Re: [Last-Call] [Anima] Opsdir last call review of draft-ietf-anima-constrained-join-proxy-09
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 05 April 2022 21:03 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 1233B3A11A9;
Tue, 5 Apr 2022 14:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FhUgnKg5m58m; Tue, 5 Apr 2022 14:03:19 -0700 (PDT)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com
[IPv6:2607:f8b0:4864:20::631])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 73F743A11A5;
Tue, 5 Apr 2022 14:03:19 -0700 (PDT)
Received: by mail-pl1-x631.google.com with SMTP id o10so192681ple.7;
Tue, 05 Apr 2022 14:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=subject:to:references:from:cc:message-id:date:user-agent
:mime-version:in-reply-to:content-language:content-transfer-encoding;
bh=FRFuo8UaeCq/h3uUsb6FnyY9F/T6GwOyn1+c57jLErg=;
b=dQ/seVh54W2PeE3/qSPohHQNU+FYkq2D+v0clCGGyeJ9gBk27Q5Od5YqSx5tM1VTE2
qMQN6YPGXrm23sRbZRTWAtS88APKypaZIFPMVDQniN6o2J4YYyKMPeu0PPdmDknfvHIt
fhez/MXClDcRseAOGcJ3QOh4l0TFyojPgLzQ+Dw7k6MHrsZZ/yLWrQyvGZ726v7lnd/i
XdnqWYFf0DldlkYs8y1EcIIStCza/xBH4MofHU/yYrxd9DCAVk5UPjlb6VaOhnVVOSGK
hS0cZ/Mr3XvsUdV3X1UupBBnuuxQZBpF1D5+uNDyV5OtSORh6b/IlbqqgDrwF7KTvy7X
mqfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:subject:to:references:from:cc:message-id:date
:user-agent:mime-version:in-reply-to:content-language
:content-transfer-encoding;
bh=FRFuo8UaeCq/h3uUsb6FnyY9F/T6GwOyn1+c57jLErg=;
b=mGglV2RNRKh+JypVhwYfW5I/HJaHjmcAnWfdF3qQbPS4yv7++zpEpUv6cLsg+Shxhc
ch5X/uTXu0ft4eP2Z72/LY/T+/Z1TYWsvAmKou7kJgQ8vb1QETouOV2n1hCxY8dWDSC3
smzEqKUhC1SMxXW3Nx9AXgNn1lVgzUT0bgqvokZmq+kuZRVAj9DlYVXho/oHTPbcad9k
Agmtt+YlnGwrXPxGsZmxWKF5fsT7vXIvaQnbiLPsMoRGIpet6Hp5oiSGNGTk//c/slh4
ErMvkGOMaqMonmNLmdbQbz/MwEQdBM6v3BCJhQioe/obqpx4llHBNi0uhZSanQ475/MR
qO0Q==
X-Gm-Message-State: AOAM530urrccmnTy4b9p6HdwkUnZmOVepdoK86fEEPjjpE33f/AhKJyc
VJpx5RD8l9jyzSko+T7qGp7+bTcZciNDRA==
X-Google-Smtp-Source: ABdhPJwkb/MTonktZKfoCynle5f4eWE4q8bXWPcNpqVzwd+CndebfFEY37vk6QgjC7HFORyGQXTc5A==
X-Received: by 2002:a17:90b:352:b0:1c6:77e:a4f7 with SMTP id
fh18-20020a17090b035200b001c6077ea4f7mr6111227pjb.77.1649192597858;
Tue, 05 Apr 2022 14:03:17 -0700 (PDT)
Received: from ?IPv6:2406:e003:1005:b501:80b2:5c79:2266:e431?
([2406:e003:1005:b501:80b2:5c79:2266:e431])
by smtp.gmail.com with ESMTPSA id
y11-20020aa793cb000000b004fb597d85b2sm16470610pff.160.2022.04.05.14.03.15
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 05 Apr 2022 14:03:17 -0700 (PDT)
To: =?UTF-8?B?SsO8cmdlbiBTY2jDtm53w6RsZGVy?=
<j.schoenwaelder@jacobs-university.de>
References: <164883335420.24992.11762904207626092789@ietfa.amsl.com>
<dd02e4368fbd5f3e4c202db9c256f589@bbhmail.nl>
<20220405083633.bb36qofw36hv23nw@anna>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Peter van der Stok <stokcons@bbhmail.nl>, ops-dir@ietf.org,
anima@ietf.org, draft-ietf-anima-constrained-join-proxy.all@ietf.org,
last-call@ietf.org
Message-ID: <bd459d63-7265-36be-ba21-25b9c08a594a@gmail.com>
Date: Wed, 6 Apr 2022 09:03:12 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20220405083633.bb36qofw36hv23nw@anna>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/OkYsJza6tbez4TJsZaMugTtjZRc>
Subject: Re: [Last-Call] [Anima] Opsdir last call review of
draft-ietf-anima-constrained-join-proxy-09
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>,
<mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>,
<mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 21:03:22 -0000
Hi Jürgen,
On 05-Apr-22 20:36, Jürgen Schönwälder wrote:
...
>> Pvds==>
>>
>> Now I am confused. I expected you to require more text here.
>>
>> Something seems to be missing in the description of the base line scenario,
>> and I need more info to understand what the missing pieces are.
>
> I think it is rather obvious for people familiar with IPv6 that (i) if
> you don't have the Registrar's address you can't talk to it and (ii)
> if the Registrar is multiple hops away, you can't talk to it. Things
> that are less obvious are the assumptions made about how devices are
> connected. Apparently (if I understand your response) we are not
> talking about devices joining a regular wireless LAN, i.e., a shared
> link. This is where I got lost, i.e., in which scenario such a Join
> Proxy is applicable. It is not about more or less text, but text that
> helps me to figure out whether this is applicable to my networks or
> not.
This may or may not help, but our general assumption in Anima is that
when bootstrapping a network there is *nothing* in place except
IPv6 link-local addressing, i.e. there is no layer 3 forwarding
anywhere. It's only after the secure joining has happened that the
layer 3 forwarding can be put in place for traffic to and from
the newly joined node. In the general case the layer 2 topology
could be anything, so the mechanisms have to avoid any assumptions
about topology.
The join proxy itself was a pledge when first switched on, until
it discovered it had other links so it needed to behave as a join
proxy too.
(I can see some issues with that as applied in a pure mesh
network, where we'd need a mechanism to prevent every pledge
also becoming a join proxy.)
Regards
Brian
- [Last-Call] Opsdir last call review of draft-ietf… Jürgen Schönwälder via Datatracker
- Re: [Last-Call] [Anima] Opsdir last call review o… Michael Richardson
- Re: [Last-Call] [OPS-DIR] Opsdir last call review… Fred Baker
- Re: [Last-Call] [OPS-DIR] Opsdir last call review… Brian E Carpenter
- Re: [Last-Call] Opsdir last call review of draft-… Peter van der Stok
- Re: [Last-Call] Opsdir last call review of draft-… Jürgen Schönwälder
- Re: [Last-Call] Opsdir last call review of draft-… Michael Richardson
- Re: [Last-Call] [Anima] Opsdir last call review o… Brian E Carpenter
- Re: [Last-Call] [Anima] Opsdir last call review o… Peter van der Stok
- Re: [Last-Call] [Anima] Opsdir last call review o… Michael Richardson