JUst my 2 cents:
The code for stateless and stateful is really small.
No need to worry about code memory requirements when saying that both
modes MUST be supported by join-proxy.
Once both modes are supported the dynamic choice becomes possibel.
Peter
Michael Richardson schreef op 2022-06-14
we need to also do a fix in B.
Cheers
Toerless
On Thu, Jun 09, 2022 at 04:59:19PM +0200, Peter van der Stok wrote: Hi
Rob,
We will need more time for the document.
Toerless may send more info on the subject.
Thanks for your interest,
Greetings,
Peter
Rob Wilton (rwilton) schreef op 2022-0
should ensure that all ADs are
reviewing the latest version.
Alternatively, if you find out, say on Thursday, that you think that
you will need more time, then please let me know and I can push it back
to the next telechat (probably in 3 weeks time).
Thanks,
Rob
From: Peter van der Stok
u choose
to do so.
Thanks,
Rob
From: Peter van der Stok
Sent: 06 April 2022 08:38
To: Peter van der Stok
Cc: last-c...@ietf.org; ops-...@ietf.org;
draft-ietf-anima-constrained-join-proxy@ietf.org; anima@ietf.org
Subject: Re: [Anima] Opsdir last call review of
draft-ietf-anima-constrained-
Hi Rich,
many thanks for the useful suggestions.
Below my reactions.
Most of your suggestions have been taken over.
Greetings,
Peter
Rich Salz via Datatracker schreef op 2022-05-18 19:44:
Reviewer: Rich Salz
Review result: Ready with Nits
A block diagram that show the participants and the p
Best,
Spencer
Regards
Esko
From: Anima On Behalf Of Peter van der Stok
Sent: Tuesday, May 17, 2022 10:22
To: Spencer Dawkins
Cc: tsv-...@ietf.org; anima@ietf.org;
draft-ietf-anima-constrained-join-proxy@ietf.org;
last-c...@ietf.org
Subject: Re: [Anima] Tsvart last call review of
dr
Hi Spencer,
thanks for your kind words.
Indeed the answer is no. (at least for the coming 20 years).
Greetings and thanks,
Peter
Spencer Dawkins via Datatracker schreef op 2022-05-17 01:09:
Reviewer: Spencer Dawkins
Review result: Ready
This document has been reviewed as part of the transp
Changed accordingly.
Also objective value is used instead of objective name.
Peter
Michael Richardson schreef op 2022-04-29 18:07:
Brian E Carpenter wrote:
On 26-Apr-22 19:02, Peter van der Stok wrote:
HI,
To add to the discussion, below the text that I adapted for Graps
discovery
in
Dear reviewers,
Can you verify that the recently published version 10 of the
constrained-join-proxy draft correctly addresses your reviews as
discussed on the mailing list?
many thanks,
greetings,
Peter
Peter van der Stok schreef op 2022-04-14 09:28:
This version 10 includes the results
HI,
To add to the discussion, below the text that I adapted for Graps
discovery in contrsined-join-proxy draft.
Comments are welcome, Corrections are encouraged.
Peter
__
6.1. Join Proxy discovers Registrar
In
Model
and Approach WG of the IETF.
Title : Constrained Join Proxy for Bootstrapping Protocols
Authors : Michael Richardson
Peter van der Stok
Panos Kampanakis
Filename: draft-ietf-anima-constrained-join-proxy-10.txt
Pages : 24
Date: 2022-04-14
Hi Michael,
I liked the reference to RFC6550 because it shows that other RFCs
provide the same modes; and it was argued to standardize only one mode.
Peter
Michael Richardson schreef op 2022-04-11 20:04:
The document defines a mechanism to assign a Device (Pledge) to a
(anima) domain, repre
Hi Ines,
Many thanks for your review.
Please see inline comments below.
Greetings,
Peter
Reviewer: Ines Robles
Review result: On the Right Track
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG
HI Malisa,
thanks for the review.
Toerless having reacted to the first pargraph, I will react to the last
part.
Plese, see below.
Peter
Mališa Vučinić via Datatracker schreef op 2022-04-08 15:23:
Reviewer: Mališa Vučinić
Review result: Has Issues
I have reviewed this document as part of
Reactions inline...
On Tue, Apr 05, 2022 at 10:05:16AM +0200, Peter van der Stok wrote:
Hi Jurgen,
Thanks for the review. I sympathize with your confusion issues. Many
times I
shared the same confusion on other IETF documents that I thought
relevant
for my work. IETF documents are not encouraged t
Hi Jurgen,
Thanks for the review. I sympathize with your confusion issues. Many
times I shared the same confusion on other IETF documents that I thought
relevant for my work. IETF documents are not encouraged to rephrase
parts of other RFCs or provide large operational HOWTO considerations.
item of the Autonomic Networking Integrated Model
and Approach WG of the IETF.
Title : Constrained Join Proxy for Bootstrapping Protocols
Authors : Michael Richardson
Peter van der Stok
Panos Kampanakis
Filename: draft-ietf-anima-constrained-join-proxy-07.txt
Pages
Hi Rob,
thanks for the review and the encouragements.
Below my reactions on your points.
When you agree with the proposed changes, and nobody else complains, I
will submit the new I-D at the end of this week.
Greetings,
Peter
Rob Wilton (rwilton) schreef op 2022-03-18 15:44:
Hi,
This is
Peter van der Stok
Panos Kampanakis
Filename: draft-ietf-anima-constrained-join-proxy-06.txt
Pages : 21
Date: 2021-12-03
Abstract:
This document defines a protocol to securely assign a Pledge to a
domain
:
For later discovery of Join Proxy and Registrar server to Join Proxy,
using DNS-SD or mdns the service names are allocated in section x.x
section x.x
Service Name: BRSKI-JP
Transport Protocol(s): UDP
Assignee: Peter van der Stok
Contact: Peter van der Stok
Description: service name of Join
HI all,
All the suggestions by Michael and Esko have been introduced into the
document stored in github.
I think that this concludes the WGLC, unless I forgot some items.
Once they agree, a new vesrion -06 will be submitted to anima.
many thanks for their input,
Greetings,
Peter
Esko Dijk
ssage-
From: Michael Richardson
Sent: Wednesday, November 24, 2021 18:49
To: Esko Dijk ; c...@ietf.org
Cc: Sheng Jiang ; anima@ietf.org; Peter van der
Stok
Subject: Re: [Anima] checking on advancing
draft-ietf-anima-constrained-join-proxy / 'rt' naming
Esko Dijk wrote:
I checked the new
HI Russ,
Many thanks again for the review.
I think all issues have been handled in the text now stored in the
anima-wg github:
https://github.com/anima-wg/constrained-join-proxy.
Clicking on "Review by Russ Housley" [1]will show the diff.
Many thanks,
Peter
Peter van der Stok
HI Russ,
thanks for the comments.
Below some partial reactions.
Peter
Russ Housley via Datatracker schreef op 2021-11-01 19:51:
Reviewer: Russ Housley
Review result: On the Right Track
I reviewed this document as part of the IoT Directorate's effort to
IoT-related IETF documents being proces
DATUM:
2021-10-18 14:12
AFZENDER:
internet-dra...@ietf.org
ONTVANGER:
"Michael Richardson" , "Panos Kampanakis"
, "Peter van der Stok"
A new version of I-D, draft-ietf-anima-constrai
why not ask a security review from iot directorate directly by anima WG?
Peter
Michael Richardson schreef op 2021-10-13 21:32:
Brian E Carpenter wrote:
Esko,
Also, the document has had little review from the WG so far I could
see.
True. Maybe we should also ask for an early review by th
HI Esko,
thanks for this review.
Glad to read that you think it is moving in the rigth direction.
A new version is available on github.
reactions below.
cheerio,
Peter
Esko Dijk schreef op 2021-10-11 12:08:
Dear WG, authors, Sheng,
Below my review comments for the draft. Based on this it lo
HI Brian,
thanks,
autonomous -> autonomic it is now.
cheerio,
Peter
Brian E Carpenter schreef op 2021-10-03 06:01:
Hi,
I've looked at this from the GRASP point of view and it all seems fine.
It's perhaps worth noting that GRASP DULL discovery is quite
independent
of both CoAP and DTLS. As
Just to be clear:
In our case that means 22 bytes: 80 14 <20 keyid bytes>
Peter
Esko Dijk schreef op 2021-09-08 13:31:
FYI I just added an interpretation #3 to the Github issue which seems
to be the right one!
Per RFC 5280, any X.509 certificate extension is encoded in an OCTET
STRING named "e
What about?
PRVR = Pledge-Registrar Voucher Request
RMVR = Registrar-Masa Voucher Request
Peter
Michael Richardson schreef op 2021-08-19 20:48:
https://github.com/anima-wg/constrained-voucher/pull/148
In our design team meeting today, the terms parboiled and raw were
disliked.
We considered
Hi Michael,
see below
Michael Richardson schreef op 2021-08-19 22:49:
Esko Dijk wrote:
So my point was that the draft could mention this implementation
aspect; preferably a DTLS client on the Pledge should use this; see
the
motivation in https://datatracker.ietf.org/doc/html/rfc7925#section
rk without those MTU constraints.
A pointer to RFC7925 section 15 may be sufficient for this. (I'd rather
not bet on the fact that all implementers will already know RFC 7925
and RFC 6066 ... if anyone disagrees let me know.)
Regards
Esko
From: Peter van der Stok
Sent: Monday, August 9,
To remove confusion, Pledge is used throughout the document.
Peter
Michael Richardson schreef op 2021-06-23 22:15:
Esko Dijk wrote:
Figure 3: "EST client" -> this should be the Pledge. Which does BRSKI
bootstrap first, and then EST. Naming it only "EST client" sounds too
narrow.
Hmm.
It de
Hi Esko,
I see your point but do not share it , I believe.
In my case, coap block is used and multiple DTLS records are sent over
by the Join-Proxy without hiccups.
The same problem comes up for communication between Registrar and MASA
using https, but again mutiple DTLS messages can be trans
HI Esko.
thanks again for the review.
My apologies for the late reaction, but many thinks happened around
BRSKI, retaining my atention.
See below for the reactions.
Peter
Esko Dijk schreef op 2021-06-23 09:48:
Hi Peter / all,
This is the final part 2 of my review of
draft-ietf-anima-const
Fully agree
peter
Michael Richardson schreef op 2021-07-27 04:15:
In the hackathon work a Registrar implementor noticed an x5bag on the
BRSKI-EST link (Pledge->Registrar)
I think that the DTLS Client Certificate (and chain) is always better.
But, I guess we should say something about why the R
To be quite honest:
A section describing certificate requirements (grouping them all) is
necessary for constrained voucher and BRSKI RFC.
Suggestion: a new document?
Peter
Michael Richardson schreef op 2021-07-27 04:18:
Esko Dijk wrote:
If the EKU is present, it will restrict the allowed u
Hi,
To add my few words,
I am a proponent to explicitly state that the payload is a voucher and
its signature production.
Actually, my code decides what routines to invoke on the basis of that
information.
Peter
Carsten Bormann schreef op 2021-07-22 10:39:
On 2021-07-22, at 10:23, Esko Dij
Is there a way to use Olaf's "coap-client" to do the ping?
I don't see an option, and it also doesn't seem to be commonly built
with DTLS.
No, I have a three lines of code for doing a ping, from pledge; not from
coap_client
Peter
Michael Richardson schreef op 2021-07-21 21:36:
Esko Dijk w
Sorry,
took some time to see this one.
attached the code; the order in which certificates are parsed into
cacert is important.
This is extract of setting up; All statements are needed.
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTL
Quite happy to discuss interop
Peter van der Stok
consulta...@vanderstok.org
BlueMail voor Android downloaden
Op 30 jun. 2021 18:02, om 18:02, Esko Dijk
schreef:
>Hi all,
>
>Let's meet tomorrow and see who is there and what we can discuss. In
>particular, the followin
HI Esko,
many thanks for the review.
Below some reactions.
Esko Dijk schreef op 2021-03-24 10:22:
Hello,
I'm doing a review of draft-ietf-anima-constrained-join-proxy-02; below
part 1 of my review comments. The remainder will follow soon hopefully.
Note that I did not make or work with an imp
f.org
ONTVANGER:
"Michael Richardson" , "Panos Kampanakis"
, "Peter van der Stok"
A new version of I-D, draft-ietf-anima-constrained-join-proxy-02.txt
has been successfully submitted by Peter van der Stok and posted to the
IETF reposit
Hi Esko,
thanks for your comments; they constitute a first step to interoperability.
1.1) yes, the SID delta numbering is a stupid mistake and repaired.
1.2) the former remarks about the certificates have been incorporated in the
used certificates
1.3) the expired and created times differ by
Hi Esko,
thanks,
several oversights from me, especially forgetting the delta encoding for
SID is difficult to explain.
Once everythings is repaired, I will issue a new version with updated
examples.
Peter
Esko Dijk schreef op 2020-12-04 15:33:
Hi Peter,
Here my feedback as result of revi
1.txt
DATUM:
2020-12-02 09:14
AFZENDER:
internet-dra...@ietf.org
ONTVANGER:
"Panos Kampanakis" , "Michael Richardson"
, "Peter van der Stok"
A new version of I-D, draft-anima-con
Yes, why not.
For the moment, in the invisible version 1, two content-formats are
transported:
1) application cbor describing the header of the JPY message
2) application cbor, a cbor byte string containing the DTLS
This clearly sits between two approaches.
1) replace with application/cbor for
Hi Esko,
thanks for the comments.
In the text of version 1 of the WG join-proxy draft (to be published,
once version 0 is approved by the chairs), the approach to stateless jp
is with an additional port. No parsing is needed. Indeed that was a
mistake.
The additional port does not need not need I
:12
To: 'peter van der Stok' ; Michael Richardson
; Panos Kampanakis (pkampana
Cc: anima@ietf.org
Subject: Feedback on constrained-voucher example certificates (in Github / -09 )
Hello Peter,
I did my review of the new example certificates in Github. Below my feedback. Because ex
Hi Esko,
many thanks,
This week I will react. Many of the recommendations look quite viable.
Peter
Esko Dijk schreef op 2020-11-17 11:12:
Hello Peter,
I did my review of the new example certificates in Github. Below my feedback. Because examples are used in the constrained-voucher draft
Dear all,
After a long silence, I want to manifest my interest in both documents:
- constrained-voucher that extends and completes [ace]est-coaps to cover
all non-est brski cases using coap,
- contrained-join-proxy that standardizes the stateless proxy using coap
and coap discovery.
The first do
:
"Michael Richardson" , "Panos Kampanakis"
, "Peter van der Stok"
A new version of I-D,
draft-vanderstok-anima-constrained-join-proxy-02.txt
has been successfully submitted by Peter van der Stok and posted to the
IETF repository.
Name:draft-van
-03-10 13:53
AFZENDER:
internet-dra...@ietf.org
ONTVANGER:
"Michael Richardson" , "Panos Kampanakis"
, "Peter van der Stok"
A new version of I-D,
draft-vanderstok-anima-constrained-join-proxy-01.txt
h
Hi toerless and Sheng,
Can I do a short contribution about constrained voucher and constrained
join-proxy.
The first is an anima wg draft. The 2nd was asked to be.
new versions wil be submitted before the submission cutoff
Greetings,
peter
Fries, Steffen schreef op 2019-02-18 15:22:
> Hi Sheng
HI Michael,
"Also, I still am unclear if the constrained-BRSKI belongs in the
constrained-voucher document. I would sure like some clear opinions."
I like to react but do not understand the question.
What is constrained-BRSKI?
Is the proposal to split the constrained voucher document into two
do
draft-vanderstok-anima-constrained-join-proxy-00.txt
DATUM:
2018-10-18 11:48
AFZENDER:
internet-dra...@ietf.org
ONTVANGER:
"Michael Richardson" , "Panos Kampanakis"
, "Pe
motivate the coap discovery.
And indeed copying IP addresses is not my best side.
Greetings,
Peter
Brian E Carpenter schreef op 2018-10-05 21:41:
> Peter,
> On 2018-10-05 20:24, Peter van der Stok wrote:
>
>> Hi Brian.
>>
>> The answer consists of a selection of tex
e from the on-line Internet-Drafts
>> directories.
>>
>> Title : Constrained Join Proxy for Bootstrapping Protocols
>> Authors : Michael Richardson
>> Peter van der Stok
>> Panos Kampanakis
>> Filename: draft-vanderstok-cons
Hi all,
The numbering of the SIDs in our case should be as stable as possible
after publication as RFC.
A permanent assignment of the numbers, like the content-format numbers,
would be very much appreciated.
Using the same already allocated numbers for other RFCs would be quite
disastrous.
Mainte
Hi anima WG chairs,
I should like to have 10-15 mins to present
draft-ietf-anima-constrained-voucher-01.
to discuss:
- the content formats
- relation with other drafts.
- open points
thanks,
peter
Sheng Jiang schreef op 2018-06-23 14:59:
> Hi, all anima,
>
> We have been allocated a session of
constrained-voucher(-request) seems reasonable to me
Peter
Max Pritikin (pritikin) schreef op 2018-06-01 17:29:
> what is wrong with going simple: "constrained voucher request" ?
>
> - max
>
> On Jun 1, 2018, at 9:10 AM, Michael Richardson wrote:
>
> Michael Richardson wrote: Also, a relate
sorry, ambiguous answer.
No! The path components are immutable.
Peter
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
There are a couple of questions that I would put here that I think
guides
things.
* Is there any expectation that the path components would ever change
for
some implementation or are they always going to be the same? Would a
request voucher always be posted to /rv or could an implementatio
Hi Jim,
thanks for the encouragement.
Jim Schaad schreef op 2018-04-27 23:24:
A fast review of the document, but I have no problems with having it
adopted.
* In section 1 para #4 you appear to have a formatting error where a
list
was supposed to exist.
You mean that a list of omitted sectio
Hi Toerless,
thanks for this reminder about terminology in keyinfra.
I have made several attempts at explaining the authors the possible
misunderstandings on terminology.
Let's hope your input helps.
I will look at your other comments later this week.
Peter
b) Key infrastructure
There is
+1
Peter
Eliot Lear schreef op 2017-12-18 20:23:
Absolutely!
On 18.12.17 20:01, Brian E Carpenter wrote:
I just noticed that draft-ietf-anima-bootstrapping-keyinfra
has Intended status: Informational.
Surely it should be Standards Track?
Regards
Brian
__
Hi keyinfra authors,
Glad to see that so much progress has been made since the last version.
I had problems with understanding some pieces of text. See below.
In the terminology section, the “Join proxy” is introduced. The term is
almost never used but the term “circuit proxy” is used. However
Hi Kent,
Thanks for your work,
Peter
Kent Watsen schreef op 2017-08-21 17:53:
Hi Peter,
Thanks, I think we've reached closure.
Please review the diffs to the latest.
https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-voucher-05
Thanks again,
Kent
--
Hi Kent,
Can a discussion section
Hi Kent,
Can a discussion section about "manufacturer additions" be
added. Pointing out the consequences for interoperability
when using "Augment" to add manufacturer specifics can be
helpful.
I'm confused, which section does this comment regard?
It refers to the document as a whole and espe
Can a discussion section about "manufacturer additions" be
added. Pointing out the consequences for interoperability
when using "Augment" to add manufacturer specifics can be
helpful.
I'm confused, which section does this comment regard?
It refers to the document as a whole and especially se
Hi all,
I read this document, and find it well written and understandable.
I do have some remarks about the content and several editing remarks.
Content remarks:
section 6, leaf prior-signed-voucher, at the end:
The MASA SHOULD remove all "prior-signed-voucher".
I would encourage a "MUST" inste
4) >application/voucherrequest The request is a "YANG-defined JSON<
Is it reasonable that this is "format=pkcs7" (the default), and that
we will grow/migrate via format=jwt or format=cwt?
What does "grow" mean?
Peter
___
Anima mailing list
Datum: 2017-06-12 12:35
Afzender: internet-dra...@ietf.org
Ontvanger: "Panos Kampanakis" , "Sandeep S. Kumar"
, "Sandeep Kumar" , "Peter Van der
Stok" , "Peter van der Stok"
, "Martin Furuhed"
, "Shahid Raza"
A new vers
Hi Max,
Thanks for joining the meeting today and voicing your concerns. To
help we’ll push the 06 version of the doc to give you a better
reference for generating feedback.
- max
I'm looking forward to that version. I did like the lay-out of -06pre.
Can you make sure that all terminology is
Hi Max,
thanks for the examples.
During IETF98, I was the one to speak up in favour of #pkcs7;
One reason only: It is transported by EST that is used by BRSKI.
All the code is already present.
Doing JWS/COSE or JWT/CWT needs additional code.
I am sensitive to the payload size argument though.
Bu
Hi Max,
excellent idea. I looked at the present version, and there is still a
lot of text.
Where in the text do you want to reduce more? What is the end-objective?
And will this become the final document, or is it a study that will be
used later for editing the final document?
Peter
Max Pri
Join Router is wrong. It forwards messages not packets. Maybe its next
name should be Join Middlebox, but I'm happy with Join Proxy.
Yes it forwards the message, and IP-in-IP routes the packets.
I prefer router because it makes it clear that the end to end transport
is unbroken from pledge t
Hi Joel,
There are many scenarios with low power devices that depend on their
application area.
Life for homenet devices is very different from life of devices in a
well structured lighting installation.
In the latter case, the devices will follow one industry standard to
provide interoperabil
Or to put it another way: I'm thinking about the light controller, not
the
lightblubs.
1) the concept of a 'lightblub' is very appealing.
2) on balance, I think I agree with Michael slightly more than
with Toerless. Even though this use case is strictly outside the
Anima charter, I think we'
79 matches
Mail list logo
