IETF Logo Mail Archive

Re: [OPSAWG] WG adoption poll for draft-wkumari-opsawg-sdi-04

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 19 June 2019 00:47 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AAC0120183; Tue, 18 Jun 2019 17:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.399
X-Spam-Level:
X-Spam-Status: No, score=-0.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4xE3Alhh5qT0; Tue, 18 Jun 2019 17:47:07 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3416C12003E; Tue, 18 Jun 2019 17:47:07 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.132]) by relay.sandelman.ca (Postfix) with ESMTPS id 4C35B1F450; Wed, 19 Jun 2019 00:47:04 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id BAA501328; Tue, 18 Jun 2019 20:47:13 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Warren Kumari <warren@kumari.net>
cc: Tianran Zhou <zhoutianran@huawei.com>, "opsawg@ietf.org" <opsawg@ietf.org>, OpsAWG Chairs <opsawg-chairs@ietf.org>
In-reply-to: <CAHw9_iJkCg66WSJ47eiDdNO_A_jvjmN-8ZynVUhyvqQFM75rKA@mail.gmail.com>
References: <BBA82579FD347748BEADC4C445EA0F21BEE43D78@NKGEML515-MBX.china.huawei.com> <CAHw9_iJkCg66WSJ47eiDdNO_A_jvjmN-8ZynVUhyvqQFM75rKA@mail.gmail.com>
Comments: In-reply-to Warren Kumari <warren@kumari.net> message dated "Tue, 18 Jun 2019 17:08:16 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 18 Jun 2019 20:47:13 -0400
Message-ID: <14049.1560905233@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/51OKhrtGmJeyXzVbz_PQ-kFNAVg>
Subject: Re: [OPSAWG] WG adoption poll for draft-wkumari-opsawg-sdi-04
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2019 00:47:10 -0000

Warren Kumari <warren@kumari.net> wrote:
    > Here is a link to the slidedeck from IETF104 to refresh your memory -
    > https://datatracker.ietf.org/meeting/104/materials/slides-104-opsawg-draft-wkumari-opsawg-sdi-01.pdf
    > -- basically the entire document is summarized in 2 slides (slide 9,
    > 10).  If you'd prefer video -- https://youtu.be/a479Zohc5yg?t=1266

    > The main design criteria for this was to be as simple as possible, to
    > make it trivial to implement and use. This is specifically designed to
    > just augment existing auto-install functionality; there are much more
    > ambitious and fully featured solutions (such as ANIMA and RFC 8572)
    > available for those who can / want to use them.

Your claim that BRSKI is too complex is interesting, and I'd like to discuss
this with you over beer.  But, I appreciate you trying to do this.
Saving CO2 expended by silly airplane flights is appreciated.

We did consider a protocol such as you describe.
The limitation is that it does not necessarily enroll the new device into the
ISP's security domain, and we really wanted that.

The Config file provided could do that, and as you say, some staging
mechanism could also use ssh to do that as well.  But, that wouldn't really
be a standard, and we needed something more specific.

I think you need a bit more text to explain why the device should trust the
DHCP server; and also how the owner convinces the manufacturer to turn over
this key.  As written, it looks like if I get a good look at the label of a
BFR I have a good chance of getting the key, and I'm sure you intend
something more involved.

It's unclear to me if this key should be retained in the factory reset
situation or not; I think you offer both possibilities, but each version has
some security gotchas, and I think it needs to be explained.

I would like you to consider specifying a standard format for the encrypted
configuration.   CMS, PGP, JOSE, COSE... pick one or more.  That way, we can
have tools that can support a multiple of vendors equipment.

Failing such a choice, I don't see anything in this description which a
manufacturer can't unilaterally do today.  So maybe it's a BCP, and and it
can go into an RFP. I don't think it's Informational: BCP or STD.

    > I'd really appreciate your review and comment; it's short (if you
    > ignore the ASCII art diagrams and example appendix and similar it is 7
    > or 8 pages, and much of that is background).  W

Adopt it.

ps: it would be nice if the initial DHCP request included a MUD URL, so that
    the infrastructure can know what the device is expected to do,
    particularly if that might involve calling home to get the latest
    firmware before operating.
    Should the device get any kind of Internet access from the DHCP server?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email