[Drip] New registration python scripts
Robert Moskowitz <rgm@labs.htt-consult.com> Tue, 03 September 2024 21:06 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11C37C1CAE6D for <tm-rid@ietfa.amsl.com>; Tue, 3 Sep 2024 14:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHOKGv-iQkHJ for <tm-rid@ietfa.amsl.com>; Tue, 3 Sep 2024 14:06:28 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3613FC14F73E for <tm-rid@ietf.org>; Tue, 3 Sep 2024 14:06:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 4AFB76283C for <tm-rid@ietf.org>; Tue, 3 Sep 2024 17:05:36 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bs--yNq-Vato for <tm-rid@ietf.org>; Tue, 3 Sep 2024 17:05:32 -0400 (EDT)
Received: from [192.168.160.29] (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 4D0D162775 for <tm-rid@ietf.org>; Tue, 3 Sep 2024 17:05:32 -0400 (EDT)
Message-ID: <87c478de-f3cc-489c-9b69-616d06728d07@labs.htt-consult.com>
Date: Tue, 03 Sep 2024 17:06:18 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "tm-rid@ietf.org" <tm-rid@ietf.org>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 23RZBFUNYSZLAIA5PZVTLJMZQY2XPCSD
X-Message-ID-Hash: 23RZBFUNYSZLAIA5PZVTLJMZQY2XPCSD
X-MailFrom: rgm@labs.htt-consult.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Drip] New registration python scripts
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/Yp6gsMaHPHBuqGfh6SXPyGvApGU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Owner: <mailto:tm-rid-owner@ietf.org>
List-Post: <mailto:tm-rid@ietf.org>
List-Subscribe: <mailto:tm-rid-join@ietf.org>
List-Unsubscribe: <mailto:tm-rid-leave@ietf.org>
https://github.com/ietf-wg-drip/drip-scripts 2 new scripts: csr-gen.py hda-endorse.py Adam, Stu, and I have been working on a revised flow for the UA registration into the USS/HDA. We are using X.509 objects under the DRIP DETs and Endorsements. So the UA has limited info about itself. It creates a very minimum CSR: UA SerialNumber and EdDSA25519 keypair. This CSR gets set (through some magic) to the GCS. Adam is defining all that will go into the GCS to USS to HDA flow. The HDA creates the DET (It knows the proper RAA and HDA values), Endorses it, creates a DRIP-lite X.509 cert, and stores all this in DNS and sends it back to the USS that sends it back to the GCS, that sends some of it to the UA. Well there is more, but the scripts are pretty much working. Still need to do some fixing to hda-endorse.py (X.509 dates are not right). But I just wanted to hit a milestone on this part of the registration work. Now I have to read through Adam's updated text, add my part now that I have scripts, and we can update drafts. We HAVE been busy. Bob
- [Drip] New registration python scripts Robert Moskowitz
- [Drip] Re: New registration python scripts Robert Moskowitz