Benjamin Kaduk via Datatracker <> wrote:
    > Section 13.2

    > I think CDDL needs to be a normative reference, as does RFC 7231.  RFC
    > 2473 is listed but not referenced in the text, as are RFC 2663, RFC
    > 7217, and RFC 7575.

CDDL->RFC8610, now normative. (Glad that got published)
RFC2473 removed, we no longer attempt to document a stateless IPIP proxy

RFC2663 (NAT terminology) reference was for Join Proxy, and I've restored
a reference in section 4.

RFC7217 was thought to be relevant to Pledge use of SLAAC, but actually it's
not, removed.

You are right that we don't reference RFC7575, which is the architecture of
ANIMA.  I have added a sentence to the Intro, referencing RFC7575's
goal of "secure by default"

    > Appendix B

    doc>    Discovery of registrar MAY also be performed with DNS-based service
    doc> discovery by searching for the service "_brski-
    doc>".  In this case the domain "" is
    doc> discovered as described in [RFC6763] section 11 (Appendix A.2 suggests
    doc> the use of DHCP parameters).

    > I'd suggest using "<domain>" per 6763 rather than "".


    doc>    If no local proxy or registrar service is located using the GRASP
    doc> mechanisms or the above mentioned DNS-based Service Discovery methods
    doc> the pledge MAY contact a well known manufacturer provided bootstrapping
    doc> server by performing a DNS lookup using a well known URI such as
    doc> "".  The details of the URI are
    doc> manufacturer specific.  Manufacturers that leverage this method on the
    doc> pledge are responsible for providing the registrar service.  Also see
    doc> Section 2.7.

    > It seems like there are some security considerations for device owners
    > that may wish to prevent such registrars from being used.  Do we need
    > to direct them to run a firewall or similar?

If they are doing ANIMA ACP bootstrapping, then there would ideally be no
IPv4 available, and so this won't work anyway.
I'd rather not get into too much of this here.

    > Appendix C

    > I don't know how important file "ietf-mud-extens...@2018-02-14.yang"
    > is, but it seems a tad generic.

Renamed already.

Ben, I'm posting the -25, and then moving on back to the responses to
my responses, including Adam's concerns.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

Anima mailing list

Reply via email to