Hi, This is about the bootstrapping draft, but I will start by quoting Toerless from another thread:
On 01/11/2016 11:18, Toerless Eckert wrote: > On Mon, Oct 31, 2016 at 01:23:36PM +1300, Brian E Carpenter wrote: >>> I am confused about the reason for this discussion. It seems you are trying >>> to figure out how to minimize the impact of the insecure multicast piece of >>> GRASP, >>> but in the context of ANIMA this question would be irrelevant, because we >>> are >>> not doing any insecure GRASP in BRSKY or ACP with current draft - the use of >>> insecure GRASP was removed in those drafts before Berlin because of the >>> majority >>> of the bootstrap teams choice for DNS-SD/mDNS. >> >> Which, I have to point out, is not a consensus position; design teams >> propose, >> they don't decide. I'm waiting to see the next draft before I raise this >> issue on >> the WG list. > > Right. I guess we've now posted all drafts we can before the deadline, so > let me change this mail threads subject to get the discussion started. > > Current state: > > a) The bootstrap design team mayority did conclude that mDNS is the best > option > for discovery of bootstrap proxy by the pledge (link-local). I'll still > have > to read in more detail through the document to see how well the text > discusses > all the reasons why. To be clear, I have no objection to mDNS being mandatory to implement for BRSKI proxies and/or registrars. This will allow the BRSKI mechanism to be used in a wider context than just an Anima-conformant autonomous network (AN), because any joining node (pledge) can then discover a registrar or proxy via mDNS. However, I belive that the Anima solution will be incoherent unles GRASP mechanisms are *also* mandatory for BRSKI proxies and/or registrars. In this case it will be possible for autonomic nodes that wish to join the AN to use GRASP with no need for mDNS. If we don't do this, the Anima solution will not be complete in itself. Especially during the early formation of an AN after a cold start, this is a problem. So specifically I want bootstrapping-keyinfra to specify that - registrars and proxies MUST be disoverable by both mDNS/DNS-SD and GRASP. - pledges MUST use one of these two mechanisms There are some details to be worked out, because there are several ways to use GRASP for this purpose, but we need to get the question settled as a matter of principle first. I do believe that the security issues are very similar. Both mDNS and GRASP involve link-local multicast and its intrinsic security and privacy issues. The information that would communicated by multicast would be pretty much the same in both cases. Unfortunately I will not be in Seoul to argue this point, so it would be nice to settle it by email. Regards Brian _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
