Re: [Trust-router] Considering delaying BOF Request
Rafa Marin Lopez <rafa@um.es> Wed, 15 May 2013 22:57 UTC
Return-Path: <rafa@um.es>
X-Original-To: trust-router@ietfa.amsl.com
Delivered-To: trust-router@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63AED21F8477 for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 15:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3svw79BxGQGy for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 15:57:17 -0700 (PDT)
Received: from xenon13.um.es (xenon13.um.es [155.54.212.167]) by ietfa.amsl.com (Postfix) with ESMTP id 746A221F8470 for <trust-router@ietf.org>; Wed, 15 May 2013 15:57:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon13.um.es (Postfix) with ESMTP id 5E8215D620; Thu, 16 May 2013 00:57:11 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon13.um.es
Received: from xenon13.um.es ([127.0.0.1]) by localhost (xenon13.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YfoAZIPdgghO; Thu, 16 May 2013 00:57:10 +0200 (CEST)
Received: from [192.168.1.64] (3.Red-88-25-26.staticIP.rima-tde.net [88.25.26.3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: rafa) by xenon13.um.es (Postfix) with ESMTPSA id AFA475D635; Thu, 16 May 2013 00:57:08 +0200 (CEST)
References: <CDB9B35C.22F73%josh.howlett@ja.net>
In-Reply-To: <CDB9B35C.22F73%josh.howlett@ja.net>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="utf-8"
Message-Id: <333DA055-3554-466F-B19A-B5D73FFBA9AC@um.es>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPad Mail (9B206)
From: Rafa Marin Lopez <rafa@um.es>
Date: Thu, 16 May 2013 00:57:07 +0200
To: Josh Howlett <Josh.Howlett@ja.net>
Cc: "trust-router@ietf.org" <trust-router@ietf.org>, David Chadwick <d.w.chadwick@kent.ac.uk>
Subject: Re: [Trust-router] Considering delaying BOF Request
X-BeenThere: trust-router@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "ABFAB Trust Router discussion list." <trust-router.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trust-router>, <mailto:trust-router-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trust-router>
List-Post: <mailto:trust-router@ietf.org>
List-Help: <mailto:trust-router-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trust-router>, <mailto:trust-router-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 22:57:22 -0000
Hi Josh I agree with your view, specially in networks where a PKI is already deployed. Best Regards. ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es ------------------------------------------------------- El 15/05/2013, a las 22:59, Josh Howlett <Josh.Howlett@ja.net> escribió: > Thanks David. > > I am *not* advocating that you do this :-) but I should note that its > perfectly valid to employ ABFAB with X.509 PKI (using certificates with > RadSec, rather than the PSKs acquired from Trust Router). > > (I would personally argue that you are able to construct a much more > coherent infrastructure using both ABFAB and Trust Router, but > architectural coherency is perhaps a matter of taste; in any event we do > not have long to wait until we have an operational infrastructure with > which to test these notions of coherency and taste to destruction!). > > In any case, I look forward to hearing about the results of your work when > that's done, as that will really help to inform this kind of discussion. > > Josh. > > On 15/05/2013 21:47, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote: > >> Simply because the Trust router is an integral part of ABFAB, and we are >> integrating ABFAB into OpenStack. So we need to understand what the >> trust router's trust model is, how it is established and managed, and >> how we can integrate that into the existing trust fabric that we have >> already implemented in OpenStack. >> >> regards >> >> David >> >> On 15/05/2013 21:26, Josh Howlett wrote: >>> Hi David, >>> >>> Sam writes that >>> >>>> I think that trust router will work well for that use case. >>> >>> When we talk about Trust Router, we often get push-back along the lines >>> of >>> "that's a valid use case, but technology Foo already supports that". >>> >>> This is often true if you're willing to apply technology Foo in a >>> non-typical fashion. So you could, for example, employ X509 in ways that >>> mimic Trust Router's CoIs. These may not be particularly practical, but >>> nonetheless it could in principle be done. >>> >>> So -- playing Devil's Advocate -- could I ask why you are interested in >>> Trust Router as opposed to some other trust technology? >>> >>> Josh. >>> >>> >>> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a >>> not-for-profit company which is registered in England under No. 2881024 >>> and whose Registered Office is at Lumen House, Library Avenue, >>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 >>> > > > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > not-for-profit company which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 > > _______________________________________________ > trust-router mailing list > trust-router@ietf.org > https://www.ietf.org/mailman/listinfo/trust-router
- [Trust-router] Considering delaying BOF Request Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… Rafa Marin Lopez
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick
- Re: [Trust-router] Considering delaying BOF Reque… Josh Howlett
- Re: [Trust-router] Considering delaying BOF Reque… Sam Hartman
- Re: [Trust-router] Considering delaying BOF Reque… David Chadwick