Re: [Anima] Autonomic Registry

[Michael Behringer (mbehring)]

Hi Pedro, 

Thanks for your feedback and follow-up! Appreciated! Inline...

> -Original Message-
> From: Anima [mailto:anima-boun...@ietf.org] On Behalf Of Pedro Martinez-
> Julia
> Sent: 15 November 2016 11:30
> To: anima@ietf.org
> Subject: [Anima] Autonomic Registry
> 
> Dear WG members,
> 
> According to the presentation in the NMRG session, the ANIMA model relies
> in a registry which seems to be centralized. I think it does not suit
> autonomicity as well as a distributed registry would, so different definition
> and implementation strategies can appear in the future. In order to be a
> widely accepted model, which I think would be really useful, ANImA should
> support different kinds of registries. Please let me know if you have plans to
> consider it. Thank you.

Generically, ANIMA devices get a domain certificate. Today, practically all 
certificate management solutions are centralised, with a central CA, and 
several RAs (Registration Authorities). So for now this is the working model. 
And a registrar is logically an RA in this model. Given that certificate 
interactions are infrequent, and given that this PKI model is very well 
developed, I think this is a reasonable starting point. 

We have had suggestions to look at peer to peer trust models, and I agree that 
philosophically this would be even better. However, such models are not widely 
used today. My personal opinion is that we could well support a different 
enrolment procedure, using a peer-to-peer trust model in the future; the ANIMA 
reference model is generic and modular enough. 

But my priority is to get the current solution, using standard PKI methods off 
the ground before going there. 

Do you have a concrete proposal? Would be interesting to discuss. 

Michael


> 
> Regards,
> Pedro
> 
> --
> Pedro Martinez-Julia
> Network Science and Convergence Device Technology Laboratory Network
> System Research Institute National Institute of Information and
> Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo
> 184-8795, Japan
> Email: pe...@nict.go.jp
> -
> *** Entia non sunt multiplicanda praeter necessitatem ***
> 
> ___
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Pedro Martinez-Julia]

On Tue, Nov 15, 2016 at 02:40:38AM +, Michael Behringer (mbehring) wrote:
> Hi Pedro,

Hi,

> Generically, ANIMA devices get a domain certificate. Today,
> practically all certificate management solutions are centralised, with
> a central CA, and several RAs (Registration Authorities). So for now
> this is the working model. And a registrar is logically an RA in this
> model. Given that certificate interactions are infrequent, and given
> that this PKI model is very well developed, I think this is a
> reasonable starting point.

Yes it is, but being a "model" not a "solution" I think it could
consider different schemes.

> We have had suggestions to look at peer to peer trust models, and I
> agree that philosophically this would be even better. However, such
> models are not widely used today. My personal opinion is that we could
> well support a different enrolment procedure, using a peer-to-peer
> trust model in the future; the ANIMA reference model is generic and
> modular enough. 
> 
> But my priority is to get the current solution, using standard PKI
> methods off the ground before going there. 
> 
> Do you have a concrete proposal? Would be interesting to discuss.

Not for the moment, but in my team we are working in some models that
would benefit from centralized and distributed registration procedures,
depending on the specific scenario.

For instance, disaster recovery scenarios require to establish network
systems (virtual and physical) that should be autonomic and disconnected
from any previously centralized infrastructure. This could be reflected
in the unattended deployment of drones to provide connectivity to places
where infrastructure has been broken. In this situation, both security
and interoperability should be ensured without requiring the system to
contact a centralized registry.

I hope this gives some perspective to my concerns. In summary I only
encourage the consideration of abstract mechanisms to cover any point
that can have polarized schemes (centralized vs distributed).

> Michael

Regards,
Pedro

-- 
Pedro Martinez-Julia
Network Science and Convergence Device Technology Laboratory
Network System Research Institute
National Institute of Information and Communications Technology (NICT)
4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan
Email: pe...@nict.go.jp
-
*** Entia non sunt multiplicanda praeter necessitatem ***

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Brian E Carpenter]

Pedro,

> For instance, disaster recovery scenarios require to establish network
> systems (virtual and physical) that should be autonomic and disconnected
> from any previously centralized infrastructure.

Yes, we have already understood this problem, but there's a trade-off
between this and security - you want to come up quickly, and you want
to come up securely to prevent evil-doers. (You may have read that less
than two days ago, numerous homes in Christchurch NZ were burgled during
a tsunami evacuation. Similarly, I don't think it's safe to assume that there
will be no cyber attackers in a disaster area.)

If the drone has even a slow link back to the Internet, that should be 
sufficient
for an autonomic domain to bootstrap securely. Although we expect things to
work with only one registrar per domain, that is a software function. We
can imagine that after a disaster this function will start up somewhere,
but not in its normal host. Of course, more work is needed.

Regards
   Brian Carpenter

On 15/11/2016 15:53, Pedro Martinez-Julia wrote:
> On Tue, Nov 15, 2016 at 02:40:38AM +, Michael Behringer (mbehring) wrote:
>> Hi Pedro,
> 
> Hi,
> 
>> Generically, ANIMA devices get a domain certificate. Today,
>> practically all certificate management solutions are centralised, with
>> a central CA, and several RAs (Registration Authorities). So for now
>> this is the working model. And a registrar is logically an RA in this
>> model. Given that certificate interactions are infrequent, and given
>> that this PKI model is very well developed, I think this is a
>> reasonable starting point.
> 
> Yes it is, but being a "model" not a "solution" I think it could
> consider different schemes.
> 
>> We have had suggestions to look at peer to peer trust models, and I
>> agree that philosophically this would be even better. However, such
>> models are not widely used today. My personal opinion is that we could
>> well support a different enrolment procedure, using a peer-to-peer
>> trust model in the future; the ANIMA reference model is generic and
>> modular enough. 
>>
>> But my priority is to get the current solution, using standard PKI
>> methods off the ground before going there. 
>>
>> Do you have a concrete proposal? Would be interesting to discuss.
> 
> Not for the moment, but in my team we are working in some models that
> would benefit from centralized and distributed registration procedures,
> depending on the specific scenario.
> 
> For instance, disaster recovery scenarios require to establish network
> systems (virtual and physical) that should be autonomic and disconnected
> from any previously centralized infrastructure. This could be reflected
> in the unattended deployment of drones to provide connectivity to places
> where infrastructure has been broken. In this situation, both security
> and interoperability should be ensured without requiring the system to
> contact a centralized registry.
> 
> I hope this gives some perspective to my concerns. In summary I only
> encourage the consideration of abstract mechanisms to cover any point
> that can have polarized schemes (centralized vs distributed).
> 
>> Michael
> 
> Regards,
> Pedro
> 

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Laurent Ciavaglia]

Hello,

Without the will to throw buzzwords to the list, but there are works on 
block-chain that may be relevant to consider.


Best regards, Laurent.

On 15/11/2016 03:40, Michael Behringer (mbehring) wrote:

Hi Pedro,

Thanks for your feedback and follow-up! Appreciated! Inline...


-Original Message-
From: Anima [mailto:anima-boun...@ietf.org] On Behalf Of Pedro Martinez-
Julia
Sent: 15 November 2016 11:30
To: anima@ietf.org
Subject: [Anima] Autonomic Registry

Dear WG members,

According to the presentation in the NMRG session, the ANIMA model relies
in a registry which seems to be centralized. I think it does not suit
autonomicity as well as a distributed registry would, so different definition
and implementation strategies can appear in the future. In order to be a
widely accepted model, which I think would be really useful, ANImA should
support different kinds of registries. Please let me know if you have plans to
consider it. Thank you.

Generically, ANIMA devices get a domain certificate. Today, practically all 
certificate management solutions are centralised, with a central CA, and 
several RAs (Registration Authorities). So for now this is the working model. 
And a registrar is logically an RA in this model. Given that certificate 
interactions are infrequent, and given that this PKI model is very well 
developed, I think this is a reasonable starting point.

We have had suggestions to look at peer to peer trust models, and I agree that 
philosophically this would be even better. However, such models are not widely 
used today. My personal opinion is that we could well support a different 
enrolment procedure, using a peer-to-peer trust model in the future; the ANIMA 
reference model is generic and modular enough.

But my priority is to get the current solution, using standard PKI methods off 
the ground before going there.

Do you have a concrete proposal? Would be interesting to discuss.

Michael



Regards,
Pedro

--
Pedro Martinez-Julia
Network Science and Convergence Device Technology Laboratory Network
System Research Institute National Institute of Information and
Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo
184-8795, Japan
Email: pe...@nict.go.jp
-
*** Entia non sunt multiplicanda praeter necessitatem ***

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima



--

Laurent Ciavaglia

Nokia, Bell Labs

+33 160 402 636

route de Villejust - Nozay, France

linkedin.com/in/laurent.ciavaglia

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Pedro Martinez-Julia]

On Tue, Nov 15, 2016 at 03:50:51AM +0100, Laurent Ciavaglia wrote:
> Hello,

Hi,

> Without the will to throw buzzwords to the list, but there are works on
> block-chain that may be relevant to consider.

IMHO, the block-chain mechanisms fits well with autonomic control and
management. I will try to follow such works. If you have some pointers
to those works, I mean ANIMA+block-chain, please share them. Thank you.

> Best regards, Laurent.

Regards,
Pedro

-- 
Pedro Martinez-Julia
Network Science and Convergence Device Technology Laboratory
Network System Research Institute
National Institute of Information and Communications Technology (NICT)
4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan
Email: pe...@nict.go.jp
-
*** Entia non sunt multiplicanda praeter necessitatem ***

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Pedro Martinez-Julia]

On Tue, Nov 15, 2016 at 04:23:08PM +1300, Brian E Carpenter wrote:
> Pedro,

Hi,

> > For instance, disaster recovery scenarios require to establish
> > network systems (virtual and physical) that should be autonomic and
> > disconnected from any previously centralized infrastructure.
> 
> Yes, we have already understood this problem, but there's a trade-off
> between this and security - you want to come up quickly, and you want
> to come up securely to prevent evil-doers. (You may have read that
> less than two days ago, numerous homes in Christchurch NZ were burgled
> during a tsunami evacuation. Similarly, I don't think it's safe to
> assume that there will be no cyber attackers in a disaster area.)
> 
> If the drone has even a slow link back to the Internet, that should be
> sufficient for an autonomic domain to bootstrap securely. Although we
> expect things to work with only one registrar per domain, that is a
> software function. We can imagine that after a disaster this function
> will start up somewhere, but not in its normal host. Of course, more
> work is needed.

Of course security is a big issue and its good to push it in the ANIMA
model. However, my point is that there could be different mechanisms
that can be used for the task without such link and providing the
required security level (such as the previous reference to a block-chain
based mechanism).

Domains in emergency scenarios are well structured but very dynamic, due
to the different situations they have to overcome. They can start with a
centralized registrar entity but at some point new devices would need to
form part of the domain without reaching the centralized registrar. They
can rely a distributed mechanism that allows them to interact with other
elements of the domain without reaching the registrar.

Anyway, my point is that the registrar definition within the ANIMA model
should be abstracted/generalized to support centralized, distributed, or
even mixed approaches. Would it be possible within its current scope?

> Regards
> Brian Carpenter

Regards,
Pedro

-- 
Pedro Martinez-Julia
Network Science and Convergence Device Technology Laboratory
Network System Research Institute
National Institute of Information and Communications Technology (NICT)
4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan
Email: pe...@nict.go.jp
-
*** Entia non sunt multiplicanda praeter necessitatem ***

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Autonomic Registry

[Michael Richardson]

see inline

Pedro Martinez-Julia writes:
>> To: anima@ietf.org
>> Subject: [Anima] Autonomic Registry
>>
>> Dear WG members,
>>
>> According to the presentation in the NMRG session, the ANIMA model relies
>> in a registry which seems to be centralized. I think it does not suit

You are using the word "registry", but it's a registrar.  The different in
the word is perhaps subtle, but very significant.

>> autonomicity as well as a distributed registry would, so different 
definition
>> and implementation strategies can appear in the future. In order to be a
>> widely accepted model, which I think would be really useful, ANImA should
>> support different kinds of registries. Please let me know if you have 
plans to
>> consider it. Thank you.

Michael Behringer (mbehring)  wrote:
> Generically, ANIMA devices get a domain certificate. Today, practically
> all certificate management solutions are centralised, with a central
> CA, and several RAs (Registration Authorities). So for now this is the
> working model. And a registrar is logically an RA in this model. Given
> that certificate interactions are infrequent, and given that this PKI
> model is very well developed, I think this is a reasonable starting
> point.

And, the centralized nature of current PKI implementations is an
implementation limitation, not an architectural limitation.

The architecture supports talking the nearest registrar which is functioning.
There are PKI implementation challenges with partitioning of the PKIX
SerialNumber space (which must be unique), but it's a solved problem.

--
]   Never tell me the odds! | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works| network architect  [
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[




--
Michael Richardson , Sandelman Software Works
 -= IPv6 IoT consulting =-





signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] ANIMA state machines, take two

[Michael Richardson]

{pushing send on an email in process for some days}

Brian E Carpenter  wrote:
> I like this. I have a few comments on some of your open questions:

>> Discovery: mDNS or GRASP?

> I feel very strongly that we need the ANI to be as self-contained as
> possible. Therefore, it must be possible for the ANI to create itself
> without depending on mDNS. Therefore, we must use GRASP discovery (or
> flooding, if we prefer an announcement method) for AN nodes.

I agree that enrolled AN nodes MUST use GRASP for discovery, and I think that
M_FLOOD is the way to create the neighbour table for that.

>> one discovery method for BRSKI and ACP, or several?

> Non-ANI nodes can also use BRSKI. So to say this one more time, since I
> won't be in Seoul: BRSKI proxies MUST be discoverable by both mDNS and
> GRASP.

I am warming to use of M_FLOOD for this, whereby the Join Assistant announces
itself.

>> multicast domain info?
>> packet formats

> For the discovery methods, that is already settled by mDNS and GRASP,
> isn't it? For BRSKI itself and ACP formation, the formats belong in the
> BRSKI and ACP drafts.

Agreed, I don't think that there are any open questions here.


--
Michael Richardson , Sandelman Software Works
 -= IPv6 IoT consulting =-





signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima