date:20180303

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-03-03 Thread Michael Richardson

I would ideally like to begin the WGLC once I've posted the revised document
and then take any of your issues that I wasn't able to resolve as last call
comments (open issues on tools or github).

Toerless Eckert  wrote:
> d)

> I am missing in the initial chapters a succinct summary how EST
> enrollment is optional and what can be achieved with/without it, there
> is only some side sentences later in the EST sections. I would suggest
> to insert such an explanation here.

> After point 4 insert (unnumbered) paragraph:

I have added a paragraph at the end of section 4:

  After step 4, the pledge has received  and authenticated an
  explicit TA (trust anchor) (pinned-domain-cert in the Voucher
  response).  A secure transport exists between pledge and registrar,
  and it may be used for things other than enrollment into a PKI.

> Also maybe insert some dotted line between imprint and enroll in Figure
> 2 to highlight this distinction. Maybe with "mandatory" / "optional"
> (EST enroll part) on the right hand side

But, in the ACP case, which we are documenting, it's not optional, so
I prefer to show the ACP case in all diagrams.

> Section 2.3)

> a)

> The first paragraph is too terse and not very explanatory arguing why

okay, I'ave used your text.

> - (Optional) authorizing pledge (by registrar) to receive certificate
> from local CA.

Are you referring to the signed CSR?

That's signed by the private key, and does not directly involve the public
certificate part.  The "Signing of voucher-request" actually also is about
the private key too
So I'm taking your comments, but maybe here we need to open an issue?

see: https://goo.gl/viMcAG
and: https://goo.gl/SNzWtJ

> Please keep the "There is no requirement for a common root PKI
> hierarchy.  Each device vendor can generate their own root
> certificate."

Done.

> 
-
> Section 2.3 2)

> a) Please put the description of identification of the pledge into a
> subsection 2.3.1 "Identification of the Pledge"

done.

> b) I am confused about the first MUST (serialNumber) and following
> SHOULD (HardwareModuleName).

> The conversion rules make it clear that you want the device to be
> uniquely identified via the serialNumber, but if that is not in the
> certificate, then you would use the HardwareModuleName. Therefore the
> conversion rules contradict the MUST for serialNumber.  Or else you
> wouldn't define a fallback if it does not exist.

We really want it in the serialNumber.
We acknowledge the PKI tools suck, particularly the ones without source code,
and it's likely that some variety of creation tools will be unable to comply
or the Registrar / Certificate Authority will be unable to do the right thing.
The 30 year history of trying make PKIX thing work properly has provided
experience that says that as much as we want to write MUSTs, if we don't have
workaround documented, then things will fail.  It's sad.

> c) The MUST/SHOULD bullet points are IMHO a duplication of the
> conversion rules, so maybe just drop them.

I think an issue is warranteed here.

> d) I would start the section with a sentence clearly describing what is
> done here:

> In the context of BRSKI, pledges are uniquely identified by a
> "serial-number". This serial-number is used both in the "serial-number"
> field of Voucher or Voucher requests (see section 3.) and in local
> policies on Registrar or MASA (see section 5.).

> The serial-number is derived from the IDevID as follows:

> ... then add the three bullet-points.

okay, I think that I got this.

> e) I do not see "serialNumber" attribute mentioned in rfc4514 nor
> rfc4108. You mention "previously defined". Could you provide a
> reference where "serialNumber" was defined ?

https://github.com/anima-wg/anima-bootstrap/issues/44

so, it's rfc4514 "string representation" format, of the RFC5280 SerialNumber
https://tools.ietf.org/html/rfc5280#section-4.1.2.2

RFC4108 has hwSerialNum, but that's point two.

I'm not sure how to clarify this well.

> f) Please provide example of each of the three fields and how they
> convert into serial-number. This is especially important because for
> the average reader who has never seen a certificate (and with no actual
> reference to e.g.: serialNumber format thats easily readable), it may
> be hard to understand if or how something called "serialNumber" can
> unique identify a device - aka: that it includes also the device-type
> (unless a company only produces one type of device and somehow even the
> name of the company can be implied).

I created issue 45.
https://github.com/anima-wg/anima-bootstrap/issues/45

>

Re: [Anima] I-D Action: draft-carpenter-anima-grasp-bulk-01.txt

2018-03-03 Thread Brian E Carpenter

This has been updated according to comments received at 
IETF100 and on the list. Mainly clarifications around the
scope of applicability and failure handling. Please review
and comment.

Regards
   Brian

On 04/03/2018 08:37, internet-dra...@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> 
> 
> Title   : Transferring Bulk Data over the GeneRic Autonomic 
> Signaling Protocol (GRASP)
> Authors : Brian Carpenter
>   Sheng Jiang
>   Bing Liu
>   Filename: draft-carpenter-anima-grasp-bulk-01.txt
>   Pages   : 11
>   Date: 2018-03-03
> 
> Abstract:
>This document describes how bulk data may be transferred between
>Autonomic Service Agents via the GeneRic Autonomic Signaling Protocol
>(GRASP).
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-carpenter-anima-grasp-bulk/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-carpenter-anima-grasp-bulk-01
> https://datatracker.ietf.org/doc/html/draft-carpenter-anima-grasp-bulk-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-carpenter-anima-grasp-bulk-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> I-D-Announce mailing list
> i-d-annou...@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] I-D Action: draft-carpenter-anima-asa-guidelines-04.txt

2018-03-03 Thread Brian E Carpenter

Hi,

This version has several updates in response to comments at IETF100:

   Added note about simple ASAs.

   Added note about NFV/SFC services.
   (Is there a good reference for NFV?)

   Improved text about threading v event loop model

   Added section about coordination with traditional tools.

   Added appendix with example logic flow.

More review and input will be very welcome. Anybody who has written
code similar to an autonomic service agent, please have a look!

Regards
   Brian Carpenter



On 04/03/2018 08:36, internet-dra...@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> 
> 
> Title   : Guidelines for Autonomic Service Agents
> Authors : Brian Carpenter
>   Laurent Ciavaglia
>   Sheng Jiang
>   Pierre Peloso
>   Filename: draft-carpenter-anima-asa-guidelines-04.txt
>   Pages   : 21
>   Date: 2018-03-03
> 
> Abstract:
>This document proposes guidelines for the design of Autonomic Service
>Agents for autonomic networks.  It is based on the Autonomic Network
>Infrastructure outlined in the ANIMA reference model, making use of
>the Autonomic Control Plane and the Generic Autonomic Signaling
>Protocol.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-carpenter-anima-asa-guidelines/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-carpenter-anima-asa-guidelines-04
> https://datatracker.ietf.org/doc/html/draft-carpenter-anima-asa-guidelines-04
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-carpenter-anima-asa-guidelines-04
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> I-D-Announce mailing list
> i-d-annou...@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] I-D Action: draft-ietf-anima-grasp-api-01.txt

2018-03-03 Thread Brian E Carpenter

Hi,

This is a minor update of the GRASP API, with editorial improvements.

We really need detailed reviews from two viewpoints:

-- the viewpoint of a C programmer
-- the viewpoint of an event-loop programmer

Regards
   Brian

On 04/03/2018 08:36, internet-dra...@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Autonomic Networking Integrated Model and 
> Approach WG of the IETF.
> 
> Title   : Generic Autonomic Signaling Protocol Application 
> Program Interface (GRASP API)
> Authors : Brian Carpenter
>   Bing Liu
>   Wendong Wang
>   Xiangyang Gong
>   Filename: draft-ietf-anima-grasp-api-01.txt
>   Pages   : 26
>   Date: 2018-03-03
> 
> Abstract:
>This document is a conceptual outline of an application programming
>interface (API) for the Generic Autonomic Signaling Protocol (GRASP).
>Such an API is needed for Autonomic Service Agents (ASA) calling the
>GRASP protocol module to exchange autonomic network messages with
>other ASAs.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-anima-grasp-api/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-anima-grasp-api-01
> https://datatracker.ietf.org/doc/html/draft-ietf-anima-grasp-api-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-grasp-api-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> I-D-Announce mailing list
> i-d-annou...@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

[Anima] I-D Action: draft-ietf-anima-grasp-api-01.txt

2018-03-03 Thread internet-drafts


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Autonomic Networking Integrated Model and 
Approach WG of the IETF.

Title   : Generic Autonomic Signaling Protocol Application 
Program Interface (GRASP API)
Authors : Brian Carpenter
  Bing Liu
  Wendong Wang
  Xiangyang Gong
Filename: draft-ietf-anima-grasp-api-01.txt
Pages   : 26
Date: 2018-03-03

Abstract:
   This document is a conceptual outline of an application programming
   interface (API) for the Generic Autonomic Signaling Protocol (GRASP).
   Such an API is needed for Autonomic Service Agents (ASA) calling the
   GRASP protocol module to exchange autonomic network messages with
   other ASAs.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-grasp-api/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-anima-grasp-api-01
https://datatracker.ietf.org/doc/html/draft-ietf-anima-grasp-api-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-grasp-api-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Re: [Anima] I-D Action: draft-carpenter-anima-grasp-bulk-01.txt

Re: [Anima] I-D Action: draft-carpenter-anima-asa-guidelines-04.txt

Re: [Anima] I-D Action: draft-ietf-anima-grasp-api-01.txt

[Anima] I-D Action: draft-ietf-anima-grasp-api-01.txt

5 matches

Site Navigation

Mail list logo

Footer information