Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Brian E Carpenter wrote: > I definitely recommend replacing lower-case "may" in a case like > the one below. Agreed. > Perhaps: >>> , and MUST NOT be >>> enabled unless the JRC indicates support for them Changed. -- Michael Richardson

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Final comments/actions on Toerless' awesome review. The -13 is coming out soon, but we have 13 issues to resolve still. > - > Section 8) > a) First paragraph: Unvailable MASA is not a security but an >

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Comments on section 5, 6 and 7. > -- > Section 5.4 > a) See comment for section 2.4.4 for where i think the first paragraph > description should be. There isn't a 2.4.4, so I'm not really sure I understand

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09 (part 4?)

MAX: please look for your name. Toerless Eckert wrote: > Section 5) > a) Suggest changing the title to "Protocol Details (Pledge - Registrar > - MASA / CA)" > to distinguish from Section 4. Might consider also to move up section renamed. > b) MASA URI is

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

> - > Section 4. 1) > a.1) Suggest to change title to "Proxying Details (Plege - Proxy - > Registrar)" because the section does not only discuss the proxy but > also the aspects/reqirements of

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Sunday I was skiing (it didn't rain!) and this morning I was distracted by another urgent matter, so I'll get another two hours to work on this now, and then I'll post a new version of the draft before the deadline. It is unlikely that I'll get through all your suggested edits, and I still need

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

On 05/03/2018 00:04, Eliot Lear wrote: > Hi, > > I'm not Max but I hope you won't mind me commenting in three places: > > > On 02.03.18 23:59, Michael Richardson wrote: > >> Section 2.1 >>> a) The term "Request Join" is only used here, and its IMHO not very logical >>> (disclaimer: toerless:

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Hi, I'm not Max but I hope you won't mind me commenting in three places: On 02.03.18 23:59, Michael Richardson wrote: > Section 2.1 >> a) The term "Request Join" is only used here, and its IMHO not very logical >> (disclaimer: toerless: en.wikipedia.org/wiki/ESL). It sounds to me like the >>

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

I would ideally like to begin the WGLC once I've posted the revised document and then take any of your issues that I wasn't able to resolve as last call comments (open issues on tools or github). Toerless Eckert wrote: > d) > I am missing in the initial chapters a

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Max, please search for QUESTION. Toerless Eckert wrote: > 1.) Introduction > > a) The intro of 1. is somehat confusing to the uninitiated. > > Suggest the followinf replacement text for two paragraps: > > BRSKI provides a solution for secure zero-touch (automated) bootstrap of >

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

On Tue, Feb 20, 2018 at 10:00:10PM -0500, Michael Richardson wrote: > > Yes, that in the thread, where I referred to a thread back in January 2017, > in which you were involved in coming up with the names. > > >> + , and may be > >> + enabled only if the JRC indicates support for

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Toerless Eckert wrote: >> "Registrar". The term JRC is used in common with other bootstrap >> mechanisms. >> >> + (Public) Key Infrastructure: The collection of systems and processes >> + that sustain the activities of a public key system. In an

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

On Wed, Feb 21, 2018 at 02:45:12AM +, Max Pritikin (pritikin) wrote: > > The MASA is a certifier of vouchers. A voucher isn???t really a PKI construct > today. Its more of a distribution of trust-anchor or ???pinned cert??? > construct used to bootstrap a PKI because the PKI???s don???t

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Toerless Eckert wrote: > Thanks, Michael > Can't see a commit on github since 6 dyays ago, maybe in different branch ? > Comments for now therefore inline against your email. Yeah, it's on the toerless-terminology-comments branch. About to be in -11. -- Michael

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

> On Feb 20, 2018, at 7:38 PM, Toerless Eckert wrote: > > Thanks, Michael > Can't see a commit on github since 6 dyays ago, maybe in different branch ? > Comments for now therefore inline against your email. > > On Tue, Feb 20, 2018 at 07:54:40PM -0500, Michael Richardson

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Toerless Eckert wrote: > Overall: > a) Requirements about EST: > - The introduction says: "Integration with a complete EST enrollment is > optional but trivial" > - 5.8.3 says "The Pledge MUST request a new client certificate". > - 1.4 says "bootstrapped

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Max Pritikin (pritikin) wrote: >>> b) Key infrastructure >> >>> There is no definition/reference for this term. Please describe on >>> first use and in terminology. Is there a difference >>> between "key infrastructure" and "keying material" ? If

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

On Thu, Feb 15, 2018 at 05:32:30PM +, Max Pritikin (pritikin) wrote: > Certificates are a data format for encoding public keys and associated > certifications (e.g. the CA signature) etc. I think this could reasonably be > called data needed to establish a cryptographic security association.

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

> On Feb 15, 2018, at 10:14 AM, Toerless Eckert wrote: > > On Thu, Feb 15, 2018 at 04:06:33PM +, Max Pritikin (pritikin) wrote: b) Key infrastructure >>> There is no definition/reference for this term. Please describe on first use and in terminology. Is

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

On Thu, Feb 15, 2018 at 04:06:33PM +, Max Pritikin (pritikin) wrote: > >> b) Key infrastructure > > > >> There is no definition/reference for this term. Please describe on > >> first use and in terminology. Is there a difference > >> between "key infrastructure" and "keying material" ?

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

> On Feb 14, 2018, at 7:45 PM, Michael Richardson wrote: > > > Toerless Eckert wrote: >> 1.2) Terminology: > >> a) vendor vs. manufacturer. > >> The document uses 48 times "vendor" and 13 times "manufacturer". Please >> revisit this: If there is a

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Toerless Eckert wrote: > 1.2) Terminology: > a) vendor vs. manufacturer. > The document uses 48 times "vendor" and 13 times "manufacturer". Please > revisit this: If there is a clear reason when/why to use vendor and when/why > to use the term

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

Hi Toerless, thanks for this reminder about terminology in keyinfra. I have made several attempts at explaining the authors the possible misunderstandings on terminology. Let's hope your input helps. I will look at your other comments later this week. Peter b) Key infrastructure There