I agree with Michael, this side discussion belongs on the list:
On 23-Aug-21 03:54, Michael Richardson wrote:
>
> {feel free to reply to the list, or tell me to}
>
> Brian E Carpenter <[email protected]> wrote:
> >> Toerless Eckert <[email protected]> wrote:
> >> > One of things i feel missing in my proposed drafts for flooded
> service
> >> > announcements is authentication. Aka:
> >>
> >> The domain LDevID certificates can be used.
>
> > I have reservations about that. Currently GRASP has no dependency on
> > BRSKI and ACP except requiring them to be there. If we add an
> authentication
> > mechanism to GRASP, it needs to be able to get its trust anchor from
> > somewhere, but I don't want to REQUIRE that to be BRSKI.
>
> > When you come down to it, the underlying requirement is only that nodes
> > receiving authenticated floods need to know (and trust) a public key
> > that belongs to the NOC. My puzzle is how to establish that trust.
> > A voice in the sky saying "I am your NOC" isn't enough.
>
> As you say, you have to require that all nodes that wish to sign have a
> keypair.
> And that all nodes that wish to verify have access to a trust anchor.
> BRSKI accomplishes this, but it's not the only way.
>
> The above three sentences might be all you need.
> Your puzzlement is not unique.
> There are few shorter methods than some kind of enrollment process.
> For some uses, maybe you can assume something built-in at manufacturing time.
> (I consider "manual" methods to be "longer")
>
> >> There is an EKU discussion here (namely, do we care).
> >>
> >> COSE can handle the rest, but it won't be transparent for flooded
> things.
> >> That is, nodes that don't understand COSE won't understand what's
> there.
>
> > Indeed, so they'd only receive unauthenticated floods. Maybe that's OK.
>
> 1) We could flood twice.
> 2) We could create a new GRASP port for authenticated things.
>
> I'm sure that we can find a way to use a detached signature.
>
> >> Maybe there are ways to deal involving detached signatures, I don't
> know yet.
> >>
> >> For the TCP things, we should be able to negotiate doing
> authentication or
> >> not.
>
> > Or the same rule applies: if you don't understand authentication, you
> can't
> > synch/negotiate objectives that require authentication. Again, maybe
> that's
> > OK.
(fwiw, a Signature option was part of GRASP's predecessor draft as
far back as draft-jiang-config-negotiation-protocol-00 in 2013, but
we removed it when the ACP concept was introduced.)
Brian
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
