IETF Logo Mail Archive

Re: [Trust-router] Considering delaying BOF Request

Rafa Marin Lopez <rafa@um.es> Wed, 15 May 2013 22:57 UTC

Return-Path: <rafa@um.es>
X-Original-To: trust-router@ietfa.amsl.com
Delivered-To: trust-router@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63AED21F8477 for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 15:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3svw79BxGQGy for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 15:57:17 -0700 (PDT)
Received: from xenon13.um.es (xenon13.um.es [155.54.212.167]) by ietfa.amsl.com (Postfix) with ESMTP id 746A221F8470 for <trust-router@ietf.org>; Wed, 15 May 2013 15:57:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon13.um.es (Postfix) with ESMTP id 5E8215D620; Thu, 16 May 2013 00:57:11 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon13.um.es
Received: from xenon13.um.es ([127.0.0.1]) by localhost (xenon13.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YfoAZIPdgghO; Thu, 16 May 2013 00:57:10 +0200 (CEST)
Received: from [192.168.1.64] (3.Red-88-25-26.staticIP.rima-tde.net [88.25.26.3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: rafa) by xenon13.um.es (Postfix) with ESMTPSA id AFA475D635; Thu, 16 May 2013 00:57:08 +0200 (CEST)
References: <CDB9B35C.22F73%josh.howlett@ja.net>
In-Reply-To: <CDB9B35C.22F73%josh.howlett@ja.net>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="utf-8"
Message-Id: <333DA055-3554-466F-B19A-B5D73FFBA9AC@um.es>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPad Mail (9B206)
From: Rafa Marin Lopez <rafa@um.es>
Date: Thu, 16 May 2013 00:57:07 +0200
To: Josh Howlett <Josh.Howlett@ja.net>
Cc: "trust-router@ietf.org" <trust-router@ietf.org>, David Chadwick <d.w.chadwick@kent.ac.uk>
Subject: Re: [Trust-router] Considering delaying BOF Request
X-BeenThere: trust-router@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "ABFAB Trust Router discussion list." <trust-router.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trust-router>, <mailto:trust-router-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trust-router>
List-Post: <mailto:trust-router@ietf.org>
List-Help: <mailto:trust-router-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trust-router>, <mailto:trust-router-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 22:57:22 -0000

Hi Josh

I agree with your view, specially in networks where a PKI is already deployed.

Best Regards.

-------------------------------------------------------
Rafael Marin Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
-------------------------------------------------------

El 15/05/2013, a las 22:59, Josh Howlett <Josh.Howlett@ja.net> escribió:

> Thanks David.
> 
> I am *not* advocating that you do this :-) but I should note that its
> perfectly valid to employ ABFAB with X.509 PKI (using certificates with
> RadSec, rather than the PSKs acquired from Trust Router).
> 
> (I would personally argue that you are able to construct a much more
> coherent infrastructure using both ABFAB and Trust Router, but
> architectural coherency is perhaps a matter of taste; in any event we do
> not have long to wait until we have an operational infrastructure with
> which to test these notions of coherency and taste to destruction!).
> 
> In any case, I look forward to hearing about the results of your work when
> that's done, as that will really help to inform this kind of discussion.
> 
> Josh.
> 
> On 15/05/2013 21:47, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote:
> 
>> Simply because the Trust router is an integral part of ABFAB, and we are
>> integrating ABFAB into OpenStack. So we need to understand what the
>> trust router's trust model is, how it is established and managed, and
>> how we can integrate that into the existing trust fabric that we have
>> already implemented in OpenStack.
>> 
>> regards
>> 
>> David
>> 
>> On 15/05/2013 21:26, Josh Howlett wrote:
>>> Hi David,
>>> 
>>> Sam writes that
>>> 
>>>> I think that trust router will work well for that use case.
>>> 
>>> When we talk about Trust Router, we often get push-back along the lines
>>> of
>>> "that's a valid use case, but technology Foo already supports that".
>>> 
>>> This is often true if you're willing to apply technology Foo in a
>>> non-typical fashion. So you could, for example, employ X509 in ways that
>>> mimic Trust Router's CoIs. These may not be particularly practical, but
>>> nonetheless it could in principle be done.
>>> 
>>> So -- playing Devil's Advocate -- could I ask why you are interested in
>>> Trust Router as opposed to some other trust technology?
>>> 
>>> Josh.
>>> 
>>> 
>>> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
>>> not-for-profit company which is registered in England under No. 2881024
>>> and whose Registered Office is at Lumen House, Library Avenue,
>>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>>> 
> 
> 
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
> not-for-profit company which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
> 
> _______________________________________________
> trust-router mailing list
> trust-router@ietf.org
> https://www.ietf.org/mailman/listinfo/trust-router

v2.23.0 | Report a Bug | By Email