Re: [Gen-art] Genart telechat review of draft-ietf-anima-bootstrapping-keyinfra-28
tom petch <daedulus@btconnect.com> Fri, 18 October 2019 12:13 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E1EB1200B4; Fri, 18 Oct 2019 05:13:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.248
X-Spam-Level:
X-Spam-Status: No, score=0.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIqn_-FEUpUa; Fri, 18 Oct 2019 05:13:46 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80132.outbound.protection.outlook.com [40.107.8.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04C5B1200B3; Fri, 18 Oct 2019 05:13:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cv73SNsGF/SPqDx5c0di8CqA2ijbcKAnOIlj51rLy5eoMffBLL9QgSVRCWLB5kbC5mj4SqNpeTe1k/hdrMbk7uZvG9BuJskxICixx3Vx+JYvPTCPpgo/AkEw9pjrz1rlGIW0XnCQJJRC2SpbPewUA1HRgM952+FEbjxi5QkvpbwhVbEQeiA7l8Lj/Vei0rnGjQZ3nQOMckbwcZ8/u8jN8WN2N+ForUC9y8u1AMdAf5+f6fRe5zue25E2lG4OVCdQEJI2+6RXGdcrYgeNR89rfkCynr0rWPE4Y/1OBBsMGMoFW65XScEhp8TsFe/Bbkpwk6tUtjLO+P35RG8S7A6IjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h3N3kVpa98JmPCefCVvxZVemwtOrqky9deYnimYwFx4=; b=nhDZMdhUrqrFLQqd9zhTvvZmxk7ML1s9y1Xc/kMIGL8Lw5GTzTC0Dd0FfB4lnWSE7kwWvyaoMte2Nngk7+6H9kPmv5VVdXymXQLnSLrNZ0Z4qA8Q2BQ8LFTPw1IaC1wXkizSlzGR49enmCbv/py3L5ndTai3uwNaalHfZmoeg+9e1F0bZjD8aYHZXoRD1BUx/9+t1XBP1ByI1tcvFfqWts04lxn0SC45YpqxTZOgexCMkpnHblPTy9cyh/rLRa1yM8ZMOeuTN+XAtYEtxPSMihP43MBDJQfpuASnPM4O2fmS9tghdxdWBHB3AWpIzxeJsNVpZ8tjhm7t6McuCmnweQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h3N3kVpa98JmPCefCVvxZVemwtOrqky9deYnimYwFx4=; b=W04WtnhUoGqRawsLGR/ppomxu4ucCqdfj4lXyGAXewTHM1zQfjglM73asVjJ4qW2aodet9U+euVAf+DgvZTEovehGIM+xE0zIrFz1HEV0KRj9aboFyXkTesiaznrAWKDVkCQ67ScwG1xiHE2ePb2WxjtKov9M5U8eBxmoRAe8yo=
Received: from AM0PR07MB5716.eurprd07.prod.outlook.com (20.178.115.216) by AM0PR07MB6148.eurprd07.prod.outlook.com (20.178.115.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Fri, 18 Oct 2019 12:13:42 +0000
Received: from AM0PR07MB5716.eurprd07.prod.outlook.com ([fe80::fc43:ed41:fb5:b5e3]) by AM0PR07MB5716.eurprd07.prod.outlook.com ([fe80::fc43:ed41:fb5:b5e3%3]) with mapi id 15.20.2347.021; Fri, 18 Oct 2019 12:13:42 +0000
From: tom petch <daedulus@btconnect.com>
To: Alissa Cooper <alissa@cooperw.in>, Dan Romascanu <dromasca@gmail.com>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org" <draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Gen-art] Genart telechat review of draft-ietf-anima-bootstrapping-keyinfra-28
Thread-Index: AQHVgzylZL/55Dso/kSfI5QixLQChA==
Date: Fri, 18 Oct 2019 12:13:42 +0000
Message-ID: <048901d585ad$25f8dac0$4001a8c0@gateway.2wire.net>
References: <157095596011.20750.2703747454081790983@ietfa.amsl.com> <00f001d5833c$52aacf60$4001a8c0@gateway.2wire.net> <6CF1EF8F-EE0D-4BE6-B2C2-4C91883A881B@cooperw.in>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0455.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:e::35) To AM0PR07MB5716.eurprd07.prod.outlook.com (2603:10a6:208:11e::24)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Microsoft Outlook Express 6.00.2800.1106
x-originating-ip: [86.139.211.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 83da6717-0faf-40fb-0583-08d753c49de4
x-ms-traffictypediagnostic: AM0PR07MB6148:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <AM0PR07MB6148556D06C3CF9C6691F6D8C66C0@AM0PR07MB6148.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3276;
x-forefront-prvs: 01949FE337
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(136003)(39860400002)(376002)(396003)(366004)(13464003)(189003)(199004)(50226002)(5660300002)(61296003)(71190400001)(186003)(26005)(52116002)(6116002)(71200400001)(81166006)(81156014)(3846002)(446003)(476003)(14496001)(486006)(966005)(478600001)(54906003)(110136005)(8676002)(8936002)(4720700003)(14454004)(316002)(44736005)(6486002)(99286004)(6436002)(229853002)(2906002)(1556002)(305945005)(256004)(66066001)(14444005)(7736002)(386003)(53546011)(25786009)(102836004)(6506007)(81686011)(81816011)(76176011)(4001150100001)(62236002)(44716002)(86362001)(66946007)(66476007)(66556008)(64756008)(66446008)(4326008)(6246003)(9686003)(6512007)(6306002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB6148; H:AM0PR07MB5716.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: j4GdWIjzPGRnwtLX9xCUjsb+i849HSdWVRGlGjU8HgjlLXh5iMNY3ew+WtNWKAS54/Gqbq/8KpPMEPWPVJpmrvqnEu3tZg1LaACtjp+qbWA4aBf2FH38sxvFq7I7wK0U5nw7RtYqj/MSbV6usnn4rK21+P6hcEIUPEQ3rbc1AP2k+aq1lG8btB70Bnx7WlkJOlr5GyggMTM7FNu+gFyU3tX5Xc1HKyMDSm7QnC9dIGu06aSd5FZbWBr7jfysDlsXq/2v0pS7deTt3ieFNVf1CAUqAEWZZUFvgZfOVaxQSN0GOmR2TPOvvaYrxUdCtUL42VFVLlaXLwaHYFwTAIBiow6R2tcAgP20H9BraUEKX2yb4tCI271bW+YyPE4+3dKayleVAg3WRgiAPQO/SYxBS3aZFm5n3jm4EeRsR4ZapbIydAc1wr6LuR8THXGRjaKkj499w7Fuf9cuFCYTRCrswQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <7257EB86BF131C4D9125A6043516421A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 83da6717-0faf-40fb-0583-08d753c49de4
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2019 12:13:42.5735 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vu0snAt/i22mqRRr9emXqrGBs6oBB+B9z5IExzmGVmv8ZS6BqtEw5GqMgfeJNVamiLHVe3WPgzWXBSVIArblLw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6148
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/lF_aNThDpxCNE_a_dipZN_ahoSw>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-anima-bootstrapping-keyinfra-28
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2019 12:13:49 -0000
Looking some more at this I-D, I have more concerns about the YANG module. My review is informal - I recommend that the WG Chair request a formal review because I may be missing something particularly in connection with the 'refine' statements. The I-D has namespace "urn:ietf:params:xml:ns:yang:ietf-voucher-request"; prefix "vch"; whereas RFC8366, which it augments, has namespace "urn:ietf:params:xml:ns:yang:ietf-voucher"; prefix vch; Different module, same prefix; this contradicts a SHOULD NOT in RFC8407. Further, this I-D defines import ietf-voucher { prefix v; i.e. does not use the prefix defined in RFC8366. This contradicts a MUST in RFC8407. There is a discrepancy between the e-mail addresses of the authors of the YANG module and of the I-D, for Author: Kent Watsen Author: Toerless Eckert I note that the e-mail addresses for the YANG module are the same as those for the YANG module in RFC8366; I do not know which are correct. contact "WG Web: <http://tools.ietf.org/wg/anima/> should be https: and usually points to datatracker.ietf.org not tools Tom Petch ----- Original Message ----- From: "Alissa Cooper" <alissa@cooperw.in> To: "tom petch" <daedulus@btconnect.com>; "Dan Romascanu" <dromasca@gmail.com> Cc: <gen-art@ietf.org>; <draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org>; <ietf@ietf.org>; <anima@ietf.org> Sent: Wednesday, October 16, 2019 3:57 PM Dan, thanks for your review. Tom, thanks for your response. I entered a DISCUSS ballot to make sure the issues with the YANG modules get fixed. I also noted the need for a response to the full Gen-ART review. Alissa > On Oct 15, 2019, at 5:40 AM, tom petch <daedulus@btconnect.com> wrote: > > Dan > > I had a quick look at the YANG and it does indeed need some work IMHO. > I have posted a separate e-mail listing what I saw. > > Tom Petch > > > ----- Original Message ----- > From: "Dan Romascanu via Datatracker" <noreply@ietf.org> > Sent: Sunday, October 13, 2019 9:39 AM > >> Reviewer: Dan Romascanu >> Review result: Ready with Issues >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please wait for direction from your >> document shepherd or AD before posting a new version of the draft. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-anima-bootstrapping-keyinfra-?? >> Reviewer: Dan Romascanu >> Review Date: 2019-10-13 >> IETF LC End Date: None >> IESG Telechat date: 2019-10-17 >> >> Summary: Ready with Issues >> >> This document specifies automated bootstrapping of an Autonomic > Control Plane >> by creating a Remote Secure Key Infrastructure (acronym BRSKI) using >> manufacturer installed X.509 certificates, in combination with a > manufacturer's >> authorizing service, both online and offline. >> >> Christian Huitema and Jari Arkko have performed early reviews of > previous >> versions of the document for SecDir and Gen-ART. As far as I can tell, > most if >> not all of their major concerns concerning applicability and security > have been >> addressed in the latest versions. A few more minor issues described > below would >> better be clarified before approval. >> >> I also observe that the document has consistent Operational > implications but >> there is no OPS-DIR review so far, as well as a YANG module and > several other >> references to YANG, but there is no YANG Doctors review. I hope that > these will >> be available prior to the IESG review. >> >> Major issues: >> >> Minor issues: >> >> 1. The Pledge definition in section 1.2: >> >>> Pledge: The prospective device, which has an identity installed at >> the factory. >> >> while in the Introduction: >> >>> ... new (unconfigured) devices that are called pledges in this >> document. >> >> These two definitions seem different. The definition in 1.2 does not > include >> the fact that the device is 'new (unconfigured'. Also, arguably > 'identity >> installed at the factory' may be considered a form of configuration. >> >> 2. The document lacks an Operational Considerations section, which I > believe is >> needed, taking into consideration the length and complexity of the > document. >> There are many operational issues spread across the document > concerning the >> type and resources of devices, speed of the bootstrapping process, > migration >> pass, impact on network operation. I suggest to consider adding such a > section >> pointing to the place where these issues are discussed and adding the > necessary >> information if missing. Appendix A.1 in RFC 5706 can be used as a > checklist of >> the issues to be discussed in such a section. >> >> 3. Section 5.4: >> >>> Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is >> REQUIRED. >> >> What is the reason for using 'encouraged'? Why not RECOMMENDED? >> >> Nits/editorial comments: >> >> 1. The Abstract includes: >> >> 'To do this a Remote Secure Key Infrastructure (BRSKI) is created' >> >> Later in the document BRSKI is idefined as a protocol. It would be > good to >> clarify if BRSKI = BRSKI protocol >> >> 2. In Section 1 - Introduction, 3rd paragraph: >> >> s/it's default modes/its default modes/ >> s/it's strongest modes/its strongest modes/ >> >> 3. Please expand non-obvious acronyms at first occurrence: EST > protocol, LLNs, >> REST interface, LDAP, GRASP, CDDL, CSR >> >> 4. I would suggest alphabetic order listing of the terms in section > 1.2 >> >> 5. Section 1.3.1 - a reference for LDevID would be useful >> >> 6. Section 7: >> >> s/Use of the suggested mechanism/Use of the suggested mechanisms/ >> >> > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Genart telechat review of draft-ietf-an… Dan Romascanu via Datatracker
- Re: [Gen-art] Genart telechat review of draft-iet… tom petch
- Re: [Gen-art] Genart telechat review of draft-iet… Alissa Cooper
- Re: [Gen-art] Genart telechat review of draft-iet… tom petch
- Re: [Gen-art] Genart telechat review of draft-iet… tom petch
- Re: [Gen-art] Genart telechat review of draft-iet… Michael Richardson
- Re: [Gen-art] [Anima] Genart telechat review of d… Michael Richardson
- Re: [Gen-art] Genart telechat review of draft-iet… tom petch
- Re: [Gen-art] [Last-Call] Genart telechat review … tom petch