Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 06 April 2020 18:04 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 555B93A0E6C for <opsawg@ietfa.amsl.com>; Mon, 6 Apr 2020 11:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdwRYlWe5cFG for <opsawg@ietfa.amsl.com>; Mon, 6 Apr 2020 11:04:21 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A690B3A0ED3 for <opsawg@ietf.org>; Mon, 6 Apr 2020 11:04:08 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id D26EB3897A for <opsawg@ietf.org>; Mon, 6 Apr 2020 14:02:26 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3DC0511A for <opsawg@ietf.org>; Mon, 6 Apr 2020 14:04:01 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "opsawg@ietf.org" <opsawg@ietf.org>
In-Reply-To: <CAHw9_iKn56LbAwgPvXjsXuQ=6JDQGozvMO4P6LjQgTzM2X0-6g@mail.gmail.com>
References: <158594643249.23574.16483224996635431528@ietfa.amsl.com> <DB7PR07MB5657863B6A4D9948881C2DBCA0C20@DB7PR07MB5657.eurprd07.prod.outlook.com> <CAHw9_iKn56LbAwgPvXjsXuQ=6JDQGozvMO4P6LjQgTzM2X0-6g@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 06 Apr 2020 14:04:01 -0400
Message-ID: <32301.1586196241@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/mSaqaKkQFKgm_-A1HgiisDd22eg>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 18:04:28 -0000
Warren Kumari <warren@kumari.net> wrote: > Another very common case is for an ISP (think Verizon, or Telus) to > deliver a circuit to a customer - they have a contractor which > delivers the fiber, and then roll a truck to have someone physically > plug in a PE / CPE router and install the initial config. Again, they > don't really want to hand the config to the user, and also cannot use > the current autoboot solutions for the same reason - the customer > could just plug their own device / laptop into the newly installed > circuit, autoboot and grab the config / join the IGP / whatever. I have dealt with this situation. We used unencrypted TFTP to configure the CPE device over the fiber. The approach that we took was to have the untagged "VLAN" provide basic DHCP and the TFTP configuration did only one thing: enable SSH access with a known password (hashed). (Because the device didn't support RSA keys) Our installer would genereally be on the "electrician" side of things: able to drill holes and pull cables, and they often *had* to do exactly that. When the lights went green, someone from HQ would login and finish configuration. So, even if you do have someone to physically plug things in, and they work for you, they might just not have the skills required. > goop in a TPM, etc) - in some cases all they will need to do is > publish the public key, indexed by the serial number (a number of > vendors have said that this will be trivial). The document is That's interesting and positive to learn. Did these vendors say how they will do this? -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Warren Kumari
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Michael Richardson
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Michael Richardson
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Warren Kumari
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Joe Clarke (jclarke)