Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16

Michael Richardson <> Wed, 03 October 2018 14:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3DDE91312B2; Wed, 3 Oct 2018 07:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id D1uxOavxtriz; Wed, 3 Oct 2018 07:37:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E7A66131280; Wed, 3 Oct 2018 07:37:35 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 816C720090; Wed, 3 Oct 2018 10:37:32 -0400 (EDT)
Received: by (Postfix, from userid 179) id 502CC2352; Wed, 3 Oct 2018 10:37:33 -0400 (EDT)
Received: from (localhost []) by (Postfix) with ESMTP id 4D5A4234D; Wed, 3 Oct 2018 10:37:33 -0400 (EDT)
From: Michael Richardson <>
To: Eliot Lear <>
cc: Brian E Carpenter <>,, Security Directorate <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <2555.1538506845@localhost> <> <23133.1538520783@localhost> <> <10809.1538534121@localhost> <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 03 Oct 2018 10:37:33 -0400
Message-ID: <28811.1538577453@localhost>
Archived-At: <>
Subject: Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Oct 2018 14:37:38 -0000

Eliot Lear <> wrote:
    >> This lets you use nonced vouchers, potentially with expiry dates.
    >> Maybe very long expiry dates.  Or maybe your personnel-safety-critical
    >> equipment has a best-before date, and so it's acceptable for you to
    >> have vouchers only until that date.

    > One approach I would like would be to get the voucher size down to the
    > point where it could reasonably fit into a QR code.  Then it's a scan. 
    > I see that as future work.

current constrained voucher:

dooku-[projects/pandora/highway](2.4.1) mcr 10028 %ls -l
-rw-r--r-- 1 mcr mcr 800 Oct  2 23:06 tmp/voucher_00-D0-E5-F2-10-03.vch

Note that this does not include the key that did the signing (the MASA key),
and I think that this pins a certificate rather than a Raw Public Key,
so it could be smaller.  (I have to check what I put in that one)
It's okay not to include the signing key inside, as the pledge already
has it.  The Registrar ("owner's trust controller") would like to have that
key to audit the signature, but that can be done outside of the voucher.

It converts to QR code just fine:

Probably needs to have some URI or some such to tell things what is inside.
However, not many devices we care about (whether routers or lightbulbs)
have cameras.  If there is some smartphone interaction, then that's a
different thing, and DPP could work, provided we get the APIs that we need to
make it deployable.

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-