh90otqrMhkqZVRToVsZdw1mOmzxZQwvy8NEI+qcGTIuCogppXJ9pQNnAomWEFErAcizl+JaaR+dHjiACWFtaLSpS32F1bJPxWLb1YPPXi8HgV3fJbACMAN9tKyuYocuA/w9UjtU8L33m2CqTjoUwMmSJ/YcXu983uRUzcT459CpRMkyfNXkjsUSKJHywcpID6ap+loFQs1Vabv5dpEV9LxW25BwWC3Hob4BUZg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3815.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(39860400002)(376002)(366004)(136003)(396003)(346002)(451199021)(186003)(38070700005)(2906002)(36756003)(15650500001)(86362001)(66476007)(76116006)(91956017)(64756008)(66446008)(66556008)(66946007)(71200400001)(6636002)(122000001)(110136005)(2616005)(83380400001)(6506007)(53546011)(6512007)(26005)(8936002)(8676002)(33656002)(5660300002)(41300700001)(6486002)(38100700002)(316002)(478600001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: raQpCAC4MKBdcffbW8oa+OxAfpRkHWPnEadifbk/fFvf35rzw8evdJsPO4wI2al8gcsC3tKhJ2rEAG+5Wz4iENdXjXRppPKVTNOosC2SKfCkn9BwPdnTiyGzpydmD6w9R7DBH7ZNtbDJKJaliKThMD3OIt7aOw35wfrGs7AfXzm+gKeWfawGaS/FU8O+fBptYrnvRpwUAAcA6OXZLldoALhgZhng5YJ9tdFMP7RZ34VfjuLR7zOqW2QY7vIwr31AEa5ytwoeM0RjInUrlfHRivD+PhTLhEY28v6t77Cc5S3Kr+cKgeK0D2PXdkD9FjkkRm7aqFR7fjbFJ3k0E5CVM+HDP0UwqwJFpIMtXUW+h4HNbM2dSPfnSlirYGLOnYKGk8mxm6xNg4R+pRvK5pMZuwIsJzqhJOYj05Ari4YNnjfwJf+Yxl0oEcCMjB8A9RSCq3UqbdhYHOCn/Y7GiDFpAlMlptuCHJraM+9g25zWYZaC3znQ42dF+wOFeKmC4brkdkgoYk+QdmkT9p9luTzom/OwMfbCCcWIGMUULsjHZVjuSj3ypZxfoLwlpkMEbFKhuYk853x1EEEzJ1NAD4cE7L15IY+JmZGqoh1LqUKpAeKxWmPVc5iNAeYpYoLVBHsyal/xelFwirDVP1GRBPR19/9KTsIBU+i5vvGNFMTOgZmZdBmkocX8wlvCWctCJZ8RPwgEtlLIVFr9e4Dss0Q/g1eUsgTb5fHTc1PhL6L8/MJRzq+JRD/2aMxvpo/KqUi7ScAGhq7uxnPqvQwuBFCAUlqxhW6DWIfPuG+u/WxWBWxRM2X+NNvHVk7dfTSY1IN1X7Fb4YqjvewzV3iHyxbzRzqnxOvG23vEhMc99XzClE7ZMVAWOgAZraBKIrCGCg4UfMsyfkJzayypZiCh6q4Hv64FbK4W2eDdhmAYhKfDjxLRLQA7HElmcqL6MFQxDL6I+/vtO+KbKokuATxPDluSOQObTsOBGa7NhIweQuyJ74jcTgAJaNMpE54u+3CCwN/TrpDrsAlKSCHMT1MZdMpMExKNYlZnqULtSQxBp+IFG/5y1GYi0gN3adHtlmm1odXl80SGmrQ9jQ2VIMIt0la/58Kdm2V056UdAh/qm+mpxTsK9gJw7F08eF7CcCd2NEzD5n2PjG/G1eGBlhVbU9F8W7mHzZvdAtChoh/QEMDKK1ODBDX9baMmEECe3yV0Lvf34rdertZNQqS5N8WzsrbqaqtcTlk/YcldQqWM+oUkpJeHlvWZBZ9nkqgyqy3mSjyOiM4NNhu5kM9lvm9ptVftR7MifPAshDNP9c9KuQbQ5hJri6dBjhZLmDF6Ai3/LoAg6Hdo/zb64BwSyT+ug/ZWe7DwFCl130TR/qLnwKtgENsqIbUGOzNI12EjkJmSn18zYFvM1QydULvchtnmUqINf9pGG21iTGnbcf7paINUi2fGiyklxvbGECaE86zo2ETjYY0iwGR9stYcK4yE2J418bhJD2kOOdT2mwKdtpxDwNLIEO803dT5guOT76cuG00av5AQjmFWi6r80Ig/UzneuEVkbuuuHuuAvnjnSaG0xH/rf20njvhkVh0T5XD/ft/m
Content-Type: text/plain; charset="utf-8"
Content-ID: <049A0853C5635C49BF7F0BDBE35CCE77@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3815.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ebe0391c-6608-4088-c391-08db680763ea
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jun 2023 10:01:55.3181 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: v/g/RFhuWE42gCUemOtdYnnDw28YfoPQ48sKt4xCxTQ7vSAqqlZy+TT7eP457Syi26h/JASEeE7Bo8iOE1DSQA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5389
X-Outbound-SMTP-Client: 72.163.7.163, rcdn-opgw-2.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/yE9hwHhX4r4Qlh0wjL0eEaypA04>
Subject: Re: [Anima] FW: New Version Notification for draft-mohammed-anima-voucher-security-profile-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 10:02:03 -0000

Thank you Michael and Esko for the time and comments.

An 01 revision is in the works, that has changes like 64 bits and some corrections based on your comments.  Once uploaded, I will also add comments on the need for standardization as well as other aspects.

Thanks
Srihari

On 08/06/23, 2:36 PM, "Esko Dijk" <esko.dijk@iotconsultancy.nl <mailto:esko.dijk@iotconsultancy.nl>> wrote:


> I think that there are better ways to do accomplish the configuration, such
> as extending the BRSKI-EST link with new actions.


Indeed letting the owner independently set security policies for the owner's own domain sounds useful. Such policies could be sent by the Registrar over the same TLS / DTLS connection that is created for the BRSKI-EST, or for the standalone EST, protocol. E.g. device gets a policy update every time it gets a renewed LDevID. The policy data can be a voucher-like document, or a JWT, or a CWT, signed by the Domain CA. 


To get the policy data, the BRSKI/EST client could request it using a RESTful request. This has the benefit that we can define it as a building block independent from EST itself, while the underlying security and effort and standards-text of setting up the TLS connection is shared with EST. I'm assuming the protection provided by the TLS connection is useful and wanted in this case.


That said, security policies determined by the vendor (through MASA) could also be useful for some use cases. The vendor could enforce policies on the use of the Pledge for the particular target Domain/customer. E.g. enable some features, disable others. Currently that would be encoded in the Voucher in a vendor-specific way. Question is if there's a need to standardize this format? Or maybe have an informative document showing how to do it is sufficient. 
If we let the domain owner's security policy settings piggy-back on the Voucher document, so that all security policies are distributed via one signed document, that may be nice and simple but it's less flexible that having policies that the domain owner can determine fully independent from the MASA.


Esko




-----Original Message-----
From: Anima <anima-bounces@ietf.org <mailto:anima-bounces@ietf.org>> On Behalf Of Michael Richardson
Sent: Tuesday, May 30, 2023 18:47
To: Srihari Raghavan (srihari) <srihari@cisco.com <mailto:srihari@cisco.com>>; anima@ietf.org <mailto:anima@ietf.org>; jabir Mohammed (jamohamm) <jamohamm@cisco.com <mailto:jamohamm@cisco.com>>; Reda Haddad (rehaddad) <rehaddad@cisco.com <mailto:rehaddad@cisco.com>>; Sandesh Rao (sandeshr) <sandeshr@cisco.com <mailto:sandeshr@cisco.com>>
Subject: Re: [Anima] FW: New Version Notification for draft-mohammed-anima-voucher-security-profile-00.txt




Srihari Raghavan (srihari) <srihari@cisco.com <mailto:srihari@cisco.com>> wrote:
> Agreed that MASA is the signing authority and the draft is meant to
> convey that the owner can influence the choice by way of parameterized
> inputs to the MASA APIs. So, owner can be presented with a 'security
> profile selector' input via the MASA external APIs and when the owner
> provides the PDC and the selector input values, MASA can then go ahead
> and create the voucher with appropriate security profile settings
> (after verification and validation) for the device.


okay, that's a entire API from Registrar to MASA which you have to design and
document. And you mention SZTP, and it doesn't have that link.


I think that there are better ways to do accomplish the configuration, such
as extending the BRSKI-EST link with new actions.


--
Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*

v2.23.0 | Report a Bug | By Email