Re: [Last-Call] Opsdir telechat review of draft-ietf-acme-dtnnodeid-10
Deb Cooley <debcooley1@gmail.com> Fri, 21 October 2022 19:33 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2216C159487; Fri, 21 Oct 2022 12:33:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.854
X-Spam-Level:
X-Spam-Status: No, score=-6.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gEG73QLHOsLO; Fri, 21 Oct 2022 12:33:37 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4838FC157B4C; Fri, 21 Oct 2022 12:33:37 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id e18so9647903edj.3; Fri, 21 Oct 2022 12:33:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Fx7X2l27CTDiSlledAF+AW/bEGqnb3RC4siv7dhpscE=; b=oNIIw4Sf7g0JmnUgANCQWtqiZSKiXLJuxAvXHxm457S2ZKdG/HIU6vJxOcqzyJT2fB ilFP5NXSkUYk0Uc+o39YZ1Ny9+HLciF6XgXi42aJ2RRKm5x1rsyGqN9aiY03sLavQ7Nj smwAlF5iSD8aIQJkSAHhPWvQxyuM4kRNfWkW2pAumJarNDRYGJRBRNktZbMKfcs4MotJ VdQL3iYpmvOV8IrnojRSbVzed16VEkDkDNdYzQd5yZ9lH910KtGRQJNIvAe46zByDUSX px5ULfW6lQPBvTFOYIVVuVhcL9IycW0IZoyZt+mQC0gBxR+DSZZB8/KfC33LaJNPze/q EuOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Fx7X2l27CTDiSlledAF+AW/bEGqnb3RC4siv7dhpscE=; b=wF8H1419ULRvJujT3hlZVwnNFUldAZ2Cm6WbWy6SMlxSNZcVAdGzaJ9w9k6PfZ8eIb stAnOe4gxwxv0TKYxUV0q84JiDnHOjuSgN+ClgpS1mxoM+CuVbUH6JuF55uZ21TCXcR5 4fNUC8SKe8aOuppR59WU0wbXEfddD44piufWSArwQz89w6VjZAYWmiQuZb1vVPH32LH1 RzGyIaPTwjex2j2ijuV2EGlC0IEW2/imzrzBGLeUoMGU1x0DrpWz0aNOAQzLCaZ1eh7w WGLn+oiAowivm9mq/wDwM/Nw4CFPk1QQ+K9KUNooH3gWPbFfQ9WVVhEiKDMyyzQA8Wfr 4bkw==
X-Gm-Message-State: ACrzQf2FDmMt+hbOUsCqVaC4J3PyUnjmIpaM6AKUtcJoc/e9Lf0wUZHy k/I4hHnp9YF/lFzjqc+mF/mZ9D9uQwPNMxB8HA==
X-Google-Smtp-Source: AMsMyM4v0e8x4jipz+USgaz3pUaSUGvJACTxKiGr33wJQeTBY0qh4U1TcTezDiFlgqiop1zZkVRkARjZegKtF6UhpAY=
X-Received: by 2002:a17:906:9b93:b0:78d:eb36:1ce7 with SMTP id dd19-20020a1709069b9300b0078deb361ce7mr16998163ejc.621.1666380815650; Fri, 21 Oct 2022 12:33:35 -0700 (PDT)
MIME-Version: 1.0
References: <166630648814.52985.10284820365346811952@ietfa.amsl.com> <BN2P110MB11076DDD8A34680DE318379EDC2A9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <855DAAAE-A1BF-4577-922D-BC0F671CD0E8@futurewei.com> <DE4B11FF-1E07-44FA-9D9E-7EAE51BC393F@futurewei.com> <BN2P110MB1107FE073820EFCEE803710ADC2D9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <560A8DBD-4CA4-4E49-BFA9-7452E4E1FE4F@futurewei.com> <BN2P110MB1107102AF46BE43B6F3828C0DC2D9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CFE4A64B-2F75-4187-A019-8AA476094587@futurewei.com>
In-Reply-To: <CFE4A64B-2F75-4187-A019-8AA476094587@futurewei.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Fri, 21 Oct 2022 15:33:23 -0400
Message-ID: <CAGgd1OcFMyctz5T+sYj==6d6nfb5uz=jEfCfHo9LH-r=39sBhA@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: Roman Danyliw <rdd@cert.org>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "acme@ietf.org" <acme@ietf.org>, "draft-ietf-acme-dtnnodeid.all@ietf.org" <draft-ietf-acme-dtnnodeid.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000093d36e05eb90841b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/0pHjszP9_5cWX7NN7NZyE_g_67w>
Subject: Re: [Last-Call] Opsdir telechat review of draft-ietf-acme-dtnnodeid-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 19:33:41 -0000
Linda, I'm now very confused. The original topic was comments on a DTN acme draft. How did we get to discussing Virtual Network IDs of SD-WAN edge devices? Do you want to get X.509 certificates for these devices? Or do you have something else in mind to validate these devices? Deb Cooley On Fri, Oct 21, 2022 at 2:02 PM Linda Dunbar <linda.dunbar@futurewei.com> wrote: > Roman, > > Thanks. > I don't see how DTN wg is relevant, as the SD-WAN is NOT Delay Tolerant > Network. More relevance is on the "certificate issuance mechanism" to > validate if the IDs advertised by a remote node are legitime. > > Does ACME Wg work on "Certificate issuance mechanism" for remote node > IDs? > > Linda > On 10/21/22, 12:53 PM, "Roman Danyliw" <rdd@cert.org> wrote: > > IMO, the simplest thing would be to pose this question on the DTN WG > mailing list. This very specific work is being done in the ACME WG because > it has the expertise on the certificate issuance mechanism, but I see you > applicability to SD-WAN as more general. > > Roman > > > -----Original Message----- > > From: Linda Dunbar <linda.dunbar@futurewei.com> > > Sent: Friday, October 21, 2022 1:48 PM > > To: Roman Danyliw <rdd@cert.org>; ops-dir@ietf.org > > Cc: acme@ietf.org; draft-ietf-acme-dtnnodeid.all@ietf.org; > last-call@ietf.org > > Subject: Re: Opsdir telechat review of draft-ietf-acme-dtnnodeid-10 > > > > Roman, > > > > Can you give me a few names with who I can chat to find out more? > > > > Thank you > > > > Linda > > > > On 10/21/22, 12:38 PM, "Roman Danyliw" <rdd@cert.org> wrote: > > > > Hi Linda! > > > > As I understand the scenario below, it would align to the work > in this > > document only to the degree that the SD-WAN network would be an > underlay > > to the DTN Bundle Protocol (via some as of yet undefined convergence > layer) > > and the Virtual Network IDs would have an easy mapping to the > DTN-specific > > addressing mechanism (Endpoint IDs per Section 4.2.5 of RFC9171). > I'll let the > > DTN experts correct me or provide more insight on the alignment. > > > > As an aside, there is a critical IANA issue with this document > and it is being > > pulled from the planned telechat docket. > > > > Roman > > > > > -----Original Message----- > > > From: Linda Dunbar <linda.dunbar@futurewei.com> > > > Sent: Friday, October 21, 2022 12:46 PM > > > To: Roman Danyliw <rdd@cert.org>; ops-dir@ietf.org > > > Cc: acme@ietf.org; draft-ietf-acme-dtnnodeid.all@ietf.org; > last- > > call@ietf.org > > > Subject: Re: Opsdir telechat review of > draft-ietf-acme-dtnnodeid-10 > > > > > > Roman, > > > > > > Can the mechanism specified in the draft be used to validate > the Virtual > > > Network IDs of SD-WAN edge devices? > > > For example, an SDWAN edge deployed in a remote site, say a > shopping > > mall, > > > might advertise the routes and client VPN IDs to the BGP > Route-Reflector > > (RR). > > > The RR needs to validate the Client's IDs are legitimate. Can > the mechanism > > > specified in the draft do the job? > > > > > > Thanks, Linda > > > > > > > > > On 10/20/22, 10:36 PM, "Linda Dunbar" < > linda.dunbar@futurewei.com> > > > wrote: > > > > > > Roman, > > > > > > With you bringing back the explanation, all makes sense to > me now. > > Wish > > > your explanation is incorporated into the document. > > > Thanks, Linda > > > > > > On 10/20/22, 6:53 PM, "Roman Danyliw" <rdd@cert.org> > wrote: > > > > > > Thanks for the re-review Linda. > > > > > > ACME WG: here is the thread from the IETF LC where > proposed > > changes > > > were discussed: > > > > > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarc > > > hive.ietf.org%2Farch%2Fmsg%2Flast- > > > > > call%2FnujBgHd6ZKHY6fG58ZWBKzFGVWs%2F&data=05%7C01%7Clinda. > > > > > dunbar%40futurewei.com%7C3d47157879904a302e3008dab2f65009%7C0fee > > > > > 8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638019068235813966%7CUn > > > > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > > > > > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t83ICajIF%2FEIKz > > > ibHtGs0T9FFSQpSFmBxKdxxgGHkPY%3D&reserved=0 > > > > > > > -----Original Message----- > > > > From: Linda Dunbar via Datatracker <noreply@ietf.org > > > > > > Sent: Thursday, October 20, 2022 6:55 PM > > > > To: ops-dir@ietf.org > > > > Cc: acme@ietf.org; > draft-ietf-acme-dtnnodeid.all@ietf.org; last- > > > call@ietf.org > > > > Subject: Opsdir telechat review of > draft-ietf-acme-dtnnodeid-10 > > > > > > > > Reviewer: Linda Dunbar > > > > Review result: Has Issues > > > > > > > > I have reviewed this document as part of the Ops > area directorate's > > > ongoing > > > > effort to review all IETF documents being processed > by the IESG. > > These > > > > comments were written primarily for the benefit of > the Ops area > > > directors. > > > > Document editors and WG chairs should treat these > comments just > > like > > > any > > > > other last call comments. > > > > > > > > This document specifies an extension to ACME > protocol which allows > > an > > > ACME > > > > server to validate the Delay-Tolerant Networking > Node ID for an > > ACME > > > client. > > > > > > > > I had the following comments for the -07 version. I > don't think the > > latest > > > > version (-10) resolved my comments. > > > > > > > > Issues: > > > > > > > > The document didn't describe how the Node ID > described in this > > > document is > > > > related to the Delay Tolerant Network. I see the > mechanism can be > > > equally > > > > used in any network. What are the specifics related > to the "Delay > > > Tolerant > > > > Network"? > > > > It would be helpful if the document adds a paragraph > explaining the > > > specific > > > > characteristics of the Delay-Tolerant Network that > require the > > additional > > > > parameters/types used for validating the Node-ID for > an ACME > > client. > > > > > > > > Thank you, > > > > > > > > Linda Dunbar > > > > > > > > > > > > > > >
- [Last-Call] Opsdir telechat review of draft-ietf-… Linda Dunbar via Datatracker
- Re: [Last-Call] Opsdir telechat review of draft-i… Roman Danyliw
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar
- Re: [Last-Call] Opsdir telechat review of draft-i… Roman Danyliw
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar
- Re: [Last-Call] Opsdir telechat review of draft-i… Roman Danyliw
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar
- Re: [Last-Call] Opsdir telechat review of draft-i… Deb Cooley
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar
- Re: [Last-Call] Opsdir telechat review of draft-i… Brian Sipos
- Re: [Last-Call] Opsdir telechat review of draft-i… Linda Dunbar