IETF Logo Mail Archive

Re: [Mud] [Iot-onboarding] updates to diagram

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 24 July 2019 20:34 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B9F120623; Wed, 24 Jul 2019 13:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLt_TsDL94IB; Wed, 24 Jul 2019 13:34:45 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 914361206BF; Wed, 24 Jul 2019 13:34:38 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:370:128:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id CD1C11F44B; Wed, 24 Jul 2019 20:34:35 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 27EF7138B; Wed, 24 Jul 2019 16:34:58 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Kent Watsen <kent+ietf@watsen.net>
cc: iot-onboarding@ietf.org, mud@ietf.org, Carsten Bormann <cabo@tzi.org>
In-reply-to: <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com>
References: <9805.1563803155@dooku.sandelman.ca> <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com>
Comments: In-reply-to Kent Watsen <kent+ietf@watsen.net> message dated "Wed, 24 Jul 2019 16:39:16 -0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 24 Jul 2019 16:34:58 -0400
Message-ID: <28771.1564000498@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/Fp7TrITy1RCYAetk2_JSUB7ntu0>
Subject: Re: [Mud] [Iot-onboarding] updates to diagram
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 20:34:49 -0000

Kent Watsen <kent+ietf@watsen.net> wrote:
    > The diagram has the label "NETCONF", but this is confusing...while
    > produced by the NETCONF WG, the solution itself does not depend on the
    > NETCONF 
    > protocol (though it MAY bootstrap a secure NETCONF session) From a protocol
    > perspective, it might be more appropriate to have HTTP, or REST, or even
    > RESTCONF. That said, I think the label "SZTP" is best, as that is the
    > acronyms used in the RFC.

For lack of a better term, I'll change "NETCONF" to "SZTP (netconf)"

    > I'm unsure about what is implied by the label MASA. If just the acronym as
    > defined in the voucher draft, then there should be an arrow pointing to
    > the SZTP box as well. However, if it implies a functional component
    > (protocol API), then there should be another box called "OVIS"
    > (ownership voucher 
    > issuance service) that points to the SZTP box.

My intention of the MASA box is that it involves itself in the middle
three items, but not the left-most "ultra-contrained bootstrap"

I have added an equivalent box and marked it "OVIS"

    > Lastly, the bottom row appears to capture statefulness of the
    > connection to MASA.

No, it's not connection to the MASA, the MASA box is just at the bottom
in order to not overlap.   The statefulness is intended to be the
transport that is under the boxes above.
That is, BRSKI is:

     JSON-voucher -over-
     CMS          -over-
     TCP          -over-
     circuit-level

while 6tisch-zero-touch is:
      CBOR              -over-
      COSE              -over-
      EDHOC/LAKE        -over-
      OSCORE            -over-
      stateless CoAP proxy

    > FWIW, the SZTP solution doesn't necessitate a MASA
    > at the time of the 
    > bootstrapping event. To be clearer, the pledge MAY send a nonce to a local
    > SZTP server, which MAY in turn use that nonce to retrieve an ephemeral
    > voucher from a MASA/OVIS system.

Agreed... I'm in general assuming that it could be USB/sneaker-net.
I don't know how to represent this well.


-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email