Eric Rescorla <[email protected]> wrote: > It's the job of this group of specifications to provide a complete > security story, so it must either be here or it must be in some other > document which is normatively referenced from here and which therefore > one can read to determine if this document achieves the appropriate > security objectives. Just generally pointing in the direction of TLS is > not sufficient. You could, of course, say that TLS is not to be used at > all and you rely entirely on ACP, but the current text doesn't do that > either.
The use case for TLS is inter-domain (while the ACP is intra-domain). I.e. between two ISPs. Such a GRASP instance would be isolated from other ANIMA GRASP instances, would perhaps not be hop-by-hop. Or might be. As that use case is not well understood at all, and I think can (and SHOULD) be addressed later on, I have argued for simply not mentioning it because we don't have a story about certificates or identities or validation, etc. (I suspect that many initial uses will use pinned self-signed certificates, manually configured). Brian has argued to continue to include the reference so that we remember that use over a secured ACP is not the only use, and that we shouldn't write some complex interaction that involves many UDP/TCP port combinations that would be hard to support over TLS. Use of GRASP at an Internet Exchange (IX) might be different again, perhaps using COSE to sign GRASP multicast messages. Can anyone suggest a way to keep TLS in mind while not actually saying we know how to use it? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
