Re: [Netconf] zerotouch/11: Ownership Voucher – formally define?
Kent Watsen <kwatsen@juniper.net> Tue, 16 August 2016 22:06 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C73AB12D873 for <netconf@ietfa.amsl.com>; Tue, 16 Aug 2016 15:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zJVe4Kc7zok for <netconf@ietfa.amsl.com>; Tue, 16 Aug 2016 15:06:15 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0123.outbound.protection.outlook.com [104.47.42.123]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 722CC12D785 for <netconf@ietf.org>; Tue, 16 Aug 2016 15:06:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SFzL3pfW5jvKr3S2TeAZd0DyyZSwK28NX3sL5SP13oU=; b=hBRFvbuHMazWhrxa5mwJtWdGTxT+hzm1wn4r9uRMefIb0cBAhQj43qXCWBkpoiG7Fcfpc9HbxoAb9SVgoSmBXyJUSmqlg76+MnVDFdVbBs5wZLGmWfbLvjWJ6MA8Q7xbhQhpqGlI4oegIrutCSCDQynZNSLJ8E7bReBNg+f7YYc=
Received: from DM2PR0501MB1455.namprd05.prod.outlook.com (10.161.224.152) by DM2PR0501MB1454.namprd05.prod.outlook.com (10.161.224.151) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.557.8; Tue, 16 Aug 2016 22:06:12 +0000
Received: from DM2PR0501MB1455.namprd05.prod.outlook.com ([10.161.224.152]) by DM2PR0501MB1455.namprd05.prod.outlook.com ([10.161.224.152]) with mapi id 15.01.0557.009; Tue, 16 Aug 2016 22:06:13 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] zerotouch/11: Ownership Voucher – formally define?
Thread-Index: AQHR0luDrStCCWc4KU2Ev5oCeFbVpqBMLQcA
Date: Tue, 16 Aug 2016 22:06:13 +0000
Message-ID: <F6B44B1E-5D6E-4B96-8861-945A2428A354@juniper.net>
References: <15A40A51-6FBE-4952-98ED-C92EBDFB6373@juniper.net>
In-Reply-To: <15A40A51-6FBE-4952-98ED-C92EBDFB6373@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.18.0.160709
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.241.11]
x-ms-office365-filtering-correlation-id: d367c675-5b10-4ec0-8e4e-08d3c6218981
x-microsoft-exchange-diagnostics: 1; DM2PR0501MB1454; 6:ac1GKZ0NnCYKjIhIIMRbX0A7ReMXewq9zd6BHSg/cJhZs8/oqmAX7cjwaMzO9ZYlqxI3mLg5K4lA/dKdnQrQhKgn7vtJQWpjAEbS0zgl1XNgX/RpDPHNiuadulBlo3q4Lb0X9QfKbXsGfADlzbP41mDUQD2O0UdjFJz4MBO+RyJYFiG04U9OZaHNuoDHhLSF50oktEcA6Gr85lwb/pGH3zYoWP0zrezsSA+ZjzR9OZ+u4Vqm0cHaUyEMvg1irt2yRpdw6SNl94Z68wBCu0ifpW8hJL7vbL0djuMDBBetZxvKg/WGKkdLxoMbOS6/ixPIg6pkx0r45zASRc2N50asUA==; 5:7u1Dkl6Ir8Q3/+CoioxKNQmgB8en9cVDInOAVprxY+xHSEZ3AbvW+sXG+QLZYU93GTkgmR+ibjHp5JLTMY7Q8mJLvEE0pUxsF+Ka5FcQuCa5htW5CQ/6GIEJMO/Q/o8NIAP2+9ZRV0n+4xXh4+DPtA==; 24:redrDAY3s6aysJh63aqrkIaNFW1t80Zm1sI3smd1+DAeF2DC4tq25ST66DSUmp316m1/Ke/PqF29BCrmReV6Mc/8PRSUytRvBXLw++QjKfY=; 7:buuzhM0E5T2XYUUD0f3QrT44Efl90SGom4rI14z+P0DAeQZ1bWodNo3L3Bprt7BwyV7bNewqVMV+A39cMd4OOfPZC9lWY/+sSckDFlrIA/cGPo0p3WfYYP9rOC1Za/PM1J9tFv3o9j3CQyajKR73bfgtxr8xuw+Xj3P8qNe4/0MPE0HpNZAVIpoyNsGxqdkAIZ1G6DxrxK7x0Fvi0hx/8U7wYYQgfA0QcMD8DvTD0JIciK1T8LcwwTx1Vr7pC+Z+
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1454;
x-microsoft-antispam-prvs: <DM2PR0501MB1454F3F2B77506441AF89112A5130@DM2PR0501MB1454.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(60795455431006)(166708455590820)(138986009662008)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:DM2PR0501MB1454; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB1454;
x-forefront-prvs: 0036736630
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(377454003)(199003)(561944003)(5002640100001)(83716003)(6116002)(122556002)(1730700003)(81166006)(2351001)(2906002)(99286002)(106356001)(81156014)(19580405001)(68736007)(105586002)(102836003)(8936002)(82746002)(586003)(50986999)(2501003)(54356999)(87936001)(76176999)(7846002)(10400500002)(101416001)(36756003)(7736002)(3846002)(19580395003)(77096005)(450100001)(106116001)(33656002)(3660700001)(19625215002)(97736004)(19300405004)(110136002)(92566002)(86362001)(5640700001)(4001350100001)(15975445007)(2900100001)(66066001)(16236675004)(2950100001)(3280700002)(83506001)(189998001)(107886002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB1454; H:DM2PR0501MB1455.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_F6B44B1E5D6E4B968861945A2428A354junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2016 22:06:13.0359 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1454
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ucNNBh8CGnNxBTOreXCVweIL7Ls>
Subject: Re: [Netconf] zerotouch/11: Ownership Voucher – formally define?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 22:06:19 -0000
Another update. This issue was discussed for about an hour this morning with ANIMA folks (Michael sent minutes). One thing that came out of it, for us at least, is that there is a need to formally define an ownership voucher format so that: 1. so that a DNS-SD response can apply to multiple vendor devices 2. so that the voucher can be viewed outside of the bootstrapping infrastructure (e.g., for debugging) So, to the question asked by the subject line, the answer seems to be “yes” (please object within a week if you disagree). Of course, now we have to do the hard part of defining what that format is, and to what extent it’s shared with the ANIMA solution. This will be discussed further in next week’s ANIMA call, stay tuned! Thanks, Kent From: Netconf <netconf-bounces@ietf.org> on behalf of Kent Watsen <kwatsen@juniper.net> Date: Wednesday, June 29, 2016 at 7:11 PM To: "netconf@ietf.org" <netconf@ietf.org> Subject: Re: [Netconf] zerotouch/11: Ownership Voucher – formally define? Update: This issue has been discussed with the ANIMA folks. The current proposal is: OLD: module: ietf-zerotouch-ownership-voucher +--rw voucher +--rw owner-id string +--rw unique-id* string +--rw created-on yang:date-and-time +--rw expires-on? yang:date-and-time +--rw signature string NEW: module: ietf-zerotouch-ownership-voucher +--rw voucher +--rw owner-id string +--rw unique-id* string // ANIMA would always have just 1 list entry +--rw nonce? unit64 // only ANIMA would use this nonce field +--rw verification-type enum {verified, logged) // NETCONF would always be VERIFIED +--rw created-on yang:date-and-time +--rw expires-on? yang:date-and-time As compared to ANIMA’s current ‘voucher’ format: { "nonce":"<64bit nonce value>", "serialnumber":"<string value>", --> unique-id "domainID":<domainID value> --> owner-id } This one likely needs more discussion, but would love to hear opinions now... Kent From: Netconf <netconf-bounces@ietf.org> on behalf of Kent Watsen <kwatsen@juniper.net> Date: Wednesday, May 11, 2016 at 6:57 PM To: "netconf@ietf.org" <netconf@ietf.org> Subject: [Netconf] zerotouch/11: Ownership Voucher – formally define? https://github.com/netconf-wg/zero-touch/issues/11 This issue regards the format of the ownership voucher. The current draft defines the ownership voucher as a vendor-specific format, but there may be a desire to define a normative format, so that it helps with DNS-SD as well as with the ANIMA bootstrapping approach. Currently this item is on the ANIMA bootstrapping team's agenda to discuss in an upcoming meeting. It's probably best to defer discussion on this issue until after the ANIMA folks have discussed it. I will send an update to the list with the results of that discussion as soon as I can. Regards, Kent
- Re: [Netconf] zerotouch/11: Ownership Voucher – f… Kent Watsen
- [Netconf] zerotouch/11: Ownership Voucher – forma… Kent Watsen
- Re: [Netconf] zerotouch/11: Ownership Voucher – f… Kent Watsen