[dtn] FW: [EXT] Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Fri, 19 January 2024 16:36 UTC
Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A7ABC15106F for <dtn@ietfa.amsl.com>; Fri, 19 Jan 2024 08:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S_uApd1ukees for <dtn@ietfa.amsl.com>; Fri, 19 Jan 2024 08:36:04 -0800 (PST)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41595C14F5F4 for <dtn@ietf.org>; Fri, 19 Jan 2024 08:36:03 -0800 (PST)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.17.1.19/8.17.1.19) with ESMTP id 40JELTTY018035 for <dtn@ietf.org>; Fri, 19 Jan 2024 11:36:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=JHUAPLDec2018; bh=qQj+37VGLahgY0QjYQI8U1OPgZ2luZBvc41TFIX3ScM=; b=X2/56nO1i2qQKRrSMkm/xOh6GqRBEwyntzlVxwCd5TDyGsAfJujYwQMPSbykj6H8r9Gz DEDlmkto69DbQpky1fzImOo7/Mf/8DMSMz1enCLr66kMsUQ+GOeu/bEG/2O+QRlSW3Dh l7nBsnE2lHYMRUeHxeqv5AAHUz3FQVNAOwLfosvXPDkSbBal71VGnGQ+aqIWRdtG8qxJ z62CxPgHGxQWFqKrre2Y+7mrkpGhzY/4v1MZ+nxixoB6uPvMZ2Qy7LLmzJ6vHDrhBx7j XImNZipKHxWvwYpxT9oZCprJUmwbb6rdhqewCAr8hAWBlWQDoB6GpiAxXDRu7MkFNovV ew==
Received: from aplex23.dom1.jhuapl.edu (aplex23.dom1.jhuapl.edu [10.114.162.8]) by aplegw02.jhuapl.edu (PPS) with ESMTPS id 3vkqm4ftv9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dtn@ietf.org>; Fri, 19 Jan 2024 11:36:03 -0500
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX23.dom1.jhuapl.edu (10.114.162.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Fri, 19 Jan 2024 11:36:02 -0500
Received: from APLEX21.dom1.jhuapl.edu ([fe80::6032:607c:9f2a:6daa]) by APLEX21.dom1.jhuapl.edu ([fe80::6032:607c:9f2a:6daa%5]) with mapi id 15.02.1118.040; Fri, 19 Jan 2024 11:36:02 -0500
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [EXT] Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
Thread-Index: AQHaRU8FFvYZW3tYZEiQFKnuDTtk1bDhUs3g
Date: Fri, 19 Jan 2024 16:36:02 +0000
Message-ID: <88a28052515d45d89f793c2affdbbb5a@jhuapl.edu>
References: <170500837851.47648.11997188498442985897@ietfa.amsl.com> <CAGgd1OeSP00c1bcUZbRpqv1+r33Tpj=ESq-WVL5ra7_yL91Mog@mail.gmail.com>
In-Reply-To: <CAGgd1OeSP00c1bcUZbRpqv1+r33Tpj=ESq-WVL5ra7_yL91Mog@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.18]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0067_01DA4ACB.ACB15410"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX23.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX23.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-19_10,2024-01-19_02,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/S1gqDoSf1omDmKgxnjPmfum28SE>
Subject: [dtn] FW: [EXT] Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2024 16:36:09 -0000
DTN WGers, An ACME document (referenced below) related to validate the ownership of a BP Node ID is going through last call and receiving some feedback from DTN folks on the ACME mailing list (acme@ietf.org <mailto:acme@ietf.org> ) would be helpful for chairs and AD to be confident that the document is in good shape. Keep in mind that this mechanism (and doc) is in the Experimental category, so the goal is to have a validation method which is usable and testable, not necessarily one which has solved for all possible conditions and topologies. There was some specific focus on whether Section 4 “Bundle Integrity Gateway” has a reasonable set of requirements. Specifically the requirement that an integrity gateway verify the authenticity of the source through some means below (or outside of) the BP layer. The analogy to DKIM email signing should be helpful in understanding what is proposed here, though while DKIM relies on configuration being distributed via DNS the BP integrity gateway requires out-of-band configuration of which nodes are allowed to sign on behalf of which sources. Any feedback on the current state or suggestions for improving reader’s understanding of what is being proposed is helpful. Nothing being proposed here should be truly novel, just combining existing techniques and applying it to BP Node IDs and BP transport. But these kinds of improved automation are valuable for scalable and dynamic networks. Thank you, Brian S. From: Acme <acme-bounces@ietf.org> On Behalf Of Deb Cooley Sent: Friday, January 12, 2024 7:01 AM To: acme@ietf.org Cc: draft-ietf-acme-dtnnodeid.all@ietf.org Subject: [EXT] Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt APL external email warning: Verify sender forwardingalgorithm@ietf.org <mailto:forwardingalgorithm@ietf.org> before clicking links or attachments This is the beginning of a two week WGLC for this draft, which will end on 26 Jan. Please review and comment. Deb C ACME WG Chair On Thu, Jan 11, 2024 at 4:26 PM <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> > wrote: Internet-Draft draft-ietf-acme-dtnnodeid-12.txt is now available. It is a work item of the Automated Certificate Management Environment (ACME) WG of the IETF. Title: Automated Certificate Management Environment (ACME) Delay-Tolerant Networking (DTN) Node ID Validation Extension Author: Brian Sipos Name: draft-ietf-acme-dtnnodeid-12.txt Pages: 31 Dates: 2024-01-11 Abstract: This document specifies an extension to the Automated Certificate Management Environment (ACME) protocol which allows an ACME server to validate the Delay-Tolerant Networking (DTN) Node ID for an ACME client. A DTN Node ID is an identifier used in the Bundle Protocol (BP) to name a "singleton endpoint", one which is registered on a single BP node. The DTN Node ID is encoded as a certificate Subject Alternative Name (SAN) of type otherName with a name form of BundleEID and as an ACME Identifier type "bundleEID". The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-12.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-dtnnodeid-12 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Acme mailing list Acme@ietf.org <mailto:Acme@ietf.org> https://www.ietf.org/mailman/listinfo/acme
- [dtn] FW: [EXT] Re: [Acme] I-D Action: draft-ietf… Sipos, Brian J.