Re: [Anima] SecDir review of draft-ietf-anima-grasp-09

> > Personal opinion: encryption should be a MUST. > > I believe that we will have situations where we have a secured ACP into a NOC > (to an edge router or VM hypervisor), and then we will have some unencrypted, > but secured links to platforms in transition. > > It will be easy to add the

[Anima] GRASP vs ASA negotiation (was Re: concerns about selection of session-id in GRASP messages)

Please excuse time-warp mail: trying to hit zero inbox... [so you'd better not reply! :-)] I think that my point below is not contradicted by any text, I just wanted to close the loop on this thread. At least close it in my mind. Brian E Carpenter wrote: >> 2)

[Anima] CRLs in iDevID manufacturer signing certs?

Hi, What is the thinking on including CRL pointer in the manufacturer signing cert? This question came up in industry discussions. Eliot signature.asc Description: OpenPGP digital signature ___ Anima mailing list Anima@ietf.org

Re: [Anima] SecDir review of draft-ietf-anima-grasp-09

Brian E Carpenter wrote: >> Both here and in 3.5.2.1: Why is encryption SHOULD, and not MUST? >> Looking ahead to 3.5.2.1, how could it be considered safe to use a >> network configuration protocol across administrative boundaries >> without

Re: [Anima] CRLs in iDevID manufacturer signing certs?

My view is that, if the IDevID has a CRL/OCSP URL listed, then the validator SHOULD do the checking. If the vendor didn't actually want revocation checking done, then the vendor should've excluded such information from their IDevID certs. FWIW, 802.1AR takes a much neutral stance in Section

Re: [Anima] CRLs in iDevID manufacturer signing certs?

Hi Elliot, > What is the thinking on including CRL pointer in the manufacturer > signing cert? This question came up in industry discussions. 802.1AR says that the IDevID secrets must be stored confidentially and be not available outside the module. In practice, a crypto processor with

Re: [Anima] CRLs in iDevID manufacturer signing certs?

Thanks, Kent. Then it seems to me that we have a MAY floating around for CRL checking on the part of the registrar for BRSKI. Right? Eliot On 3/9/17 7:25 PM, Kent Watsen wrote: > Hi Elliot, > > >> What is the thinking on including CRL pointer in the manufacturer >> signing cert? This

Re: [Anima] SecDir review of draft-ietf-anima-grasp-09

On 10/03/2017 05:53, Barry Leiba wrote: >> > Personal opinion: encryption should be a MUST. >> >> I believe that we will have situations where we have a secured ACP into a NOC >> (to an edge router or VM hypervisor), and then we will have some unencrypted, >> but secured links to platforms in

Re: [Anima] SecDir review of draft-ietf-anima-grasp-09

>> This brings up a common rant that I have: >> We should be putting into our protocol specs what we want the protocol >> to be, not some compromise that comes from knowing that not everyone >> will comply with everything from the start. >> >> If the right thing is to say "MUST encrypt", but we

Re: [Anima] I-D Action: draft-ietf-anima-prefix-management-03.txt

Hi, We have made a few small updates to make the text more precise. We believe this should be ready for WG Last Call as Informational. Regards Brian + co-authors On 10/03/2017 15:54, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts >

[Anima] I-D Action: draft-ietf-anima-grasp-10.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Autonomic Networking Integrated Model and Approach of the IETF. Title : A Generic Autonomic Signaling Protocol (GRASP) Authors : Carsten Bormann