IETF Logo Mail Archive

Re: [Trust-router] Considering delaying BOF Request

Josh Howlett <Josh.Howlett@ja.net> Wed, 15 May 2013 21:00 UTC

Return-Path: <Josh.Howlett@ja.net>
X-Original-To: trust-router@ietfa.amsl.com
Delivered-To: trust-router@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CBC11E80CC for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 14:00:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZWQi4XRl6R4 for <trust-router@ietfa.amsl.com>; Wed, 15 May 2013 14:00:04 -0700 (PDT)
Received: from har003676.ukerna.ac.uk (har003676.ukerna.ac.uk [194.82.140.75]) by ietfa.amsl.com (Postfix) with ESMTP id 27D8721F86CE for <trust-router@ietf.org>; Wed, 15 May 2013 14:00:04 -0700 (PDT)
Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 849694A6B9B_193F751B; Wed, 15 May 2013 21:00:01 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 7C0724A6B70_193F750F; Wed, 15 May 2013 21:00:00 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.02.0247.003; Wed, 15 May 2013 21:59:54 +0100
From: Josh Howlett <Josh.Howlett@ja.net>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
Thread-Topic: [Trust-router] Considering delaying BOF Request
Thread-Index: AQHOUX4T4oIU/b8QxUeVqzFvw/cN/pkGTxIAgAA7ebmAACdugP//9Q+AgAAUPgA=
Date: Wed, 15 May 2013 20:59:53 +0000
Message-ID: <CDB9B35C.22F73%josh.howlett@ja.net>
In-Reply-To: <5193F457.4090601@kent.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.4.130416
x-originating-ip: [194.82.140.76]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16102AC8A3ED6441BB10DCCE4250478E@ukerna.ac.uk>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "trust-router@ietf.org" <trust-router@ietf.org>
Subject: Re: [Trust-router] Considering delaying BOF Request
X-BeenThere: trust-router@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "ABFAB Trust Router discussion list." <trust-router.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trust-router>, <mailto:trust-router-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trust-router>
List-Post: <mailto:trust-router@ietf.org>
List-Help: <mailto:trust-router-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trust-router>, <mailto:trust-router-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 21:00:10 -0000

Thanks David.

I am *not* advocating that you do this :-) but I should note that its
perfectly valid to employ ABFAB with X.509 PKI (using certificates with
RadSec, rather than the PSKs acquired from Trust Router).

(I would personally argue that you are able to construct a much more
coherent infrastructure using both ABFAB and Trust Router, but
architectural coherency is perhaps a matter of taste; in any event we do
not have long to wait until we have an operational infrastructure with
which to test these notions of coherency and taste to destruction!).

In any case, I look forward to hearing about the results of your work when
that's done, as that will really help to inform this kind of discussion.

Josh.

On 15/05/2013 21:47, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote:

>Simply because the Trust router is an integral part of ABFAB, and we are
>integrating ABFAB into OpenStack. So we need to understand what the
>trust router's trust model is, how it is established and managed, and
>how we can integrate that into the existing trust fabric that we have
>already implemented in OpenStack.
>
>regards
>
>David
>
>On 15/05/2013 21:26, Josh Howlett wrote:
>> Hi David,
>>
>> Sam writes that
>>
>>> I think that trust router will work well for that use case.
>>
>> When we talk about Trust Router, we often get push-back along the lines
>>of
>> "that's a valid use case, but technology Foo already supports that".
>>
>> This is often true if you're willing to apply technology Foo in a
>> non-typical fashion. So you could, for example, employ X509 in ways that
>> mimic Trust Router's CoIs. These may not be particularly practical, but
>> nonetheless it could in principle be done.
>>
>> So -- playing Devil's Advocate -- could I ask why you are interested in
>> Trust Router as opposed to some other trust technology?
>>
>> Josh.
>>
>>
>> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
>> not-for-profit company which is registered in England under No. 2881024
>> and whose Registered Office is at Lumen House, Library Avenue,
>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>>


Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

v2.23.0 | Report a Bug | By Email