IETF Logo Mail Archive

Re: [lmap] AD evaluation: draft-ietf-lmap-information-model-16

Alissa Cooper <alissa@cooperw.in> Wed, 25 January 2017 15:57 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EABE41299A8 for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 07:57:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=2YunXeiM; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=lQkTteLr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cg8EJwDu2iYm for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 07:57:21 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B9B91299A7 for <lmap@ietf.org>; Wed, 25 Jan 2017 07:57:21 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 9829C20799; Wed, 25 Jan 2017 10:57:20 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 25 Jan 2017 10:57:20 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=aK3NzK22SUXT05S /dayMVUQ5L4M=; b=2YunXeiMLLI5KNcs+KVx4HL+t4bhtvitzj3yRjovYxRnUD4 g3OFJic9W7nl+NiZTS6JP/+EUb8zhAoLJaM9FdFNsY+xXPJmlMyaUBtcy5bG8zjQ HvWJ4Z/5dnyXvzH8V2+UXUsAsx+VddXzF8Fgyl+2XNT447HOmq4uAM1ZMi30=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=aK3NzK22SUXT05S/dayMVUQ5L4M=; b=lQkTteLrwZPTDdwewyU0 4ErmsfQABbuf7Jnqzfy7WKwvqcpKXs8Nx4IPTbYpw1I/22i74CT0Ev8ROQdbie4X cnoxla8C01N97foivE49UuLbPWYHqn4LWPTYXWdXq6z81GMIOlGl5SB9/p2M/7H2 Y3B8vnKIlE/PKcF9JSbrpgw=
X-ME-Sender: <xms:4MqIWPif3Wd41-2N1Fx-qzW9j6oseUGOn8QpVzLAHiIo539AMI0jaw>
X-Sasl-enc: Igii0mObjMCgGJis6opYcUjvbmUkCd60qsDo4BG5LJig 1485359840
Received: from dhcp-10-150-9-181.cisco.com (unknown [173.38.117.80]) by mail.messagingengine.com (Postfix) with ESMTPA id 431127E34F; Wed, 25 Jan 2017 10:57:20 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <20170125091835.GB40411@elstar.jacobs.jacobs-university.de>
Date: Wed, 25 Jan 2017 10:57:19 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <BC04FF1E-8F78-4D75-B3AF-9085A63DDC56@cooperw.in>
References: <2CB94EA6-A5F9-4770-9E76-0C7E8676E9CF@cooperw.in> <22680E7F-38D2-46FE-8549-CBB783ECAF32@cooperw.in> <20170124202801.GB38068@elstar.local> <248d21f7ec4546b0af1fe98e604a4c8e@rew09926dag03c.domain1.systemhost.net> <20170125091835.GB40411@elstar.jacobs.jacobs-university.de>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lmap/TizM5AGBv54YMvHjUgoI0rPzCxc>
Cc: trevor.burbridge@bt.com, philip.eardley@bt.com, lmap@ietf.org
Subject: Re: [lmap] AD evaluation: draft-ietf-lmap-information-model-16
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2017 15:57:23 -0000

Juergen,

> On Jan 25, 2017, at 4:18 AM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> 
> Trevor,
> 
> this is also the explanation I came up with but the document does not
> really explain this. Alissa, would this resolve your comment if I try
> to add text that tries to explain this distinction? Would it help to
> add examples?

Explanation and examples would help, especially if some clear delineation about what belongs in each credential set can be given, albeit while remaining generic. But the bigger question is ...

> 
> - SSH host keys are I think examples of MA credentials while SSH user
>  authentication keys and authorization lists are channel
>  credentials.
> 
> - X.509 certificates defining trust to X.509 root authorities are
>  examples of MA credentials. while X.509 client ceritifcates for TLS
>  communication are channel credentials.

… can you explain why you want the controller to be able to change each of these on the MA, from how they were pre-configured?

Thanks,
Alissa

> 
> (Lets see whether I got this right. ;-)
> 
> /js
> 
> On Wed, Jan 25, 2017 at 09:02:11AM +0000, trevor.burbridge@bt.com wrote:
>> Initially the MA credentials were the private credentials of the MA and the channel credentials were the public credentials for each channel end-point.
>> 
>> Trevor.
>> 
>> -----Original Message-----
>> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
>> Sent: 24 January 2017 20:28
>> To: Burbridge,T,Trevor,TUB8 R <trevor.burbridge@bt.com>; Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>
>> Cc: lmap@ietf.org; Alissa Cooper <alissa@cooperw.in>
>> Subject: Re: [lmap] AD evaluation: draft-ietf-lmap-information-model-16
>> 
>> Trevor and Phil,
>> 
>> do you recall the reason why we have channel credentials and MA global credentials? How are the MA global credentials supposed to be used?
>> 
>> /js
>> 
>> On Tue, Jan 24, 2017 at 11:03:11AM -0500, Alissa Cooper wrote:
>>> 
>>>> On Jan 23, 2017, at 2:22 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>>>> 
>>>> (2) Are ma-preconfig-credentials and ma-config-credentials meant to be credentials only for the MA to be authenticated by a Controller or Collector? I assume that the credentials that allow the MA to authenticate other endpoints, and to protect communications to those endpoints, are stored in ma-channel-credentials, but it would help to clarify which set of credentials each of these fields is referring to.
>>> 
>>> Just to reinforce this, now that I’m doing a review of draft-ietf-lmap-yang: it seems that the model in draft-ietf-netconf-netconf-client-server defines both the client and server credentials. So if that is supposed to fulfill the channel credentials in the information model, what happens if the ma-config-credentials for the MA are different than the ones in the ma-channel-obj for the MA? Which ones is the MA supposed to use?
>>> 
>>> Thanks,
>>> Alissa
>>> _______________________________________________
>>> lmap mailing list
>>> lmap@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lmap
>> 
>> -- 
>> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
>> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>> _______________________________________________
>> lmap mailing list
>> lmap@ietf.org
>> https://www.ietf.org/mailman/listinfo/lmap
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email