Re: Last Call: <draft-ietf-anima-bootstrapping-keyinfra-28.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard
tom petch <daedulus@btconnect.com> Tue, 15 October 2019 09:41 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 916DE1200B3; Tue, 15 Oct 2019 02:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.246
X-Spam-Level:
X-Spam-Status: No, score=0.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UIwEneKLLc47; Tue, 15 Oct 2019 02:40:59 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150091.outbound.protection.outlook.com [40.107.15.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BDC3120071; Tue, 15 Oct 2019 02:40:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AGGgumTzzue/rMVap+C0Xv9NC1HMaQAfV5skEIWQfbBtL1pSHMVJRs4TSU91QpfqD9H8ZE40ygGZqaMoXL3bFN9AFAGpOzlNKwx5HHTHtCnnzBLjBsjGCPEyXa0OQw6c8P+gepViemdBdLYmVoyo31erqN3gWP2iD49kl6KBrr04P897ckQW5No/nuj8lvBEQKGlD3EOjEm8LdtRyB6C8PS3oN67CDXsALN9LiLHMwaKFUOzAf9T1pFNi3pVvlAUbmn7jFyogLJTq+TRfNH3F8kzapYTA3d2koj202UCRtGG/2WoTrl0D+majJ+2ytJRXvgQmRa8Toz1giqJCewgzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wXQW8r2Fego80+ajSLKVBvfcSj3qHK9k18R/qsL6SZI=; b=W4/eH63880kE33Iyz7mgtbpGZg+tPudeSiImCz6X/cRtzBJYiYq0jh2J8CwDL06aFpxt9uT3pM9X3yZU69zwu6M9e5sUxZoK8X3kTH4Nid/qQCA565dx0tHGKnWNk/rUXLqgHQp/uHEDTjmtB1zl6ZE6bXWyKMQLRmIDNoyJHwYuj5o+R1ckZmLJm1ZgoOy9fqnoj2AW/7RbURtrub9QyaGcXOVVNUAdeZ/E95Ts68dF1FwD6FKvpnkcdM0Qe5CUV5D8IV1Ikeflw33WujZoLBG76gdXPUTjq0mAUJ33cYW9fp4wgV7Bm+0BFyJTTXXKSdVmwYTZ/72MgA6EHRksAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wXQW8r2Fego80+ajSLKVBvfcSj3qHK9k18R/qsL6SZI=; b=MmLt82/qjTJsMEoJcpVAe7imaaWNqVaYPZUCO1f3ZjYB6WltTpEtA8XQ6lylYNld4DwL9o4FTJuAmeYVf4nrodJtDaUkiKnuRB86ewepZ4tbMmRnBZ0d6PoYB61Z5ii7P2uoBPqKXCCw/QcnMtowAEyG15WLiwFC3sRqcoezKEg=
Received: from AM0PR07MB5716.eurprd07.prod.outlook.com (20.178.115.216) by AM0PR07MB4756.eurprd07.prod.outlook.com (52.135.148.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.11; Tue, 15 Oct 2019 09:40:57 +0000
Received: from AM0PR07MB5716.eurprd07.prod.outlook.com ([fe80::fc43:ed41:fb5:b5e3]) by AM0PR07MB5716.eurprd07.prod.outlook.com ([fe80::fc43:ed41:fb5:b5e3%3]) with mapi id 15.20.2347.021; Tue, 15 Oct 2019 09:40:56 +0000
From: tom petch <daedulus@btconnect.com>
To: "ietf@ietf.org" <ietf@ietf.org>
CC: "ibagdona@gmail.com" <ibagdona@gmail.com>, "draft-ietf-anima-bootstrapping-keyinfra@ietf.org" <draft-ietf-anima-bootstrapping-keyinfra@ietf.org>, "anima@ietf.org" <anima@ietf.org>, "anima-chairs@ietf.org" <anima-chairs@ietf.org>
Subject: Re: Last Call: <draft-ietf-anima-bootstrapping-keyinfra-28.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard
Thread-Topic: Last Call: <draft-ietf-anima-bootstrapping-keyinfra-28.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard
Thread-Index: AQHVgzykl57Q6XfH+kOO3A4LVPhmCw==
Date: Tue, 15 Oct 2019 09:40:56 +0000
Message-ID: <00ef01d5833c$5202f6a0$4001a8c0@gateway.2wire.net>
References: <155847367546.2608.5031283783681425886.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LNXP265CA0001.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5e::13) To AM0PR07MB5716.eurprd07.prod.outlook.com (2603:10a6:208:11e::24)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Microsoft Outlook Express 6.00.2800.1106
x-originating-ip: [86.139.211.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b3a5df90-ae96-4c8e-a648-08d75153c74e
x-ms-traffictypediagnostic: AM0PR07MB4756:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <AM0PR07MB475631C92CDA5140ABAB03E3C6930@AM0PR07MB4756.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01917B1794
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(136003)(39860400002)(346002)(376002)(199004)(189003)(13464003)(6916009)(54906003)(1556002)(4720700003)(4326008)(50226002)(99286004)(486006)(44716002)(476003)(8936002)(62236002)(9686003)(6512007)(5660300002)(2501003)(66066001)(6306002)(14454004)(3846002)(6116002)(478600001)(966005)(316002)(6246003)(71200400001)(5640700003)(71190400001)(6436002)(14444005)(305945005)(86362001)(25786009)(256004)(6486002)(7736002)(14496001)(81686011)(386003)(6506007)(81816011)(76176011)(26005)(229853002)(2351001)(102836004)(66946007)(81156014)(52116002)(66476007)(66556008)(64756008)(186003)(8676002)(1730700003)(44736005)(66446008)(61296003)(81166006)(446003)(2906002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB4756; H:AM0PR07MB5716.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kSL8ZDwPTYQ9aKNHx6JpVAWMZ2wshjAEcuDdR/ltDgo9oeMpO77PQBXPvG4N0r4teWtj/fSoP0qDb6Kf6IboReHvPhJtQkQ60l9rrUkqQ/4nKCKnjRH1ORk0+MDUx5QWM4l47afgD3yicbVOht5u+DqYJ3BIDW01CWeDm0OGb3b3p2MU73yP3NdSPjQrU8o6RN8ZZ2vneR0B3tJ07cjCGQkwpoRDCnOlk3fpNUzPn9uZu7B5tWNw9IIThZ7I1RNYU/b0zuD6nnfRWHxntvjo3cD0dWZPFosL3kR2eQ7Ch15A8p+NOLcfjJbuJcA2tPo0eATTJwCG0JEpQzjdDMXBLdmInDEsMa7NMgmR54mdQ7wIVokF5V54qz6dF/4M5hrIX/rDhcbr9DPnHzEXcxpdgs3Q8qCUpAxsNL8CbdXVzJBiEyqHKHzSujckPVfk0+0+4/DActEeTR+fNgVLsWUNIQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CED5E98DCBD8624690E5C2CBE181866F@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b3a5df90-ae96-4c8e-a648-08d75153c74e
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 09:40:56.8577 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IsPApghdyiQ2altz04d9kdp1yR9Uyq7ux/A6FCq+gQ51PXRcSpcImQWWW026qwhK0OV5mK9+bqsPmYz2h8o3Pw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4756
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/RwPZwOL3Zwf9I2RcPbvgIwiaPc4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 09:41:02 -0000
Prompted by Dan's operational review I glanced at the YANG which does indeed need some work. There are two modules in the I-D, ietf-voucher-request ietf-mud-brski-masa the latter being in an appendix; I am unclear whether or not this appendix is Normative.. IANA Considerations registers a namespace for the second; it does not register either module. XXXX is used to refer to two I-D, one of which appears not to exist, the other would appear to be a published RFC. The first module references RFC8040 which is not in the references for the I-D The first module contains see [RFC8446]) which would be better as a YANG reference clause and should not contain [] The second module lacks a reference clause for its imports Security Considerations lack the required boiler plate for YANG modules The second module lacks Copyright Tom Petch ----- Original Message ----- From: "The IESG" <iesg-secretary@ietf.org> To: "IETF-Announce" <ietf-announce@ietf.org> Cc: <ibagdona@gmail.com>; <draft-ietf-anima-bootstrapping-keyinfra@ietf.org>; <anima@ietf.org>; <anima-chairs@ietf.org> Sent: Tuesday, May 21, 2019 10:21 PM > The IESG has received a request from the Autonomic Networking Integrated > Model and Approach WG (anima) to consider the following document: - > 'Bootstrapping Remote Secure Key Infrastructures (BRSKI)' > <draft-ietf-anima-bootstrapping-keyinfra-20.txt> as Proposed Standard > > This is a second Last Call. IoT Directorate review was done after the ANIMA > WG Last Call and consensus to request the publication, and that review resulted > in substantial changes to the document. > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2019-06-04. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the beginning of > the Subject line to allow automated sorting. > > Abstract > > > This document specifies automated bootstrapping of an Autonomic > Control Plane. To do this a remote secure key infrastructure (BRSKI) > is created using manufacturer installed X.509 certificate, in > combination with a manufacturer's authorizing service, both online > and offline. Bootstrapping a new device can occur using a routable > address and a cloud service, or using only link-local connectivity, > or on limited/disconnected networks. Support for lower security > models, including devices with minimal identity, is described for > legacy reasons but not encouraged. Bootstrapping is complete when > the cryptographic identity of the new key infrastructure is > successfully deployed to the device but the established secure > connection can be used to deploy a locally issued certificate to the > device as well. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra / > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra /ballot/ > > The following IPR Declarations may be related to this I-D: > > https://datatracker.ietf.org/ipr/2816/ > https://datatracker.ietf.org/ipr/3233/ > https://datatracker.ietf.org/ipr/2463/ > > > > The document contains these normative downward references. > See RFC 3967 for additional information: > rfc8368: Using an Autonomic Control Plane for Stable Connectivity of Network Operations, Administration, and Maintenance (OAM) (Informational - IETF stream) > > >