Re: [Yot] questions concerning sid value assignments
Michel Veillette <Michel.Veillette@trilliant.com> Wed, 21 February 2018 16:02 UTC
Return-Path: <Michel.Veillette@trilliant.com>
X-Original-To: yot@ietfa.amsl.com
Delivered-To: yot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2398812D880 for <yot@ietfa.amsl.com>; Wed, 21 Feb 2018 08:02:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=trilliant.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8qQPKhXnKxN for <yot@ietfa.amsl.com>; Wed, 21 Feb 2018 08:02:01 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on072c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 609E012D875 for <yot@ietf.org>; Wed, 21 Feb 2018 08:01:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Trilliant.onmicrosoft.com; s=selector1-Trilliant-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IHsor28RSgVQ6GQVnGsDHS8cHHUeDF5mqqoN5b/Wpsw=; b=LXtnSRRY9rJ4z9AXTsQHqiAi2xmqN7LDFNXghQbPyUppEjVS6xQUqJVZsIohjTfzMq0lNdvCcQk9iWuAYljCExM88gS1w8vb3bORTd7Ya3iDzjeEt1KYXkFFOcAEv681AmztEUy168sShTm8wofEsTrJx5nGEiKAnyGZj2FLApk=
Received: from BN6PR06MB2308.namprd06.prod.outlook.com (10.173.19.139) by BN6PR06MB2546.namprd06.prod.outlook.com (10.173.22.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:01:49 +0000
Received: from BN6PR06MB2308.namprd06.prod.outlook.com ([10.173.19.139]) by BN6PR06MB2308.namprd06.prod.outlook.com ([10.173.19.139]) with mapi id 15.20.0506.023; Wed, 21 Feb 2018 16:01:49 +0000
From: Michel Veillette <Michel.Veillette@trilliant.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "yot@ietf.org" <yot@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Kent Watsen <kwatsen@juniper.net>
Thread-Topic: questions concerning sid value assignments
Thread-Index: AQHTpQPfhSqbn4YZKUWz13ZUgu+sMqOji5SAgADfF2CAAL4JgIAGYJWAgACKGYCAAO+CgIAAb0sggAEgA4CAAHFcAA==
Date: Wed, 21 Feb 2018 16:01:49 +0000
Message-ID: <BN6PR06MB23088E9DBE12DF5891DEA9559ACE0@BN6PR06MB2308.namprd06.prod.outlook.com>
References: <faa44e95aa561876f119edc7358fd118@xs4all.nl> <26096.1518551413@obiwan.sandelman.ca> <9e0d297ad888a36e16921d10873cc947@xs4all.nl> <BN6PR06MB23082D66ED7486BDA002B1DBFEF50@BN6PR06MB2308.namprd06.prod.outlook.com> <eaccba06f07bc88eac32285fb8880f06@xs4all.nl> <22cc48128046319c662c116bcc39d761@xs4all.nl> <8136.1519064595@obiwan.sandelman.ca> <541bb64fbea71cf95ab50caadcf37a60@xs4all.nl> <BN6PR06MB23084AE32829AFCE40B1A9359ACF0@BN6PR06MB2308.namprd06.prod.outlook.com> <bb2544af8c7375f44f915f14d2727787@xs4all.nl>
In-Reply-To: <bb2544af8c7375f44f915f14d2727787@xs4all.nl>
Accept-Language: fr-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michel.Veillette@trilliant.com;
x-originating-ip: [207.96.192.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2546; 7:nXN99ajzsEBDRlio6LJhqOWj3tkCzEodhr2JvVl9+Hd/12uvto71hDvYD1vkU8EnXIYOn1qgfR2gbYA9J0+RPZt5LDRjilsX3qRw8sHKeCGXhM54adHFdth13RFkLtRezoQP7Q+ZQek/W8T5/nDynGvFaiZfZr2pembE4lvX3P1crds+635+Pb/Q4FPanNKAdkEnbHNReb96R4+P/HB2FN4CEEVzaX/ja+nwmLRn6z1198fd4EX7BKYHpu/Nw2cg
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c95962b7-0c4c-4b02-1832-08d579446a66
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:BN6PR06MB2546;
x-ms-traffictypediagnostic: BN6PR06MB2546:
x-microsoft-antispam-prvs: <BN6PR06MB2546FF90EB65E80D58386F5C9ACE0@BN6PR06MB2546.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(138986009662008)(95692535739014)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231101)(944501161)(93006095)(93001095)(10201501046)(3002001)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BN6PR06MB2546; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2546;
x-forefront-prvs: 0590BBCCBC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(376002)(396003)(39850400004)(366004)(346002)(13464003)(377424004)(199004)(189003)(8936002)(53546011)(2950100002)(26005)(2501003)(77096007)(106356001)(236005)(575784001)(66066001)(6916009)(86362001)(9686003)(478600001)(2906002)(6246003)(19609705001)(105586002)(3280700002)(3660700001)(229853002)(68736007)(4326008)(7736002)(99286004)(5660300001)(1730700003)(59450400001)(93886005)(54896002)(3846002)(8666007)(5630700001)(2900100001)(6436002)(14454004)(8676002)(6306002)(790700001)(81156014)(5640700003)(81166006)(606006)(55016002)(2351001)(186003)(53936002)(6506007)(54906003)(316002)(25786009)(966005)(72206003)(76176011)(33656002)(97736004)(74316002)(6116002)(7696005)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR06MB2546; H:BN6PR06MB2308.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: trilliant.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: LMd0TRU3VCyWjhh5Q3rwZMJy/j2HQAkJBQmCYs4uJW/9BS2qaOWzYCiRoHtpTz43hbvQPgJnK16fpEVv828DDobZlIaPwCBwBjVOI2DhfAShhAgKtJoWfs3nGGYIyJjlNAqYLccU1RJYPS58z7K9CGhb9P906CridoQi+7H5isU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR06MB23088E9DBE12DF5891DEA9559ACE0BN6PR06MB2308namp_"
MIME-Version: 1.0
X-OriginatorOrg: Trilliant.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c95962b7-0c4c-4b02-1832-08d579446a66
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2018 16:01:49.1980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f6fbd13-0dfb-4150-85c3-d43260c04309
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2546
Archived-At: <https://mailarchive.ietf.org/arch/msg/yot/jJvBjijHYoL_PkbeqSPpKwLJVoE>
Subject: Re: [Yot] questions concerning sid value assignments
X-BeenThere: yot@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Yang of Things <yot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yot>, <mailto:yot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yot/>
List-Post: <mailto:yot@ietf.org>
List-Help: <mailto:yot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yot>, <mailto:yot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 16:02:10 -0000
========== About "The correct encoding is only in conjunction with YANG CBOR draft." Yes, this encoding is based on https://datatracker.ietf.org/doc/draft-ietf-core-yang-cbor/ version 6. ========== In the previous email About "What do you mean? a cwt-voucher or a voucher; OR how to derive cwt-voucher from voucher; OR having a mailbox of vouchers?" I mean that the use cases for this information in the datastore need to be clearly defined. What information need to be retrieved and why. In the introduction of 'draft-ietf-anima-voucher', we can read: " The lifetimes of vouchers may vary. In some bootstrapping protocols the vouchers may include a nonce restricting them to a single use, whereas in others the vouchers may have an indicated lifetime." This imply that a device may have multiple vouchers at the same time. This can be implemented as a list or as multiple containers (e.g. previous-voucher, current-voucher, next-voucher) About voucher vs. cwt-voucher, I assume that both need to be supported, this can be accomplished by using an anydata. For example: module ietf-voucher { ... anydata current-voucher { description "voucher-artifact or any YANG template based on this artifact." } ... } ========== In the previous email About "should be included in an optional feature" See https://tools.ietf.org/html/rfc7950#section-7.20.1 This mechanism is used to make a portion of the schema as conditional. A CoMI client can discover which features are implemented by a server by reading its YANG library (e.g. https://datatracker.ietf.org/doc/draft-veillette-core-yang-library/) Regards, Michel -----Original Message----- From: peter van der Stok [mailto:stokcons@xs4all.nl] Sent: Wednesday, February 21, 2018 3:30 AM To: Michel Veillette <Michel.Veillette@trilliant.com> Cc: consultancy@vanderstok.org; Michael Richardson <mcr+ietf@sandelman.ca>; yot@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>; Kent Watsen <kwatsen@juniper.net> Subject: Re: questions concerning sid value assignments Hi Michel, see below Michel Veillette schreef op 2018-02-20 16:47: > Hi Peter, Hi Michael > > In my previous email, I forgot to highlight the errors for the > cwt-voucher encoding. > > When the augment is on the 'voucher-artifac' template, the 'voucher' > container is not redefined, the original definition, path and SID > apply. > Only the "pinned-domain-subject-public-key-info" leaf is part of the > augment and get specific SID assigned to it. > > The encoding should be: > { > 1001001: { > +2 : "2016-10-07T19:31:42Z", / SID = 1001003, created-on / > +4 : "2016-10-21T19:31:42Z", / SID = 1001005, expires-on / > +1 : "verified", / SID = 1001002, assertion / > +10 : "JADA123456789", / SID = 1001011, serial-number / > +5 : h'01020D0F', / SID = 1001006, idevid-issuer / > +8 : h'01020D0F', / SID = 1001009, pinned-domain-cert / > +3 : true, / SID = 1001004, > domain-cert-revocation-checks / > +6 : "2017-10-07T19:31:42Z", / SID = 1001007, last-renewal-date / > +30 : h'01020D0F' / SID = 1001031, > pinned-domain-subject-public-key-info / > } > } > > This corrected encoding probably reinforce your current conclusion > (This is an argument to not re-using the values.) (RIGHT) To be sure: The correct encoding (many thanks for doing this) is only in conjunction with YANG CBOR draft. If you do not expect inter-operability problems with the voucher, an alternative encoding with the same resultant values is OK. (for example not using the h'number' encoding but just a bsd64 encoding also supported by CBOR) Cheerio, Peter > > Regards, > Michel > > -----Original Message----- > From: peter van der Stok [mailto:stokcons@xs4all.nl] > Sent: Tuesday, February 20, 2018 3:40 AM > To: Michael Richardson <mcr+ietf@sandelman.ca> > Cc: consultancy@vanderstok.org; yot@ietf.org; Michel Veillette > <Michel.Veillette@trilliant.com>; Panos Kampanakis (pkampana) > <pkampana@cisco.com>; Kent Watsen <kwatsen@juniper.net> > Subject: Re: questions concerning sid value assignments > > > Michael Richardson schreef op 2018-02-19 19:23: >> peter van der Stok <stokcons@xs4all.nl> wrote: >> > I created an example for myself by heart. Can you see if my >> memory is still >> > correct? >> >> > I assume a server with one voucher module and one cwt-voucher >> module; >> > The augment with grouping is used for SID allocation. >> > The diagnostic notation is used for CBOR. >> >> Cool... >> >> > { >> > 1001000: { >> > +3 : "2016-10-07T19:31:42Z", >> >> > A returned cwt-voucher may look like: >> >> > { >> > 1001030: { >> > -27 : "2016-10-07T19:31:42Z", >> >> It took me a moment to figure out that 1001000+3 == 1001030-27. >> That's exactly what I would think should happen if we have SIDs >> allocate for the underlying ietf-voucher object which we then repeat. >> >> There is a concern if the gap between 1001000 and 1001030 was larger! >> -27 is fortunately still a 1-byte CBOR integer. Otherwise, we get >> into >> 2 >> byte CBOR integers and even three byte ones. Since the delta is >> relative to the enclosing value, not the previous value, we can't >> even amortize the gap. >> >> This is an argument to not re-using the values. > > Well, that concludes the exercise for me. > Now we can make the examples and fix the cwt-voucher SID allocation > >> >> > Both can be identified nicely though the presence of 1001030 or >> 1001000 >> >> > However, when using comi to return the value of for example: >> > ietf-voucher/created-on, or >> > iet-cwt-voucher/created-on >> >> > The request for both is identical: >> >> > GET //example-server.com/c/1001003 >> >> > The server does not know which one to return. >> > Did I miss something?
- Re: [Yot] questions concerning sid value assignme… Michel Veillette
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… Michael Richardson
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… Michael Richardson
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… Michel Veillette
- Re: [Yot] questions concerning sid value assignme… Michel Veillette
- Re: [Yot] questions concerning sid value assignme… Michael Richardson
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… peter van der Stok
- Re: [Yot] questions concerning sid value assignme… Michel Veillette
- Re: [Yot] questions concerning sid value assignme… Michael Richardson