Re: [netconf] Adoption-suitability for draft-kwatsen-netconf-sztp-csr

Sean Turner <sean@sn3rd.com> Tue, 18 August 2020 03:16 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F623A16CC for <netconf@ietfa.amsl.com>; Mon, 17 Aug 2020 20:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfmqeiFJt85S for <netconf@ietfa.amsl.com>; Mon, 17 Aug 2020 20:16:30 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B27EB3A16D2 for <netconf@ietf.org>; Mon, 17 Aug 2020 20:16:30 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id x69so17071936qkb.1 for <netconf@ietf.org>; Mon, 17 Aug 2020 20:16:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=bcAYJbMtv4U2cnqxbxqnQYqU1JPfyk55nER3B6UA8SQ=; b=DwqhntpqbB5sCzL3cVjSidN3cajUC0b1rjmVDBmgQk03wh6jlORnpUKcKjVYMvUgcQ GFOMcn1YpjZRVmvamRrYAco+ydYjuQa2pouma19zLqmOSFrLqmeTsSbIexoNtrkqXTY+ 06J10tvHxmx0TPBQxLJB+aUNWRmtrflAxhgNc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=bcAYJbMtv4U2cnqxbxqnQYqU1JPfyk55nER3B6UA8SQ=; b=rYvji+yYbmPy+gbln1Cq1JxeusB/NgfLTSdKm8eN+j2FKM/8cyaU/ug6ofH2uX1XX3 rDl3z0SQ2PGxkscNCpTOW9/rjPxicoHmPPANQMaGngMLu6seOPAFnQSjLuawnKp9VInO OFkWjPK9LXFhpvIJbKwa7au81PN/B+eYBifqAtZ2Fl/vEb7GmdZ1A9J3cWkYXtBvLMSe RbB3c5BtIx2OF+Meo8MgGwXXSQZvz2JO+l9J7ui5A9aEV2bunGgnfPK0IMLTuX6ovAcP yp9KKfqqg2pWpYu13Q6RFn3BYdq4mSyuCG1nzfkMReJdnxf50QgjqesXWmfkks9cCx/J cSRQ==
X-Gm-Message-State: AOAM5318jOEqOuGLDVpsk7g42sFSo1AK1YARzFuTmM3a5YJYdlle8HNI ugowRbTRFTgmgOfEWVw5o0UPwV5jAtYbtg==
X-Google-Smtp-Source: ABdhPJyPwq0x9SixtHfESAUXOxlJe7VbxlhgwN8DZt3E22YJlrxPKo3IbD3EsthQmCxrN2B+1eoIPQ==
X-Received: by 2002:a37:6583:: with SMTP id z125mr15603958qkb.297.1597720589161; Mon, 17 Aug 2020 20:16:29 -0700 (PDT)
Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id h55sm22906359qte.16.2020.08.17.20.16.27 for <netconf@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Aug 2020 20:16:28 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Mon, 17 Aug 2020 23:16:20 -0400
References: <01000173c0b4ee99-d5627c91-eac2-4ea9-ba1b-b86e37c5293a-000000@us-east-1.amazonses.com> <01000173cabb057c-4236d605-0617-411c-a237-cd60f7545b79-000000@email.amazonses.com>
To: "netconf@ietf.org" <netconf@ietf.org>
In-Reply-To: <01000173cabb057c-4236d605-0617-411c-a237-cd60f7545b79-000000@email.amazonses.com>
Message-Id: <9F62FC91-14A9-4FDB-83F4-6DC2C0C17B6C@sn3rd.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/UvFlf3MwXL9u99qVEaf5oBLYtg8>
Subject: Re: [netconf] Adoption-suitability for draft-kwatsen-netconf-sztp-csr
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 03:16:32 -0000

> NETCONF WG,
>
> Per the previous email sent moments ago, the chairs would like to solicit input on the following draft:
>   Title: Conveying a CSR in an SZTP Bootstrapping Request
>   Link: https://tools.ietf.org/html/draft-kwatsen-netconf-sztp-csr
>   Abstract:
>
>      This draft extends the "get-bootstrapping-data" RPC defined in
>      RFC 8572 to include an optional certificate signing request (CSR),
>      enabling a bootstrapping device to additionally obtain an identity
>      certificate (e.g., an LDevID, from IEEE 802.1AR) as part of the
>      "onboarding information" response provided in the RPC-reply.
>
> In particular, please discuss adoption-suitability as it regards to the following questions:
>
>   1) is the problem important for the NETCONF WG to solve?

My reading of the charter puts this squarely in scope for the WG. Configuring an LDevID certificate as part of the bootstrap is important and the most straightforward way to do this is authentication based on IDevID.

>   2) is the draft a suitable basis for the work?

I am a wee bit biased as an author I think this is a good a first draft. It would obviously be good to get some additional eyes on it though.

spt