Hi, While thinking about what we need in an ANIMA ecosystem, and about how we might marry ANIMA with more traditional techniques like NETCONF/YANG (as indicated in RFC8368), I remembered one suggestion that I think came from Toerless: is there a way for an ASA to use a secure "clear channel" across the ACP? But of course if we do that, many of the features of GRASP would be lost (discovery, session management).
So here's a possible solution. Allow an ASA to use GRASP discovery etc. to set up a secure session with another ASA, but then instead of using GRASP negotiation or synchronization messages, simply take over the session and use simple send/receive primitives for whatever it wants. No sooner thought than done. I added one optional parameter to grasp.req_negotiate() to indicate this mode, and two new functions grasp.send() and grasp.recv(), and GRASP became a secure session layer. The code is really too new for me to commit to GitHub, but it's a very convincing proof of concept. Regards Brian Carpenter _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
