Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Tue, 20 Feb 2018 12:27:23 -0800 

Max Pritikin (pritikin) <priti...@cisco.com> wrote:
    >>> b)  Key infrastructure
    >> 
    >>> There  is no definition/reference for this term.  Please describe on
    >>> first use and in terminology.  Is there a difference
    >>> between "key infrastructure" and  "keying material" ? If not, then
    >>> maybe remove one term otherwise pls. describe difference.
    >> 
    >> The term is in the title and in section 1.
    >> And you are right that it does not appear again, nor is it defined.
    >> I think it generally refers to the mechanism of PKI, but I'm not sure 
what to do.

    > An “infrastructure” is the basic entities and protocols necessary for
    > the operations of key management. I think it comes from the common
    > language term and can’t find a normative definition within IETF
    > document. As a native english speaker who has used the concept in IETF
    > interactions for eons it feels silly to try and define it. Odd.

The words "keying material" is used in the "Other Bootstrapping Approaches"
only.  In that paragraph, it refers to some "other" stuff... I'm loath to
boil the ocean to define what we aren't doing...

I suggest the insertion of the marked text:

        without external help is also an impossibility. Today it is commonly
        accepted that the initial connections between nodes are insecure, until
        key distribution is complete, or that domain-specific keying material
*new*   (often pre-shared keys, including mechanisms like SIM cards)
        is pre-provisioned on each new device in a costly and non-scalable
        manner. Existing mechanisms are known as non-secured 'Trust on

Now, to the term Key Infrastructure:

            <t hangText="(Public) Key Infrastructure:"> The collection of 
systems and
            processes that sustain the activities of a public key system.
            In an ANIMA Autonomic system, this includes a Domain
            Certification Authority (CA), (Join) Registrar which acts as an
            <xref target="RFC5280" /> Registrar, as well as appropriate
            certificate revocation list (CRL) distribution points and/or OCSP
            (<xref target="RFC6960" />) servers.</t>

I note that RFC6960 doesn't bother to define Key Infrastructure at all, or
even use the term except in the title...

-- 
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to