IETF Logo Mail Archive

Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16

Uri Blumenthal <uri@mit.edu> Wed, 03 October 2018 01:06 UTC

Return-Path: <uri@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D92F131186; Tue, 2 Oct 2018 18:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyqI2iBFYGJi; Tue, 2 Oct 2018 18:06:51 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5500131160; Tue, 2 Oct 2018 18:06:50 -0700 (PDT)
X-AuditID: 12074423-449ff70000003967-47-5bb416275ee0
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id FC.B9.14695.82614BB5; Tue, 2 Oct 2018 21:06:48 -0400 (EDT)
Received: from outgoing-exchange-3.mit.edu (OUTGOING-EXCHANGE-3.MIT.EDU [18.9.28.13]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w9316kaN016955; Tue, 2 Oct 2018 21:06:46 -0400
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-3.mit.edu (8.13.8/8.12.4) with ESMTP id w9316Tjm020646; Tue, 2 Oct 2018 21:06:34 -0400
Received: from W92EXHUB12.exchange.mit.edu (18.7.73.21) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 2 Oct 2018 21:06:12 -0400
Received: from OC11EXPO28.exchange.mit.edu ([169.254.1.191]) by W92EXHUB12.exchange.mit.edu ([18.7.73.21]) with mapi id 14.03.0352.000; Tue, 2 Oct 2018 21:06:36 -0400
From: Uri Blumenthal <uri@mit.edu>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: "anima@ietf.org" <anima@ietf.org>, Eliot Lear <lear@cisco.com>, Security Directorate <secdir@ietf.org>, "randy@psg.com" <randy@psg.com>
Thread-Topic: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16
Thread-Index: AQHUWhyykvn3lDncMkaktwy1V6dY16UMEvCAgAASvACAAAOzAIAAaeeAgAAMuYCAAAWrAIAASoeAgAAFeQCAAAPSAA==
Date: Wed, 03 Oct 2018 01:06:35 +0000
Message-ID: <F556CDA5-BDBB-4525-85C6-5960B3050092@mit.edu>
References: <153826253306.18743.9250084704876465818@ietfa.amsl.com> <m2sh1qkebi.wl-randy@psg.com> <057bd957-06b4-824e-a7c8-214383819621@huitema.net> <m2murxi8ws.wl-randy@psg.com> <b4a32733-c2df-6bea-17d2-4d45ee4d5136@cisco.com> <m2wor0h9vu.wl-randy@psg.com> <1fd9c9d5-508f-901e-818c-3cc87725c331@cisco.com> <m2d0ssh661.wl-randy@psg.com> <2555.1538506845@localhost> <6b2f2b80-5e9e-101f-4aac-f182f638f8b1@gmail.com> <e23fefe6-fcad-6c5c-fbef-9dac9270b42c@joelhalpern.com> <ae654d8c-eb5e-95d5-f3ce-a24d6d8a71f4@gmail.com> <m21s97g8bd.wl-randy@psg.com>
In-Reply-To: <m21s97g8bd.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-2355C6F5-6A50-4EF0-A770-4BF45955DEF9"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA02Te0hTURzHO/fe3Z2JN2/zsZMW1M3A10zRYlRERIVRfxT1RySRN3fmVtuU e7fQCjJ6a4WaxVykzkfQyh5qmdJDV1EqmD0FwWBimQ7Diohmr3t3e/jf93e+n/P9nsO9B5La JjoWWuwOLNh5K0eHUVpN9AJ9QkxrdpqvZpHBXzdAGI4+u0cYvvw8ThneHRkjDJMeP7VSlVU5 dUOV1e4eUmc1NHwjss5WnQcbqW1hy43YatmDhUUrcsLMgdZusuCFvvDcKS9dDC4nlQANRGwm qugYpktAGNSy9QR64PpAKMN9gM40TpLK8AigMU/HH6wNoGMPTgJl8AIUfP6aksNolkOTw80h HcVmoIMlvSoZIlkPQO86nxKyEcliNNVXARTIhMpfBQlF70ITwaGQpth4NHqzmpQ1wy5FD6ub KKWtnUJ9dwK0bGjYJPR5tDzUBtgY9LXnSmgzyerQ4EgNoVwvCvmf9dKKjkE/O/y0cqJzAFVf vaFSGmah7qoRqgzEuKftd0/n3NM4N4CSkYLOeIDCJ6OLngCp6GXIFeyiFb0YBR59/MPMR5Wl fnUtgF4w12jbq7fxFquIc/ViLm+3Y0G/JNVmcaRio7MZyN9dvXrBbTB2er0PsBBw4UxOTUu2 VsXvEYtsPjAbElw0E26TlmbuzDcWmXnRvENwWrHoA/FS1/D1y/0glrLn2zEXxZzmJY4x8kV7 sZD/F4uDFKdjyg/XZ2vZPN6Bd2NcgIW/7hwIOcQkR7dma2cJOA8XmixWx3+bgBofQDBcCvdG SQwjFvA20ZKn+D0gA753HXeR8OjbARepDZ0jVsfkyHGsjJqd9n9pob9cvY4dBzrpopFMhEyF S2/gX964VEVIVQed1+UqB//fii0GiXCTqXvhD11DmWbJV1PC3Fct6rZRvu3HYZ6PuGRp+uZd UyUKmReKI8B3077BgfGEXD2b/oHIP/XSfbfCWVb96VZghfXEL+5A4El/cWU8rLVY6+PqrqbN KNnQee1xcHtpYs8MvJbYktJdcWhr+5FVU/Mmpob2o6GuppObqS+NbzhKNPPpSaQg8r8BU/wH ksADAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rk9mtLZQ1fZF3-LiRIxGUy073wc>
Subject: Re: [secdir] [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 01:06:54 -0000

Based on this exchange, and the arguments presented here that I observed so far, I'm with Randy. I have not seen adequate answers to his concerns (which IMHO are reasonable).

P.S. Feel free to trim the CC: list when/if responding.

P.P.S. In one of my prior incarnations many years ago, we designed a somewhat similar system, and called it "Zero-Touch Provisioning". It was a very big company, so we did not consider the possibility of it/us going out of business (and leaving the customers stranded). But if Randy's arguments were presented to our team then, we'd probably accepted them and tried to address...

Sent from my test iPhone

On Oct 2, 2018, at 20:53, Randy Bush <randy@psg.com> wrote:

>> I think it's been thought through but badly articulated. In that sense,
>> the Last Call is doing its job.
> 
> does that mean that i can stop trying for a narten medal, go back to
> work, and christian will wake me up again when my two scenarios have
> clear answers; one hopes ones with which i can live?
> 
> also, please tell me that i do not need to stick my nose into the rest
> of anima in order to let the user unequivocally own what they buy.  i
> have my own rabbit holes to pursue in the ietf.
> 
> randy
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

v2.23.0 | Report a Bug | By Email