Re: [Anima] Logging vouchers use case

2019-02-20 Thread Toerless Eckert 
On Tue, Feb 19, 2019 at 01:45:04PM -0500, Michael Richardson wrote:
> 
> I'm not sure it matters that B is in the same trust domain as A, wrt the
> audit log.
> Maybe you meant to say:
> 
> Pledge P registers at a specific registrar B.
> 
> B examines the audit log and determines that P was previously registered
> at another registrar A.
> 
> Now B can see that there is an A in the audit log.
> 
> If A belongs to the same trust domain as B, then B would likely
> happily re-register P.

I thought this is what i said ;-)

Cheers
Toerless

> Toerless Eckert  wrote:
> > Pledge P registers at a specific registrar B. B examines the audit log 
> and
> > determines that P was previously registered at another registrar A. Now
> > B can see from theidentity of A in the audit log if A belongs to the
> > same trust domain as B. If yes, then B would likely happily re-register
> > P. Use-case: A failed and was replaced by B, or multiple registrars in
> > the trust domain. Alternative, A is not known to be in the same trust
> > domain by B, so B would refuse to register P, probably raise an
> > exception to operations. In this case, i could come up with a range of
> > use case examples what operations would do next.
> 
> > Does this help ?
> 
> > Cheers
> > Toerless
> 
> > P.S.: Experimenting if the old alias for the co-authors still work. I
> > think IETF tools keep it alife for a few years.
> 
> > On Fri, Feb 08, 2019 at 02:21:57PM -0500, M. Ranganathan wrote:
> >> Clarification on question below:
> >>
> >> On Fri, Feb 8, 2019 at 11:22 AM M. Ranganathan  
> wrote:
> >>
> >> > Hello,
> >> >
> >> > I am reading the voucher artifact RFC 8366. I am confused about how 
> the
> >> > "audit voucher" (page 6) is supposed to be used. Specifically, the 
> text
> >> > says  " The registrar mitigates a MiTM registrar by auditing that an
> >> > unknown MiTM registrar does not appear in the log entries. " How can 
> it do
> >> > this? Any concrete example that clarifies this use case would help me
> >> > understand.
> >> >
> >> >
> >> What is confusing me is the interpretation of the term "Man In The 
> Middle"
> >> (MiTM). Am I correct in assuming that this refers to previous 
> registrars
> >> where the device may have successfully registered?
> >>
> >>
> >> > I am not sure if this is the correct mailing list for this question.
> >> > Thanks in advance for your help.
> >> >
> >> > Regards,
> >> >
> >> > Ranga
> >> >
> >> > --
> >> > M. Ranganathan
> >> >
> >> >
> >>
> >> --
> >> M. Ranganathan
> 
> >> ___
> >> Anima mailing list
> >> Anima@ietf.org
> >> https://www.ietf.org/mailman/listinfo/anima
> 
> > ___
> > Anima mailing list
> > Anima@ietf.org
> > https://www.ietf.org/mailman/listinfo/anima
> 
> --
> Michael Richardson , Sandelman Software Works
>  -= IPv6 IoT consulting =-

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Logging vouchers use case

2019-02-20 Thread Toerless Eckert 
On Tue, Feb 19, 2019 at 01:09:32PM -0500, M. Ranganathan wrote:
> HI Toerless,
> 
> Yes that clarifies things and in line with the mental picture I had built
> in my mind. Perhaps it would be a good idea to clarify the document with an
> explanation like you have stated above.

Mcr at one time suggested an operational document for BRSKI. This
wouldn't even be specific to BRSKI but would equally apply to NetConf
with vouchers (i think). But in any case we'd need to createvely find a
new home for such explanations, because RFC8366 is done, and i'd in my
feeling rev'ing it right now wouldn't be the best new home for such
explanations.

Cheers
Toerless

> Thanks,
> 
> Ranga
> 
> 
> > P.S.: Experimenting if the old alias for the co-authors still work. I
> > think IETF tools keep it alife for a few years.
> >
> > On Fri, Feb 08, 2019 at 02:21:57PM -0500, M. Ranganathan wrote:
> > > Clarification on question below:
> > >
> > > On Fri, Feb 8, 2019 at 11:22 AM M. Ranganathan  wrote:
> > >
> > > > Hello,
> > > >
> > > > I am reading the voucher artifact RFC 8366. I am confused about how the
> > > > "audit voucher" (page 6) is supposed to be used. Specifically, the text
> > > > says  " The registrar mitigates a MiTM registrar by auditing that an
> > > > unknown MiTM registrar does not appear in the log entries. " How can
> > it do
> > > > this? Any concrete example that clarifies this use case would help me
> > > > understand.
> > > >
> > > >
> > > What is confusing me is the interpretation of the term "Man In The
> > Middle"
> > > (MiTM). Am I correct in assuming that this refers to previous registrars
> > > where the device may have successfully registered?
> > >
> > >
> > > > I am not sure if this is the correct mailing list for this question.
> > > > Thanks in advance for your help.
> > > >
> > > > Regards,
> > > >
> > > > Ranga
> > > >
> > > > --
> > > > M. Ranganathan
> > > >
> > > >
> > >
> > > --
> > > M. Ranganathan
> >
> > > ___
> > > Anima mailing list
> > > Anima@ietf.org
> > > https://www.ietf.org/mailman/listinfo/anima
> >
> 
> 
> -- 
> M. Ranganathan

-- 
---
t...@cs.fau.de

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima