Re: [Anima] Autonomic Registry
Hi Pedro, Thanks for your feedback and follow-up! Appreciated! Inline... > -Original Message- > From: Anima [mailto:anima-boun...@ietf.org] On Behalf Of Pedro Martinez- > Julia > Sent: 15 November 2016 11:30 > To: anima@ietf.org > Subject: [Anima] Autonomic Registry > > Dear WG members, > > According to the presentation in the NMRG session, the ANIMA model relies > in a registry which seems to be centralized. I think it does not suit > autonomicity as well as a distributed registry would, so different definition > and implementation strategies can appear in the future. In order to be a > widely accepted model, which I think would be really useful, ANImA should > support different kinds of registries. Please let me know if you have plans to > consider it. Thank you. Generically, ANIMA devices get a domain certificate. Today, practically all certificate management solutions are centralised, with a central CA, and several RAs (Registration Authorities). So for now this is the working model. And a registrar is logically an RA in this model. Given that certificate interactions are infrequent, and given that this PKI model is very well developed, I think this is a reasonable starting point. We have had suggestions to look at peer to peer trust models, and I agree that philosophically this would be even better. However, such models are not widely used today. My personal opinion is that we could well support a different enrolment procedure, using a peer-to-peer trust model in the future; the ANIMA reference model is generic and modular enough. But my priority is to get the current solution, using standard PKI methods off the ground before going there. Do you have a concrete proposal? Would be interesting to discuss. Michael > > Regards, > Pedro > > -- > Pedro Martinez-Julia > Network Science and Convergence Device Technology Laboratory Network > System Research Institute National Institute of Information and > Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo > 184-8795, Japan > Email: pe...@nict.go.jp > - > *** Entia non sunt multiplicanda praeter necessitatem *** > > ___ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
On Tue, Nov 15, 2016 at 02:40:38AM +, Michael Behringer (mbehring) wrote: > Hi Pedro, Hi, > Generically, ANIMA devices get a domain certificate. Today, > practically all certificate management solutions are centralised, with > a central CA, and several RAs (Registration Authorities). So for now > this is the working model. And a registrar is logically an RA in this > model. Given that certificate interactions are infrequent, and given > that this PKI model is very well developed, I think this is a > reasonable starting point. Yes it is, but being a "model" not a "solution" I think it could consider different schemes. > We have had suggestions to look at peer to peer trust models, and I > agree that philosophically this would be even better. However, such > models are not widely used today. My personal opinion is that we could > well support a different enrolment procedure, using a peer-to-peer > trust model in the future; the ANIMA reference model is generic and > modular enough. > > But my priority is to get the current solution, using standard PKI > methods off the ground before going there. > > Do you have a concrete proposal? Would be interesting to discuss. Not for the moment, but in my team we are working in some models that would benefit from centralized and distributed registration procedures, depending on the specific scenario. For instance, disaster recovery scenarios require to establish network systems (virtual and physical) that should be autonomic and disconnected from any previously centralized infrastructure. This could be reflected in the unattended deployment of drones to provide connectivity to places where infrastructure has been broken. In this situation, both security and interoperability should be ensured without requiring the system to contact a centralized registry. I hope this gives some perspective to my concerns. In summary I only encourage the consideration of abstract mechanisms to cover any point that can have polarized schemes (centralized vs distributed). > Michael Regards, Pedro -- Pedro Martinez-Julia Network Science and Convergence Device Technology Laboratory Network System Research Institute National Institute of Information and Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan Email: pe...@nict.go.jp - *** Entia non sunt multiplicanda praeter necessitatem *** ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
Pedro, > For instance, disaster recovery scenarios require to establish network > systems (virtual and physical) that should be autonomic and disconnected > from any previously centralized infrastructure. Yes, we have already understood this problem, but there's a trade-off between this and security - you want to come up quickly, and you want to come up securely to prevent evil-doers. (You may have read that less than two days ago, numerous homes in Christchurch NZ were burgled during a tsunami evacuation. Similarly, I don't think it's safe to assume that there will be no cyber attackers in a disaster area.) If the drone has even a slow link back to the Internet, that should be sufficient for an autonomic domain to bootstrap securely. Although we expect things to work with only one registrar per domain, that is a software function. We can imagine that after a disaster this function will start up somewhere, but not in its normal host. Of course, more work is needed. Regards Brian Carpenter On 15/11/2016 15:53, Pedro Martinez-Julia wrote: > On Tue, Nov 15, 2016 at 02:40:38AM +, Michael Behringer (mbehring) wrote: >> Hi Pedro, > > Hi, > >> Generically, ANIMA devices get a domain certificate. Today, >> practically all certificate management solutions are centralised, with >> a central CA, and several RAs (Registration Authorities). So for now >> this is the working model. And a registrar is logically an RA in this >> model. Given that certificate interactions are infrequent, and given >> that this PKI model is very well developed, I think this is a >> reasonable starting point. > > Yes it is, but being a "model" not a "solution" I think it could > consider different schemes. > >> We have had suggestions to look at peer to peer trust models, and I >> agree that philosophically this would be even better. However, such >> models are not widely used today. My personal opinion is that we could >> well support a different enrolment procedure, using a peer-to-peer >> trust model in the future; the ANIMA reference model is generic and >> modular enough. >> >> But my priority is to get the current solution, using standard PKI >> methods off the ground before going there. >> >> Do you have a concrete proposal? Would be interesting to discuss. > > Not for the moment, but in my team we are working in some models that > would benefit from centralized and distributed registration procedures, > depending on the specific scenario. > > For instance, disaster recovery scenarios require to establish network > systems (virtual and physical) that should be autonomic and disconnected > from any previously centralized infrastructure. This could be reflected > in the unattended deployment of drones to provide connectivity to places > where infrastructure has been broken. In this situation, both security > and interoperability should be ensured without requiring the system to > contact a centralized registry. > > I hope this gives some perspective to my concerns. In summary I only > encourage the consideration of abstract mechanisms to cover any point > that can have polarized schemes (centralized vs distributed). > >> Michael > > Regards, > Pedro > ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
Hello, Without the will to throw buzzwords to the list, but there are works on block-chain that may be relevant to consider. Best regards, Laurent. On 15/11/2016 03:40, Michael Behringer (mbehring) wrote: Hi Pedro, Thanks for your feedback and follow-up! Appreciated! Inline... -Original Message- From: Anima [mailto:anima-boun...@ietf.org] On Behalf Of Pedro Martinez- Julia Sent: 15 November 2016 11:30 To: anima@ietf.org Subject: [Anima] Autonomic Registry Dear WG members, According to the presentation in the NMRG session, the ANIMA model relies in a registry which seems to be centralized. I think it does not suit autonomicity as well as a distributed registry would, so different definition and implementation strategies can appear in the future. In order to be a widely accepted model, which I think would be really useful, ANImA should support different kinds of registries. Please let me know if you have plans to consider it. Thank you. Generically, ANIMA devices get a domain certificate. Today, practically all certificate management solutions are centralised, with a central CA, and several RAs (Registration Authorities). So for now this is the working model. And a registrar is logically an RA in this model. Given that certificate interactions are infrequent, and given that this PKI model is very well developed, I think this is a reasonable starting point. We have had suggestions to look at peer to peer trust models, and I agree that philosophically this would be even better. However, such models are not widely used today. My personal opinion is that we could well support a different enrolment procedure, using a peer-to-peer trust model in the future; the ANIMA reference model is generic and modular enough. But my priority is to get the current solution, using standard PKI methods off the ground before going there. Do you have a concrete proposal? Would be interesting to discuss. Michael Regards, Pedro -- Pedro Martinez-Julia Network Science and Convergence Device Technology Laboratory Network System Research Institute National Institute of Information and Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan Email: pe...@nict.go.jp - *** Entia non sunt multiplicanda praeter necessitatem *** ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima -- Laurent Ciavaglia Nokia, Bell Labs +33 160 402 636 route de Villejust - Nozay, France linkedin.com/in/laurent.ciavaglia ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
On Tue, Nov 15, 2016 at 03:50:51AM +0100, Laurent Ciavaglia wrote: > Hello, Hi, > Without the will to throw buzzwords to the list, but there are works on > block-chain that may be relevant to consider. IMHO, the block-chain mechanisms fits well with autonomic control and management. I will try to follow such works. If you have some pointers to those works, I mean ANIMA+block-chain, please share them. Thank you. > Best regards, Laurent. Regards, Pedro -- Pedro Martinez-Julia Network Science and Convergence Device Technology Laboratory Network System Research Institute National Institute of Information and Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan Email: pe...@nict.go.jp - *** Entia non sunt multiplicanda praeter necessitatem *** ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
On Tue, Nov 15, 2016 at 04:23:08PM +1300, Brian E Carpenter wrote: > Pedro, Hi, > > For instance, disaster recovery scenarios require to establish > > network systems (virtual and physical) that should be autonomic and > > disconnected from any previously centralized infrastructure. > > Yes, we have already understood this problem, but there's a trade-off > between this and security - you want to come up quickly, and you want > to come up securely to prevent evil-doers. (You may have read that > less than two days ago, numerous homes in Christchurch NZ were burgled > during a tsunami evacuation. Similarly, I don't think it's safe to > assume that there will be no cyber attackers in a disaster area.) > > If the drone has even a slow link back to the Internet, that should be > sufficient for an autonomic domain to bootstrap securely. Although we > expect things to work with only one registrar per domain, that is a > software function. We can imagine that after a disaster this function > will start up somewhere, but not in its normal host. Of course, more > work is needed. Of course security is a big issue and its good to push it in the ANIMA model. However, my point is that there could be different mechanisms that can be used for the task without such link and providing the required security level (such as the previous reference to a block-chain based mechanism). Domains in emergency scenarios are well structured but very dynamic, due to the different situations they have to overcome. They can start with a centralized registrar entity but at some point new devices would need to form part of the domain without reaching the centralized registrar. They can rely a distributed mechanism that allows them to interact with other elements of the domain without reaching the registrar. Anyway, my point is that the registrar definition within the ANIMA model should be abstracted/generalized to support centralized, distributed, or even mixed approaches. Would it be possible within its current scope? > Regards > Brian Carpenter Regards, Pedro -- Pedro Martinez-Julia Network Science and Convergence Device Technology Laboratory Network System Research Institute National Institute of Information and Communications Technology (NICT) 4-2-1, Nukui-Kitamachi, Koganei, Tokyo 184-8795, Japan Email: pe...@nict.go.jp - *** Entia non sunt multiplicanda praeter necessitatem *** ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] Autonomic Registry
see inline Pedro Martinez-Julia writes: >> To: anima@ietf.org >> Subject: [Anima] Autonomic Registry >> >> Dear WG members, >> >> According to the presentation in the NMRG session, the ANIMA model relies >> in a registry which seems to be centralized. I think it does not suit You are using the word "registry", but it's a registrar. The different in the word is perhaps subtle, but very significant. >> autonomicity as well as a distributed registry would, so different definition >> and implementation strategies can appear in the future. In order to be a >> widely accepted model, which I think would be really useful, ANImA should >> support different kinds of registries. Please let me know if you have plans to >> consider it. Thank you. Michael Behringer (mbehring)wrote: > Generically, ANIMA devices get a domain certificate. Today, practically > all certificate management solutions are centralised, with a central > CA, and several RAs (Registration Authorities). So for now this is the > working model. And a registrar is logically an RA in this model. Given > that certificate interactions are infrequent, and given that this PKI > model is very well developed, I think this is a reasonable starting > point. And, the centralized nature of current PKI implementations is an implementation limitation, not an architectural limitation. The architecture supports talking the nearest registrar which is functioning. There are PKI implementation challenges with partitioning of the PKIX SerialNumber space (which must be unique), but it's a solved problem. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
Re: [Anima] ANIMA state machines, take two
{pushing send on an email in process for some days} Brian E Carpenterwrote: > I like this. I have a few comments on some of your open questions: >> Discovery: mDNS or GRASP? > I feel very strongly that we need the ANI to be as self-contained as > possible. Therefore, it must be possible for the ANI to create itself > without depending on mDNS. Therefore, we must use GRASP discovery (or > flooding, if we prefer an announcement method) for AN nodes. I agree that enrolled AN nodes MUST use GRASP for discovery, and I think that M_FLOOD is the way to create the neighbour table for that. >> one discovery method for BRSKI and ACP, or several? > Non-ANI nodes can also use BRSKI. So to say this one more time, since I > won't be in Seoul: BRSKI proxies MUST be discoverable by both mDNS and > GRASP. I am warming to use of M_FLOOD for this, whereby the Join Assistant announces itself. >> multicast domain info? >> packet formats > For the discovery methods, that is already settled by mDNS and GRASP, > isn't it? For BRSKI itself and ACP formation, the formats belong in the > BRSKI and ACP drafts. Agreed, I don't think that there are any open questions here. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature ___ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima