Re: [Iot-onboarding] some straw-man charter text for an IoT Operational Security WG

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 04 September 2019 15:12 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE19120132; Wed, 4 Sep 2019 08:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OfezaM5nSTbE; Wed, 4 Sep 2019 08:12:12 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55FF012011D; Wed, 4 Sep 2019 08:12:11 -0700 (PDT)
Received: from dooku.sandelman.ca (85-76-97-167-nat.elisa-mobile.fi [85.76.97.167]) by relay.sandelman.ca (Postfix) with ESMTPS id 9A0271F45A; Wed, 4 Sep 2019 15:12:09 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id B539E2BFB; Wed, 4 Sep 2019 11:12:12 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Kent Watsen <kent+ietf@watsen.net>
cc: mud@ietf.org, iot-onboarding@ietf.org
In-reply-to: <0100016cfc877287-c2198aee-ffe6-4c28-94a1-cb141b92741f-000000@email.amazonses.com>
References: <19176.1567583108@dooku.sandelman.ca> <0100016cfc877287-c2198aee-ffe6-4c28-94a1-cb141b92741f-000000@email.amazonses.com>
Comments: In-reply-to Kent Watsen <kent+ietf@watsen.net> message dated "Wed, 04 Sep 2019 13:47:10 -0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 04 Sep 2019 18:12:12 +0300
Message-ID: <30978.1567609932@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/rDQ_XR6O35Ly2IeBqWH4J0meT5o>
Subject: Re: [Iot-onboarding] some straw-man charter text for an IoT Operational Security WG
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 15:12:16 -0000

Kent: I am feeling a bit of "my protocol vs your protocol" in your reply.
      It is not my intention to do that.  I think that we did an awesome
      job getting to the commonalities with 8366.  I'm not sure that this
      is as visible to others.

Kent Watsen <kent+ietf@watsen.net>; wrote:
    > I'm still not 100% sure if this working group is needed but, if such a
    > working group is to be formed, I object to it being BRSKI-oriented, as
    > already there is ANIMA for that.

Yes, but is that really appropriate?  Are the right people there in ANIMA,
and is it actually disruptive to the ANIMA effort beyond onboarding?
In particular the constrained document is not getting enough attention.

    > I appreciate that the first paragraph
    > enumerates a number of efforts (BTW, it should be just "SZTP", without
    > the NETCONF qualifier),

Sure.  I put it there so that people could find it.

    > and later the text says that it's "not limited
    > to just that protocol" (being BRSKI), but the general tone, and
    > specifically the Milestones, are very BRSKI-specific.

I would very much like to have more, but I don't know what the next steps for
SZTP are.

    > To be clear, if
    > such a working group were formed, I would like to submit a document
    > entitled something like "SZTP for IoT and other Constrained
    > Devices".
    > In this document I could show how SZTP could be extended to
    > use DTLS, CBOR, and CoAP and further, that it achieves bootstrap state
    > with fewer message exchanges and greater flexibility, not to mention
    > that it already supports the offline/cloudless use-case and a
    > peusdo-NOOB approach (already implemented by Juniper).
    
I actually rather believe that SZTP is probably a better starting point for a
cloudless solution.
If SZTP can do a better job for constrained environments, it is *precisely*
this kind of stuff that I'd like to have in this group.

I'm okay with the WG producing 3 or 4 mechanisms, (and then, of course, an
n+1th in four years to converge them, applying
https://www.explainxkcd.com/wiki/index.php/927:_Standards)
Some have attributed this method to Scott Bradner, imaging a meadow of
many wild flowers.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [