Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Benjamin Kaduk wrote: >> Are you asking for a forward reference to 10.2? I will add this. >> I think that section 10.2 is pretty clear about this. >> I don't think it's mentioned just in passing. > It looks like the main coverage here is: > o the identity of the device

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

https://tinyurl.com/y2skc9xz Benjamin Kaduk wrote: >> We did not resort to a YANG data model for the auditlog responses, so I spent >> a few minutes mystified by your complaint... then: >> We referenced 7951 (YANG->JSON), but we should have just referenced RFC7159 (JSON)! >

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

https://tinyurl.com/y2skc9xz Michael Richardson wrote: >> o The subject-alt field's encoding MAY include a non-critical >> version of the RFC4108 defined HardwareModuleName. (from [IDevID] >> section 7.2.9) If the IDevID is stored in a Trusted Platform >> Module (TPM), then

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Apparently I only have one comment buried inline. We must be making progress :) On Tue, Aug 13, 2019 at 05:07:46PM -0400, Michael Richardson wrote: > > Benjamin Kaduk wrote: > doc> The authentication of the BRSKI-MASA connection does not affect the > doc> voucher-request process, as

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

On Mon, Aug 12, 2019 at 04:23:54PM -0400, Michael Richardson wrote: > > Benjamin Kaduk via Datatracker wrote: > > Section 13.2 > > > I think CDDL needs to be a normative reference, as does RFC 7231. RFC > > 2473 is listed but not referenced in the text, as are RFC 2663, RFC > >

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

On Mon, Aug 12, 2019 at 03:30:13PM -0400, Michael Richardson wrote: > > WG: there is a chunk of Security Considerations text here that I hope > many will read. > > > Benjamin Kaduk via Datatracker wrote: > > Section 11.4 > > > It is not entirely clear to me whether device

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

On Wed, Aug 14, 2019 at 10:05:13AM -0400, Michael Richardson wrote: > > Benjamin Kaduk wrote: > >> domainID: The domain IDentity is a unique hash based upon a > >> Registrar's certificate. If the certificate includes the > >> SubjectKeyIdentifier (Section 4.2.1.2 [RFC5280]), then

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

On Mon, Aug 12, 2019 at 03:05:44PM -0400, Michael Richardson wrote: > > https://tinyurl.com/yylruorn contains a diff against -24. > > Benjamin Kaduk via Datatracker wrote: > > Section 5.8.1 > > doc>A log data file is returned consisting of all log entries > associated > doc>

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Benjamin Kaduk wrote: >> domainID: The domain IDentity is a unique hash based upon a >> Registrar's certificate. If the certificate includes the >> SubjectKeyIdentifier (Section 4.2.1.2 [RFC5280]), then it is to be >> used as the domainID. If not, then the 160-bit SHA-1 hash