Eric Rescorla wrote:
>> You're right that in theory subdomains are unrealistic examples, but does
>> that
>> matter for an illustrative example?
> Why not instead use two domain names that end in .example? E.g.,
> demo.example and dem0.example
w
internet-dra...@ietf.org wrote:
> A new version of I-D, draft-richardson-lamps-rfc7030est-clarify-02.txt
> has been successfully submitted by Michael Richardson and posted to the
> IETF repository.
> Diff:
>
https://www.ietf.org/rfcdiff?url2=draft-richardson-l
and
payload response of all endpoints in to be [RFC4648] section 4 Base64
encoded DER. This format is to be used regardless of whether there
is any Content-Transfer-Encoding header, and any value in that header
is to be ignored.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT
ed to included.
I have not made an informative reference to ietf-lamps-rfc7030est-clarify yet.
I will stop now for awhile, to wait for consensus to catch up :-)
I think that this change needs a WG Consensus Call, and some discussion with
area director.
--
Michael Richardson , Sandelman Software Work
at we can't patch RFC7030.
We can drop the Content-Transfer-Encoding headers (and it seems that many
have done that anyway), but we are stuck with a base64 encoded payload for
the four end-points that 7030 describes.
We could create new end-points that are not base64 encoded, but that does not
seem
the job that I desired, with some
excess BEGIN CMS lines, and some lines not wrapped at all.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
http
ing a multipart *reply* in HTTP for
draft-ietf-anima-constrained-voucher, and I really found it hard to determine
what the MIME rules for *HTTP* were...
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
it's not an example domain.
Brian suggested the example null vs nu11.
This is not about super-cookies, etc. and it doesn't suggest any kind of
process involving the list of publicsuffixes.
I've opened issue:
https://github.com/anima-wg/anima-bootstrap/issues/131
--
Michael Richardson , Sandelman S
7030 end-points.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
t is sitting in state "reported" since 2017.
I'd like to get this unstuck.
I think that LAMPS is the place to do this, but I could be wrong.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| networ
figured
to ignore or fail requests of this form, either via run-time
configuration, or via a compile-time option. A main reason to do
this is to avoid a permutation that requires testing in the future
when no legacy EST clients are expected to connect.
--
Michael Richardson , Sand
UTH48)
better formatting for these.
The document is ready for a second WGLC.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/
fix
before monday and repost. I don't expect to make any other substantive
changes other than a few grammar typos I noticed.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
An
should solve, and for having not solved the problem that the WG
charter said was out-of-scope.
I'm curious if anyone has read Verner Vinge's Rainbow's End.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
was, and we then agreed that there were
sometimes reasons to include the the entire URL, but that less is better.
We then looked for what the term for the "hostname:port" part was, and
found 3986 and 3987.
--
] Never tell me the odds! | ipv6 mesh networks [
] M
o so."
> lower case for pledge and what is the purpose of the comma in this
> sentence?
we had a mania at some point that argued that Pledge was a proper noun.
We recovered from it.
I think that comma belongs; maybe it SHOULD be a semi-colon.
I'm happy to let the copy-editor argue
Additional standard JSON fields in this POST MAY be added, see
- .
+ . A server that
+ sees unknown fields should log them, but otherwise ignore them.
--
Michael Richardson , Sandelman Software Works
-= IPv
arer without over-engineering this, remembering that
this is a PS, not IS, and the proof will be in the running-code.
Would you prefer to used CDDL or something like that to describe it?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: P
. I suspect that the
first draft will mostly be a list of things not to do. ("Doctor it hurts when
I move my harm like this...")
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect
ong thread from concerned operators,
this move towards a secure-onboarding-by-default scares people who
are used to improvising things in an emergency.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
rg/doc/review-ietf-anima-bootstrapping-keyinfra-20-secdir-lc-huitema-2019-06-04/),
> please respond to the last two issues – random number generation and the
> missing assertion leaf.
I had not seen this second review, thank you.
I will read this on Thursday and post additional
represent some kind of change in business plans.
Would a PC vendor be interested if some Enterprise customer suddenly bought
only tablets?
The BRSKI-MASA connection does not reveal what is bought, but it does reveal
who is doing business with whom, and it may also reveal volume. This is
just tra
> You almost certainly don't want the service name to contain a leading
> underscore. That is added as part of the DNS-SD resolution process, but
> not part of the service name itself.
fixed.
>
---
> Appendix B:
>> For example, if the first
>> Multicast DNS _bootstrapks._tcp.local response doesn't work then the
>> second and third responses are tried.
> I got a little lost here. Where is the "bootstrapks" service defined?
> I don't see it defined in this document or registered at
>
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=bootstrapks
Toerless, can you help here?
I think that we renamed this.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
> I think you want to use lower case "should" here.
Agreed.
> In 5.7 (and a similar issue elsewhere):
>{ "version":"1", "Status":FALSE /* TRUE=Success, FALSE=Fail"
> This is not valid JSON, this is not even valid pseudo-JSON. Please move
> the comment:
Already fixed, please see changes at:
https://tinyurl.com/y2ex324x
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
to scroll.
I may post a -23 version with a fix for ONLY the wide JSON, so that
a diff against -24 is more understandable. I can't do that until
22nd, but perhaps I'll stage it elsewhere until then.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting
from the various DISCUSSes:
https://tinyurl.com/y2qhjwh8
This does not suffer from being very very wide.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman
6 that has been obsolete by RFC 7230 and
> companions. I do note that there are no normative reference for that
> part in this document.
Fixed to 7230.
Yes, that wasn't even a real reference, just a literal [RFC2616].
--
] Never tell me the odds! | ipv6 mesh networks [
]
e with Rifaat how we could
> potentially integrate both approaches.
I'll read this.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
r had a record of all previous ones,
going back to the original MASA issue voucher.
I had originally considered this to be the right way to do resale, but many
others thought it too complex.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.
define such an artifact in a
timely fashion, nor do I know which WG we'd do it in.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
is being sold is because the
sellor went into bankruptcy. There is no sellor Registrar to invoke this
API.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing l
, but I think they are probably acceptable given
that vouchers can be re-issued easily.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https
that this belongs at the end of 1.0, just prior to 1.1?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
trust anchor since serial numbers are not globally
unique.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
TCP, 80]
]
Figure 3: GRASP SRV.est example
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailma
y of sending MUST be such
that the aggregate amount of periodic M_FLOODs from all flooding
sources cause only negligible traffic across the ACP.
I will copy this text.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
ferences from IRI to URL, and the components from
iauthority to 'authority'.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rai
quot;ietf-mud-extens...@2018-02-14.yang"
> is, but it seems a tad generic.
I changed ietf-mud-extension to ietf-mud-brski-masaurl-extension.
> Appendix D
> [Just checking that Michael wants sandelman.ca embedded in the final
> RFC]
I don't have a problem with it. There
+ the URL to the prepared (and idempotent, therefore cachable) audit
+ response in the Location: header.
Does this fix things for you?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
tion such that it uses the
>> SubjectKeyIdentifier, if present. That can be any algorithm that the CA
>> wants to use to identify the Entity certificate. We need to have a
>> consistently calculated value if it's not present, and RFC5280 says
SHA-1.
>>
;> for the mega range that you have mentioned). That being said, I want
>> to be sure that the SID draft will not be delayed in case that draft
>> is delayed for any reason, so maybe we will need to discuss.
Michael Richardson wrote:
> I have opened a github issue against th
t; routing protocol and aliveness parameters of ACP/data-plane.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
step. Subsequent sales just extend the chain. We didn't go this
way because:
1) it mandates sales channel integration, and we think that this will be
rare at the beginning.
2) any party in the chain can issue a new sale certificate, effectively
stealing the device from the current
plicability stating the above
be useful?
>> But, that's why we have SHOULD, and the SHOULD (vs MUST) part was really
to
>> allow for some fancy HTTP/3 we know nothing about :-)
> :)
> Do we still want to say "HTTP 1.1 persistent connections" vs. "
registrar (equivalent to EST server) are:
o Client authentication is automated using Initial Device Identity
(IDevID) as per the EST certificate based client authentication.
The subject field's DN encoding MUST include the "serialNumber"
| attribute with the device's
his model supports the <4h
SLA on service repair that most vendors have, and which they support by
stocking spares in the local city, but not for a specific customer.
I see that I've answered the rest already.
The perils of all these CCs.
--
] Never tell me the odds!
a fair concern, but in and of itself is not an excuse to skip
> reasoning through the risks of the parallel workflow. How much effort
> has already been spent doing that reasoning through? For example, one
> might want to require that the pledge track which nonce belongs to the
>
an LDevID certificate) from
having vouchers issued against them.
Other cases of inappropriate voucher issuance are detected
by examination of the audit log.
--
] Never tell me the odds! | ipv6
ust-anchor
(the manufacturer's CA), then a compromise of the
manufacturer's CA would compromise both keys. Such a
compromise of the manufacturer's CA likely compromises
all keys outlined in this section.
--
Michae
e addition to the ACP applicability stating the above be
>> useful?
> Oh sure, the link-local IPv6 of the proto-ACP would be a great way to
> show locality. Please do add some text regarding the ACP
> applicability.
Added after -26.
--
] Never tell me th
s the
Registrar End-Entity Certificate, when in fact it is the Registrar's
CA certificate. As a CA certificate, it SHOULD always have the
SubjectKeyIdentifier.
We are presenting discussing whether the EE Registrar cert should get
audited.
--
Michael Richardson , Sandelman Software Works
-= I
r in August.
Awesome.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails[
--
Michael Richardson ,
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
eems a tad generic.
Renamed already.
Ben, I'm posting the -25, and then moving on back to the responses to
my responses, including Adam's concerns.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
turer's trust anchor for the first time, and then
doc> the trust anchor would be installed to the trusted store. There are
doc> risks with this; even if the key to name is validated using something
doc> like the WebPKI, there remains the possibility
> nit
onceless vouchers, then they could issue vouchers for devices which
are not yet in service. This attack may be very hard to verify and
as it would involve doing firmware updates on every device in
warehouses (a potentially ruinously expensive process), a
manufacturer might be reluctant t
was once owned by Registrar A (but sold), then there is a hole
that would permit Registrar A to ask for history. But this is legitimate,
because perhaps it wasn't actually sold, but in fact stolen, and when
they can't get the device to respond, the operator could ask if the device
LS or extend our own model
> with something like BRSKI but not BRSKI?
> While I cannot predict how the various participants in the OPC WGs will
> respond to question 3), I do know it would make collaboration a lot
> easier if the answer to 2) was yes.
I think yes
into a regular
contributor.
As he was also the document shepherd, we had a conversation with
our AD about the appropriateness of this change, and got approval.
The WG, of course, may have other opinions, as it is the WG's document,
and people should not feel shy this.
--
Michael Richardson
https://tinyurl.com/y2skc9xz
Michael Richardson wrote:
>> o The subject-alt field's encoding MAY include a non-critical
>> version of the RFC4108 defined HardwareModuleName. (from [IDevID]
>> section 7.2.9) If the IDevID is stored in a Trusted Platform
te
>> the EST TLS session using the newly obtained credentials. This
>> - occurs by the client initiating a new TLS ClientHello message
on the
>> - existing TLS connection. The client MAY simply close the old
TLS
>> - session and s
ofile of CMP, maybe
that would suit you better for these disconnected uses rather than fullcmc.
Regardless, how would one discover and signal the use of fullcmc or CMP?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
sionally, or via the /cacerts
EST method.
The pledge would contain the logic to connect, and would know what name to
use, and would know how to validate it.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
serial
console.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails[
--
Michael Richardson
e registrar performs log verifications in addition to local
>> > authorization checks before accepting optional pledge device
>> > enrollment requests.
>>
>> > Maybe give us a section reference to what the "log validations" are?
>>
&
CUSS
I have included the following text in the two places we specify TLS:
Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is
REQUIRED.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: P
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Brian E Carpenter wrote:
> On 07-Aug-19 05:24, Michael Richardson wrote:
>>
>> I read draft-ietf-anima-grasp-api from the expired drafts list.
> Right, the -03 draft expired while we were in Montreal. Our plan is to
> make the next update after the
I totally see how it gets initial configuration though.
I also see how that initial configuration can be caused to do an enrollment,
by leveraging some specific, vendor-specific, configuration command.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
De
a DC, or adjacent distillation tower in a
refiner), to use the device in my suite/cabinet/tower.
The key problem is the verb "has" needs to be made very clear.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.as
ft-ietf-netconf-keystore
is that it would provided for Registrar initiated (PUSH) updating of device
certificates, but would not provide a way for a device to initiate (PULL) to
a securely identified EST server.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signat
to be profiled.
RFC8572 uses CMS signed JSON for vouchers, and for some configuration
assertions, and while RESTCONF is an option, it's not the only option.
I have downloaded the OPC documents, and I'll skim them tomorrow.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consult
this is where i have not tried to validate),
> that MacSec should equally be able to utilize multiple keypairs,
> probably mapped by VLAN or ethertype. But the question of course is
> whether you want/can expect that MACsec MIC chips have that feature.
The people in the line behind
ent.
nits:
2.3.1.3: s/neg/negotiate/
I found the "NEG" term in GRASP confusing, because it seems like
NEGative, rather then NEGotiate. I'd prefer it was spelt out in
the API.
s/dry/dryrun/
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
Kent Watsen wrote:
> Skimming quickly, I see now the direction to go to a cloud registrar to
> be redirected to a local registrar. I feel compelled to point out that
> this is exactly what SZTP (RFC 8572) does, or at least, supports.
> Actually, as a more general statement, it
Device proves it has possession of the Device
> private key.
> That said, the KeyPair used for communication does not need to be the
> same as the KeyPair used to authenticate.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.
draft-ietf-netconf-trust-anchors) can be used
> by a controller/NMS application to configure/set/push trust-anchor
> certs used, e.g., to verify a remote server's end-entity certificate.
But, more interestingly, it can be used to update the trust anchors, to
enable a resale/transfer of ownership!
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
RSKI document has been dealing with
in its IESG review. If we can't change the trust anchors used to verify
the voucher, then how can the device be onboarded after the MASA
has gone away?
I don't understand how RFC8572 slipped through the IESG without resolving this.
--
Michael Richardson , Sandel
3 useful.
(I try never to use "X509", because the ITU left us with an unuseable
mess, and I don't think they deserve any credit)
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
__
Michael Richardson wrote:
> I hoping for some discussion about this comment that I previously
> responded to, but it probably got buried.
Actually, you did respond on July 20, in an email that I thought to re-read
after pushing send.
In it you said:
mcr> I would n
de by the
> certificate must be validated, and that the received certificate and
> chain must be retained for later validation.
Added:
The signatures in the certificate MUST be validated even if a
signing key can not (yet) be validated. The certifi
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
ssed in the
> doc. However, this is a usual safety measure we are building in all
> protocols (expect there is a good reason to do otherwise), e.g. also
> for routing protocols, because you never know for sure how future
> deployment scenarios will look like.
I have
specific quality (e.g., idempotence),
> say so explicitly.
I have removed the two occurences of "RESTful", and in the place where
we use 201-Created w/Location:, I mentioned that it is the idempotency that
is probably important.
--
] Never tell me the odds!
it has to work. And putting the onus for that
> on the original vendor does NOT seem an effective solution.
As long as vendors support blue cables, and are willing to provide firmware
updates, I don't see any change.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mich
from the
point after the voucher is validated. This process SHOULD
include server certificate verification using an on-screen
fingerprint.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
se case is the domain of TR-069. I don't know what DSL
providers do, some have service PPPoE username/password that they use.
Let other use cases write different requirements for access.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson,
a process that can be
outsourced, and that customers will insist that it is escowed. 25 years ago,
when I worked in one of the first firewall companies, dead 20 years now, I
regularly provided escrow tapes. It's almost never worth the customers'
money to use them, but I'm sure someone has used them.
-
s applied.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP
can also be
- used for matching purposes. As noted in that document this is not
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/
rsonally
> prefer a new registry, but I understand that it might be a bit more
> work in the document.
I prefer Updates: 7030.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
h networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf
Carsten Bormann wrote:
> On Jul 17, 2019, at 19:10, Michael Richardson
> wrote:
>>
>> always base64 the payloads
> Which means that the content-type headers lie. Backwards
> combyativbility [actual autocorrect result :-)] can be nasty. But
/rfcdiff?url2=draft-ietf-anima-bootstrapping-keyinfra-24
There are still two significant bits of DISCUSS that I have yet to deal with.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
Adam, Alexey,
version -28 of the document contains a CDDL definiton for the audit-log
response.
https://www.ietf.org/rfcdiff?url1=draft-ietf-anima-bootstrapping-keyinfra-27=draft-ietf-anima-bootstrapping-keyinfra-28
I hope that I'm done now!
--
Michael Richardson , Sandelman Software Works
graphs to clarify things, but
maybe we failed.
> s/described Appendix B/described in Appendix B/ (sorry, section number
> not visible from diff; maybe 40% through the diff)
fixed.
> Section 5.4 is missing an "for" in "SHOULD be used for authentication of
> the MASA".
fixed.
> s/accesptable/acceptable/
fixed.
> Figure 17 is introduced as an "abstract example", though it seems more
> of a concrete one after this diff.
fixed.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
the
> pledge is mandated to generate a strong random or pseudo-random number
> nonce." So to also say "the nonce [...] does not require a strong
> cryptographic randomness" seems to be in conflict with the former
> statement.
> Are you saying that "
ly implemented, the request method is not allowed to be changed
when reissuing the original request. For example, a POST request should be
repeated using another POST request.[29]
It seems that we should probably be answering the voucher-request POST with
ngs fit together and created no new requirements, bits-on-a-wire, or
protocols.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
Toerless, I am preparing a document on Operational Considerations for
Registrars: "Operational Considerations for BRSKI Registrar"
I was reviewing section 8.1, on ACP connect.
To allow for auto-configuration of NMS hosts, the ACP edge device and
NMS hosts using ACP connect SHOULD support
301 - 400 of 1077 matches
Mail list logo
