Pedro, > For instance, disaster recovery scenarios require to establish network > systems (virtual and physical) that should be autonomic and disconnected > from any previously centralized infrastructure.
Yes, we have already understood this problem, but there's a trade-off between this and security - you want to come up quickly, and you want to come up securely to prevent evil-doers. (You may have read that less than two days ago, numerous homes in Christchurch NZ were burgled during a tsunami evacuation. Similarly, I don't think it's safe to assume that there will be no cyber attackers in a disaster area.) If the drone has even a slow link back to the Internet, that should be sufficient for an autonomic domain to bootstrap securely. Although we expect things to work with only one registrar per domain, that is a software function. We can imagine that after a disaster this function will start up somewhere, but not in its normal host. Of course, more work is needed. Regards Brian Carpenter On 15/11/2016 15:53, Pedro Martinez-Julia wrote: > On Tue, Nov 15, 2016 at 02:40:38AM +0000, Michael Behringer (mbehring) wrote: >> Hi Pedro, > > Hi, > >> Generically, ANIMA devices get a domain certificate. Today, >> practically all certificate management solutions are centralised, with >> a central CA, and several RAs (Registration Authorities). So for now >> this is the working model. And a registrar is logically an RA in this >> model. Given that certificate interactions are infrequent, and given >> that this PKI model is very well developed, I think this is a >> reasonable starting point. > > Yes it is, but being a "model" not a "solution" I think it could > consider different schemes. > >> We have had suggestions to look at peer to peer trust models, and I >> agree that philosophically this would be even better. However, such >> models are not widely used today. My personal opinion is that we could >> well support a different enrolment procedure, using a peer-to-peer >> trust model in the future; the ANIMA reference model is generic and >> modular enough. >> >> But my priority is to get the current solution, using standard PKI >> methods off the ground before going there. >> >> Do you have a concrete proposal? Would be interesting to discuss. > > Not for the moment, but in my team we are working in some models that > would benefit from centralized and distributed registration procedures, > depending on the specific scenario. > > For instance, disaster recovery scenarios require to establish network > systems (virtual and physical) that should be autonomic and disconnected > from any previously centralized infrastructure. This could be reflected > in the unattended deployment of drones to provide connectivity to places > where infrastructure has been broken. In this situation, both security > and interoperability should be ensured without requiring the system to > contact a centralized registry. > > I hope this gives some perspective to my concerns. In summary I only > encourage the consideration of abstract mechanisms to cover any point > that can have polarized schemes (centralized vs distributed). > >> Michael > > Regards, > Pedro > _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
