Re: [Rats] 802.1AR device identity

Eliot Lear <lear@cisco.com> Sun, 18 April 2021 13:52 UTC

Return-Path: <lear@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C9F03A18BE; Sun, 18 Apr 2021 06:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9WDxjyTqi6O; Sun, 18 Apr 2021 06:51:58 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C1903A08E2; Sun, 18 Apr 2021 06:51:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4351; q=dns/txt; s=iport; t=1618753918; x=1619963518; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=ZnrgSACDy265bfippjbwHZAMPq+WcKN64HohnWZ6RZA=; b=deAmgnn+1KIC+IVFR0icdj7Ha1UCbU5ZRDAI4eyk1XAQCCMFOz1IWiFO 0JCKiiREh0UzQNDCcQUnNgaAXeQ1FvGU0qaq9Em1+USgbhnZItgwp7G/N T0nDZT/p2oGV3JpX+uAqJrJg7/s76jz91+JuhynsUc9R8o+9Tp37Dv3Mk M=;
X-Files: signature.asc : 488
X-IPAS-Result: =?us-ascii?q?A0BHAADyOHxg/xbLJq1RCRkBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QESAQEBAQEBAQEBAQEBghKBI4JVAScSMYRDiQSISiUDh3uMTIggBAcBAQEKA?= =?us-ascii?q?wEBNAQBAYRQAoF0JjgTAgMBAQEDAgMBAQEBAQUBAQECAQYEcROFXYZEAQEBA?= =?us-ascii?q?QIBI1YFCwsECgoqAgJXBgoJgnEBgmYhqWp5gTKBAYRYhQ0QgToBgVKFLgGGU?= =?us-ascii?q?0OCC4E6DBCCXz6EDAqDQzaCKwSBZYEfghUBAUMOlFcBiGKBJp0HgxaDP4FGm?= =?us-ascii?q?AcEH5Q3kEuGTIt7ohCEAQIEBgUCFoFrI4FZMxoIGxVlAYI+PhIZDpxuPwMvO?= =?us-ascii?q?AIGAQkBAQMJjQ8BAQ?=
IronPort-HdrOrdr: A9a23:TkDDr6PtFuU328BcTkOjsMiAIKoaSvp033AA3SlKOH9oW+afkN 2jm+le6A/shF8qNE0ItNicNMC7IE/02oVy5eAqV4uKfA6jg2ewKZEn0I2K+V3dMgnz7PRU26 slU6UWMrDNJHx7icq/3wWiCdYnx7C8n5yAvuvVw3dzQQwCUcgJhDtRMQqVHlZ7QwNLH/MCZf +hz/BarDmtc2l/VKqGL0QCNtKzxeHjpdbDaR4CCwVP0njrsRqYrJjnDhOfwhASFxRIzLtKyx miryXJooO+rvq81hjQk1X20q0Tst7gxtxfbfb87fQoFg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,231,1613433600"; d="asc'?scan'208,217";a="32728868"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Apr 2021 13:51:53 +0000
Received: from [10.61.144.102] ([10.61.144.102]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 13IDpqsZ025123 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 18 Apr 2021 13:51:53 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <07EAF7BF-1595-448D-9164-3903E15C5A50@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_0666A8B7-607F-4184-B603-2304E93013A9"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Sun, 18 Apr 2021 15:51:51 +0200
In-Reply-To: <BLAPR05MB7378A9F73457513AC951F82FBA7A9@BLAPR05MB7378.namprd05.prod.outlook.com>
Cc: Laurence Lundblade <lgl@island-resort.com>, Ira McDonald <blueroofmusic@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "Smith, Ned" <ned.smith@intel.com>, "iotops@ietf.org" <iotops@ietf.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
To: Guy Fedorkow <gfedorkow@juniper.net>
References: <D197C29D-95C4-4696-BE22-703E14DFFE35@intel.com> <E0971364-E3AD-40C6-A08A-A0BA7E64D18F@cisco.com> <0C1A8AE6-E6C3-4AF9-9E4F-5841FB450BE3@intel.com> <957A467D-4FE4-4031-98D2-6936D014A37C@cisco.com> <62FFA122-047E-468C-A2DD-5A0E4E8EAF74@intel.com> <9EE53DF3-17AD-495D-9BE7-C15B92EF6B99@island-resort.com> <CAN40gSsCbjpVuCQwsWWjGwfL=cARHcAa0ZPsm+sk8H=9_otZUw@mail.gmail.com> <3593A760-335F-40AF-AC43-7E2D7A1EFF7B@island-resort.com> <BLAPR05MB7378A9F73457513AC951F82FBA7A9@BLAPR05MB7378.namprd05.prod.outlook.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Outbound-SMTP-Client: 10.61.144.102, [10.61.144.102]
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/X2vQ_E-wQ02gByANkl7_LtJ_ieQ>
Subject: Re: [Rats] 802.1AR device identity
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Apr 2021 13:52:04 -0000

Sorry for the delayed response:

> On 2 Apr 2021, at 19:05, Guy Fedorkow <gfedorkow@juniper.net> wrote:
> 
> Hi Laurence,
>   I agree that IDevID is intended to persist through the device’s lifetime, while LDevID is meant to represent the current owner.

Yes, that was the original intent, and even the current intent.  And while that is necessary, it may not be sufficient for long supply chains where ownership passes from one to another.  The LDevID is an owner-assigned name, and so the question is this: when an owner goes to transfer, does it need to use the IDevID again or should it use the LDevID?  There are benefits and drawbacks to both, but if the LDevID is used, then it is used as the IDevID would have been as part of that transfer.  The nice thing about FDO is that it keeps an entire record of these sorts of transfers.

Eliot