Secure Device Install
draft-ietf-opsawg-sdi-13
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2020-08-28
|
13 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2020-08-23
|
13 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2020-07-06
|
13 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2020-06-25
|
13 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'Overtaken by Events' |
2020-06-25
|
13 | Tero Kivinen | Assignment of request for Last Call review by SECDIR to Sean Turner was marked no-response |
2020-06-24
|
13 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2020-06-24
|
13 | (System) | IANA Action state changed to In Progress |
2020-06-24
|
13 | (System) | RFC Editor state changed to EDIT |
2020-06-24
|
13 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2020-06-24
|
13 | (System) | Announcement was received by RFC Editor |
2020-06-24
|
13 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2020-06-24
|
13 | Amy Vezza | IESG has approved the document |
2020-06-24
|
13 | Amy Vezza | Closed "Approve" ballot |
2020-06-24
|
13 | Amy Vezza | Ballot approval text was generated |
2020-06-24
|
13 | Robert Wilton | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2020-06-24
|
13 | Roman Danyliw | [Ballot comment] Thank you for addressing my DISCUSS and COMMENT items. |
2020-06-24
|
13 | Roman Danyliw | [Ballot Position Update] Position for Roman Danyliw has been changed to No Objection from Discuss |
2020-06-24
|
13 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-13.txt |
2020-06-24
|
13 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-06-24
|
13 | Warren Kumari | Uploaded new revision |
2020-06-19
|
12 | Benjamin Kaduk | [Ballot comment] Thanks for the updates in the -12 (and -11? My notes claim I reviewed the -10, though the datatracker history says it was … [Ballot comment] Thanks for the updates in the -12 (and -11? My notes claim I reviewed the -10, though the datatracker history says it was the -11; perhaps there was some skew between when I opened the doc and balloted). They get most of the way to where I want us to be, so I'm switching to No Objection. That said, the Abstract and Introduction still feel like they're slightly overstating the confidentiality protection attainable with this mechanism: The Abstract currently says "to provide confidentiality to initial configuration during bootstrapping", but we may need to hedge that a bit more, e.g., that this is partial or limited confidentiality. Similarly, Section 1 currently says "while maintaining confidentiality of the initial configuration", and would get similar treatment. Finally, I see that you took my suggestion of using "directory service" instead of "Certificate Publication Server". It may be worth a reference for this concept -- e.g., Section 2.1 of RFC 5280 references both [X.500] and RFC 4510 as potential ways to provide directory service for obtaining certificates. |
2020-06-19
|
12 | Benjamin Kaduk | [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss |
2020-06-08
|
12 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2020-06-08
|
12 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2020-06-08
|
12 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-12.txt |
2020-06-08
|
12 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-06-08
|
12 | Warren Kumari | Uploaded new revision |
2020-05-21
|
11 | Michael Richardson | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? This document is intended as Informational. This document does not proscribe any specific protocol or mechanism, but rather outlines a general technique. The details of how to do the encryption, or how to deliver the encrypted configuration file are left to vendors to define, using some choice of available protocols. As such, it is inappropriate for this to be standards track. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document provides a guide for vendors to extend existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure for operators. Working Group Summary: The document receives a modest amount of discussion and was reviewed by a number of people who provided useful additions. Given that the document is a guide and does not specify a directly implementable protocol, it was difficult for reviewers to say very much about the protocol, as the details will be up to vendors who implement this. Document Quality: No vendors have committed to implement this protocol. The document still contains a number of editorial [] notes, some of which make the document seem very uncertain. Ignoring the notes, the document is actually quite mature. No MIB or YANG doctor was needed. Personnel: The document shepherd is Michael Richardson. The Responsible area Director is Ignas Bagdonas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The Document Shepherd first read the document during the adoption discussion, and reviewed it again end to end (version -05) during the WGLC. A review of the differences from 00 to 05 was made to understand whether the input of the WG was taken into account, it the changes seem reasonable. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document makes very soft security requirements, and has not at this point received a security review. More security review was asked for by the WG at various times, but it has not yet been received. In the review of the mailing list, there were instances of threads of comments from a few people, and it was not always clear from the interaction if the comments were acted upon. The document relies upon vendor practice to create key pairs, and for vendors to create detailed mechanisms. It is difficult to throw any rocks at this document, as there is no specific protocol to evaluate: equipment vendors will have to do a lot of work to finish things out, and the results will be vendor specific. (That's why this is not standards track) (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. The only component which is specifically mentioned is DHCP, and it does not define any new DHCP behaviour or define any new DHCP options, so a DHCP review is not necessary. Had the document suggested a specific mechanism for encryption (CMS, OpenPGP, JOSE, etc.) then a review there would be useful, but it leaves that decision to vendors. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The authors have confirmed. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG consensus is weak. The document is the result of a strong concurrence of a few individuals, most others are silent. As OPSAWG is a rather loose group of people, this is probably as strong a consensus as one will get. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. none were done, none required. (13) Have all references within this document been identified as either normative or informative? yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? Yes. The document speaks about DHCP, but does not reference any DHCP specifications. Perhaps it should. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. no. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document does not update any other document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). There are no IANA Considerations, and none are needed. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. none. (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? no YANG module. |
2020-05-21
|
11 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2020-05-21
|
11 | Magnus Westerlund | [Ballot comment] Support Ben and Roman's discusses. Even if the goal is to have a simplified solution with lesser guarantees it appears that the general … [Ballot comment] Support Ben and Roman's discusses. Even if the goal is to have a simplified solution with lesser guarantees it appears that the general architecture is so weak that it is easy to circumvent the protection it appears to apply. |
2020-05-21
|
11 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund |
2020-05-20
|
11 | Martin Duke | [Ballot comment] I support Roman’s discuss. |
2020-05-20
|
11 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2020-05-20
|
11 | Alissa Cooper | [Ballot comment] I support Benjamin's DISCUSS. Section 3.1: I'm not thrilled to see EST and SCEP suggested on equal footing, since my understanding is that … [Ballot comment] I support Benjamin's DISCUSS. Section 3.1: I'm not thrilled to see EST and SCEP suggested on equal footing, since my understanding is that the design of EST is preferable to that of SCEP and we are only publishing SCEP because it is in wide use, not because vendors who have a choice should choose it. |
2020-05-20
|
11 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2020-05-20
|
11 | Erik Kline | [Ballot comment] [[ comments ]] * Perhaps a suggestion that vendors might want to have a factory-installed option for interested customers that /only/ an … [Ballot comment] [[ comments ]] * Perhaps a suggestion that vendors might want to have a factory-installed option for interested customers that /only/ an encrypted config can be tried and no attempt to use a plaintext config will be made. * Security considerations paragraph about control of the configuration server should include a mention that the key is not required for interference if the booting device will happily fall back to loading a cleartext config. * Though less common than DHCPv4, consider acknowledging the broader (open) issue of file/TFTP server service discovery (DHCPv6, RAs plus resolution of a well-known hostname, DNSSD, ...). [[ nits ]] [ section 4.2 ] * "Publish TFTP Server" --> "Publish to TFTP Server", perhaps |
2020-05-20
|
11 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2020-05-20
|
11 | Cindy Morgan | Changed consensus to Yes from Unknown |
2020-05-20
|
11 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2020-05-20
|
11 | Benjamin Kaduk | [Ballot discuss] I support Roman's discuss. I don't think this document is sufficiently clear about the limits of the scope of what it's trying to … [Ballot discuss] I support Roman's discuss. I don't think this document is sufficiently clear about the limits of the scope of what it's trying to do. An ideal solution in this space would protect both the confidentiality of device configuration in transit and the authenticity (and authorization status) of configuration to be used by the device. This document makes no real effort to do the latter, with the device accepting any configuration file that comes its way and is encrypted to the device's key (or not encrypted, as the case may be), and with no attempt to keep the device's public key secret (which is just as well). I would expect some disucssion of this being highly desirable, but also requiring more complicated machinery (per, e.g., BRSKI and other voucher-based methods) and that this document aims to provide something much simpler, at the cost of only providing limited protection. However, even the confidentiality protection has only a limited realm of applicability, and it seems to fall apart in some plausible threat models. The security considerations rightly note that an attacker with physical access can likely extract the device private key, retrieve the encrypted configuration file, and decrypt the configuration contents. However, I don't think this possibility is necessarily limited to an attacker with physical access. An attacker on the network in the IXP/POP has several routes to getting attacker-controlled configuration on the device, whether by uploading to the configuration server, spoofing the DHCP response to point to the attacker's configuration server, rewriting traffic between the device and the configuration server, etc. Once the attacker has configuration on the device, they have a foothold by which to gain remote access and use whatever interfaces the device provides for decrypting configuration files and learning their contents (potentially even by installing a "backdoor-type" access mechanism and then running the normal install process for the legitimate encrypted configuration, and using the backdoor to return and retrieve the plaintext configuration information). While this level of attacker control taking over a device in the process of being installed is not a new attack with the encrypted configuration, it does still limit the extent to which confidentiality protection for configuration data is actually achievable, and I don't think the current document text provides an accurate description of the risk and what protection is provided. |
2020-05-20
|
11 | Benjamin Kaduk | [Ballot comment] Per the discussion in the DISCUSS section, the incremental improvement offered by this mechanism is quite limited, to the extent that I wonder … [Ballot comment] Per the discussion in the DISCUSS section, the incremental improvement offered by this mechanism is quite limited, to the extent that I wonder if it's worth putting effort into at all. Abstract The first paragraph implies that there is not currently a secure way to initially provision the device ("if there were"), but the second paragraph implies that there are such mechanisms ("extends existing"; "more secure"). Which is true? (Also, I'm reluctant to describe the procedure outlined by this document as a "secure way" to do anything; it's better to talk about the (limited) protection that is provided for the confidentiality of sensitive configuration data, as other aspects of security are unchanged by this mechanism.) Section 1 is it intended to solve all use-cases - rather it is a simple targeted solution to solve a common operational issue where the network device has been delivered, fibre laid (as appropriate) but there is no trusted member of the operator's staff to perform the initial configuration. nit: the sentence structure here doesn't seem quite right -- the comma before fibre sets us up for a list, but the "but" doesn't conclude a list. Perhaps replace the comma with "and"? Section 2 [RFC2131]). The device then contacts this configuration server to download its initial configuration, which is often identified using the devices serial number, MAC address or similar. This document nit: "device's" [RFC4122]), but this will likely make it somewhat harder for operators to use (the serial number is usually easy to find on a device, a more complex system is likely harder to track). nit: comma splice Section 2.1 discovers that it has not yet been configured. It enters its autoboot state, and begins the DHCP process. Operator_A' DHCP server nit: "Operator_A's". Section 3.1 Each devices requires a public-private key keypair, and for the nit: "device" singular. During the manufacturing stage, when the device is initially powered on, it will generate a public-private keypair. It will send its unique device identifier and the public key to the vendor's Certificate Publication Server to be published. The vendor's Certificate Publication Server should only accept certificates from side note: in an X.500 or PKIX context this would likely be known as a "directory server" rather than a "Certificate Publication Server". the manufacturing facility, and which match vendor defined policies (for example, extended key usage, extensions, etc.) Note that some devices may be constrained, and so may send the raw public key and unique device identifier to the certificate publication server, while more capable devices may generate and send self-signed certificates. Don't we need to give some guidance for integrity protecting the public key data in transit from manufacturing facility to CPS? The existing text about only the manufacturing facility being authorized to do so is helpful, but perhaps incomplete in this regard. Section 3.2 The certificate publication server contains a database of certificates. If newly manufactured devices upload certificates the certificate publication server can simply publish these; if the devices provide the raw public keys and unique device identifier, the certificate publication server will need to wrap these in a certificate. What should we say about the signing key used to sign such certificates? Should it be in anything's trust store? (No, obviously, but...) They clearly cannot be self-signed, since only the public key is sent to the CPS... I guess there also needs to be some logic in the baked-in device firmware about where to publish the self-signed certificate that it generates, which might contribute some operational fragility (but since that environment is going to be pretty controlled anyway, probably not much). Section 4.2 of the device). The operator SHOULD fetch the certificate using a secure transport (e.g., HTTPS). The operator will then encrypt the It seems like the important part of "secure" transport here is the source authenticity (and the integrity protection it depends on) -- without that the chain of custody that ties the device serial number to the device key/certificate is broken. Confidentiality protection may not be as critical (though can still provide tangible benefit). Section 4.3 process, or will repeat this process until it succeeds. When retrying, care should be taken to not overwhelm the server hosting the encrypted configuration files. It is suggested that the device (Wouldn't this apply equally to a server hosting unencrypted configuration files?) Section 5.2 technique to install the device), or the device could prefer the operators installed key. This is an implementation decision left to the vendor. nit: either "operator's installed key" or "operator-installed key". Section 5.3 Increasingly, operations is moving towards an automated model of device management, whereby portions (or the entire) configuration is nit: "portions of" Section B.1.1 No love for ECC? Section B.1.2 I expect that not all readers are familiar with the openssl '.' syntax for DN entry and it's easy to miss next to the ":". (Also, it's possible to automate the process so that you don't get prompted for all the irrelevant fields.) Section B.1.3 $ openssl req -x509 -days 36500 -key key.pem -in SN19842256.csr -out SN19842256.crt Note that RFC 5280 says: % To indicate that a certificate has no well-defined expiration date, % the notAfter SHOULD be assigned the GeneralizedTime value of % 99991231235959Z. which may be preferable to arbitrarily claiming a 100-year lifetime. Section B.2.2 CMS best practice would be AuthEnvelopedData rather than just EnvelopedData, though the openssl cli doesn't support that yet (https://github.com/openssl/openssl/pull/8024). Section B.3.2 $ openssl smime -decrypt -in SN19842256.enc -inform pkcs7\ -out config.cfg -inkey key.pem Do you need another space after the continuation line to avoid the "-inform pkcs7-out" parse error? |
2020-05-20
|
11 | Benjamin Kaduk | [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk |
2020-05-20
|
11 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2020-05-20
|
11 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-11.txt |
2020-05-20
|
11 | (System) | New version approved |
2020-05-20
|
11 | (System) | Request for posting confirmation emailed to previous authors: Colin Doyle , Warren Kumari |
2020-05-20
|
11 | Warren Kumari | Uploaded new revision |
2020-05-20
|
10 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2020-05-19
|
10 | Barry Leiba | [Ballot comment] Just a nitty load of nits nitting about: — Section 1 — Internet Exchange Points (IXP) or "carrier neutral Nit: hyphenate “carrier-neutral”, … [Ballot comment] Just a nitty load of nits nitting about: — Section 1 — Internet Exchange Points (IXP) or "carrier neutral Nit: hyphenate “carrier-neutral”, vendor proprietary) protocols to perform initial device installs Nit: hyphenate “vendor-proprietary” (or just drop “vendor”). use DHCP [RFC2131]to get an IP address Nit: add a space after the citation. security related and/or proprietary information Nit: hyphenate “security-related”. (or using an auto- install techniques which fetch an unencrypted config file Nit: remove “an”. perform the initial configuration work; this costs, time and money. Nit: remove the comma. configure the devices before shipping it; Nit: “device” (or “them”). optimized for simplicity, both for the implementor and the operator; Nit: make it “for both” (or repeat “for” before “the operator”). is it intended to solve all use-cases Nit: do not hyphenate “use cases”. Solutions such as Secure Zero Touch Provisioning (SZTP)" [RFC8572], Nit: there’s an unpaired quotation mark. — Section 2 — the devices serial number, MAC address or similar. Nit: Make it “device’s” (possessive). extends this (vendor specific) paradigm Nit: hyphenate “vendor-specific”. — Section 2.1 — When the device arrives at the POP, it gets installed in Operator_A' autoboot state, and begins the DHCP process. Operator_A' DHCP server Nit: “Operator_A’s” in both places. — Section 3.1 — Each devices requires a public-private key keypair Nit: “Each device” Nit: you don’t need “key keypair”; I suggest “key pair”. (for example, extended key usage, extensions, etc.) Nit: “for example” and “etc.” don’t go together; use one or the other. — Section 4.3 — configurations fails, the device will either abort the auto-install process, or will repeat this process until it succeeds. Nit: “configuration” (singular). Nit: remove the second “will” (or make it “either will”). — Section 5.2 — completely replace the initial device generated key Nit: hyphenate “device-generated”. operators installed key. Nit: “operator’s” (possessive). — Section 5.3 — device management, whereby portions (or the entire) configuration Nit: “portions of” — Section 7 — third-party to copy and paste it over a serial terminal. Nit: “them”, not “it” (the antecedent is plural). An attacker (e.g., a malicious datacenter employee) who has physical access to the device before it is connected to the network the attacker may be able to extract the device private key Nit: remove “the attacker”. Even when using a secure bootstrapping mechanism, security conscious operators may wish to bootstrapping devices with a minimal / less sensitive config Nit: hyphenate “security-conscious”. Nit: “bootstrap” (no “ing”). Nit: hyphenate “less-sensitive”. |
2020-05-19
|
10 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2020-05-19
|
10 | Alvaro Retana | [Ballot comment] I support Roman's DISCUSS. |
2020-05-19
|
10 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2020-05-19
|
10 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. The document is easy to read. Please also reply to Nancy's IoT directorate review … [Ballot comment] Thank you for the work put into this document. The document is easy to read. Please also reply to Nancy's IoT directorate review at: https://datatracker.ietf.org/doc/review-ietf-opsawg-sdi-10-iotdir-telechat-cam-winget-2020-05-14/ (Thank you Nancy for the review) I am also trusting my security AD peers for the security aspects. Please find below a couple on non-blocking COMMENTs. I hope that this helps to improve the document, Regards, -éric == COMMENTS == Should the "IP address" be scoped ? I.e., is it global scope or (IPv4 and IPv6) link-local only ? -- Sections 1 & 2 -- PLEASE when mentioning DHCP also refer to DHCPv6 RFC 8415 (trusting the authors to fix this before final publication). You may also explore whether IPv6 Router Advertisement / PvD could be an option. -- Section 1.1 -- This is an informational document, so, I wonder whether a reference to BCP 14 is useful. (see also Murray's comment on section 4.2) -- Section 4.2 -- Is there a reason to suggest the use of TLS to fetch the certificate? Normally a certificate is public information and is authenticated. -- Section 5.1 -- Is there a need to store the public key (and the associate cert I guess) in TPM ? |
2020-05-19
|
10 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2020-05-19
|
10 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2020-05-18
|
10 | Roman Danyliw | [Ballot discuss] ** Section 3.2. If keying material is being distributed as a certificate, do the expected behaviors of certificate process apply? For example, how … [Ballot discuss] ** Section 3.2. If keying material is being distributed as a certificate, do the expected behaviors of certificate process apply? For example, how is expiration handled? -- If a customer downloads a certificate from the publication server and it is expired, what should be done? -- If a certificate is loaded in the TPM of the device, should the client stop accepting configurations if it expires? ** Section 4.3. “After retrieving the config file, the device needs to determine if it is encrypted or not. If it is not encrypted, the existing behavior is used.” What downgrade protection is assumed or recommended here. A rogue data center employee could re-target a DHCP response to a server of choice which provides only unencrypted, tainted configuration. It would seem that a device expecting an encrypted configuration should not accepted unencrypted ones (or at least this should be a policy consideration). |
2020-05-18
|
10 | Roman Danyliw | Ballot discuss text updated for Roman Danyliw |
2020-05-18
|
10 | Roman Danyliw | [Ballot discuss] ** Section 3.2. If keying material is being distributed as a certificate, do the expected behaviors of certificate process apply? For example, how … [Ballot discuss] ** Section 3.2. If keying material is being distributed as a certificate, do the expected behaviors of certificate process apply? For example, how is expiration handled? -- If a customer downloads a certificate from the publication server and it is expired, what should be done? -- If a certificate is loaded in the TPM of the device, should the client stop accepting configurations if it expires? ** Section 4.3. “After retrieving the config file, the device needs to determine if it is encrypted or not. If it is not encrypted, the existing behavior is used.” What downgrade protection is assumed or recommended here. A rogue data center employee could re-target a DHCP response to a server of choice which provides only unencrypted, tainted configuration. It would seem that a device expecting an encrypted configuration should not accepted unencrypted ones (or at least this should be a policy consideration). |
2020-05-18
|
10 | Roman Danyliw | [Ballot comment] ** I struggled a bit to understand where this solution was applicable. For example: Abstract: “This document extends existing auto-install / Zero-Touch Provisioning … [Ballot comment] ** I struggled a bit to understand where this solution was applicable. For example: Abstract: “This document extends existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure.” Section 1: “this document layers security onto existing auto-install solutions to provide a secure method to initially configure new devices”. -- Which “auto-install” and “zero touch provision mechanisms” is this updating? -- What exact preconditions are necessary to make this “solution” (reference architecture?) applicable? Would this still be useful if the “auto-install” mechanism was encrypted? What non-DHCP configurations should be considered? Does the way the device identifier bind to the configuration matter? Because there is little specificity, it is difficult to review the security properties. ** Per the Security Considerations, what new security services does this overlay provide? ** Section 2. Per “This document extends this (vendor specific) …”, what is “vendor specific” about this approach? ** Section 4.2. Per “The operator will then encrypt the initial configuration (for example, using SMIME [RFC5751]) using the key in the certificate, and place it on their TFTP server”, is this always a TFTP server, or is this only an example – I think this is an example? ** Section 4.3. Per “Give up, go home” in the figure, is there a retry procedure? The text above states that “If it cannot decrypt the file, or if parsing the configurations fails, the device will either abort the auto-install process, or will repeat this process until it succeeds.” ** Section 7. Per “An attacker (e.g., a malicious datacenter employee)”, also a malicious shipping agent. ** Editorial -- Abstract. Editorial. I would recommend generalized wording to replace the phrase ‘smart-hands’-type support. -- Section 1. Editorial. “asking the smart-hands to …”, Recommend generalizing this reference. -- Section 1. Editorial. “not intended to be an ‘all singing, all dancing’ fully featured system”, Recommend removing this colloquialism. -- Section 3.1. Typo. s/Each devices requires/Each device requires/ -- Section 3.1. Typo. s/cryptograthic/cryptographic/ -- Section 4.3. Typo. s/dependant/dependent/ -- Section 4.3. s/retrys/retries/ |
2020-05-18
|
10 | Roman Danyliw | [Ballot Position Update] New position, Discuss, has been recorded for Roman Danyliw |
2020-05-16
|
10 | Murray Kucherawy | [Ballot comment] Bigger points first: The shepherd writeup contains this remark, which made me squint a bit: "More security review was asked for by the … [Ballot comment] Bigger points first: The shepherd writeup contains this remark, which made me squint a bit: "More security review was asked for by the WG at various [times], and it is not clear that this input will be taken into account." Why's that? This Informational document cites BCP 14, and then has a solitary SHOULD in Section 4.2. One could easily change "SHOULD fetch" to "fetches" and do away with all of that. There are several places where the prose uses two words to mean roughly the same thing (e.g., "store / cache"). I found this awkward each time I hit it. Please, in each case, pick one. Worst case, replace the slash with "or", but you'll probably find that redundant anyway. There are several places where a list or example is introduced with a hyphen (e.g., "There are two options when implementing this - a vendor could..."). Instead, it should be a new sentence, or at least a colon followed by a clause or maybe a bulleted list. And now, a lot of editorial suggestions: Section 1: * "... or using an auto install techniques which fetch ..." -- s/techniques/technique/, or remove "an" * "... or something similar, is an unacceptable ..." -- remove the comma * "... vendor to pre-configure the devices before shipping it ..." -- change either "devices" to "device", or "it" or "them" * "... configuration, etc; but these ..." -- change to "... configuration, etc. However, these ..." * "... managing installed / deployed devices ..." -- suggest just picking one Section 2: * "... newly installed / unconfigured ..." -- change to "... newly installed, unconfigured ..." * "... obtain an IP address and address of a config server ..." change to "... obtain an IP address for itself and discover the address of a configuration server ..." * "This document describes a concept ..." -- this paragraph feels like it belongs in Section 1 Section 2.1: * "... Point of Presence (POP) / datacenter." -- maybe just replace all of this with "facility"? * "... device configuration, fetches the certificate ..." -- s/,/ and/ * "... encrypted config ..." -- please use either "configuration" (preferred) or "config", but not both * "... installed in Operator_A' ..." -- missing an "s" (two instances in the third paragraph) * "... (note that all this ..." -- s/all this/all of this/ (and actually, this should be its own sentence) OLD: The device attempts to load the config file - if the config file is unparsable, (new functionality) the device tries to use its private key to decrypt the file, and, assuming it validates, installs the new configuration. NEW: The device attempts to load the configuration file. As an added step, if the configuration file cannot be parsed, the device tries to use its private key to decrypt the file and, assuming it validates, proceeds to install the new, decrypted, configuration. * "(See Security Considerations)" -- section number, please Section 3: * This section doesn't appear to me to describe a role other than "vendor". * "... the vendors roles and ..." -- s/vendors/vendor's/ Section 3.1: * Please expand "EST" on first use. Section 3.2: * "... store / cache ... uptime / reachability ..." -- as above, these really stand out to me as in need of making an editorial choice Section 4: * I don't see a role in here either other than "operator". Section 4.1: * "(likely serial number)" -- suggest "(e.g., the serial number)" Section 4.2: * "publication server, and download ..." -- remove the comma Section 5.1: * "chassis / backplane" -- another; see previous remarks * TPM could use a reference (ISO/IEC 11889?) Section 5.3: * "(e.g.: 'load replace encrypted))" -- unbalanced quoting and parentheses Section 7: * "... may wish to bootstrapping devices with ..." -- s/bootstrapping/bootstrap/ * "... minimal / less sensitive ..." -- pick one, or at least use "or" Appendix B: * s/csr/CSR/ (and probably expand it) * "Demo / proof of concept" -- pick one * "... from the command line, in production ..." -- start a new sentence * Don't use "I'm". Maybe change "I'm using S/MIME because ..." to "S/MIME is used here because ..." |
2020-05-16
|
10 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2020-05-14
|
10 | Nancy Cam-Winget | Request for Telechat review by IOTDIR Completed: Ready with Issues. Reviewer: Nancy Cam-Winget. Sent review to list. |
2020-05-12
|
10 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2020-05-11
|
10 | Warren Kumari | [Ballot comment] 'm an author... |
2020-05-11
|
10 | Warren Kumari | [Ballot Position Update] New position, Recuse, has been recorded for Warren Kumari |
2020-05-11
|
10 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-10.txt |
2020-05-11
|
10 | (System) | New version approved |
2020-05-11
|
10 | (System) | Request for posting confirmation emailed to previous authors: Warren Kumari , Colin Doyle |
2020-05-11
|
10 | Warren Kumari | Uploaded new revision |
2020-05-11
|
09 | Samita Chakrabarti | Request for Telechat review by IOTDIR is assigned to Nancy Cam-Winget |
2020-05-11
|
09 | Samita Chakrabarti | Request for Telechat review by IOTDIR is assigned to Nancy Cam-Winget |
2020-05-11
|
09 | Éric Vyncke | Requested Telechat review by IOTDIR |
2020-05-11
|
09 | Amy Vezza | Placed on agenda for telechat - 2020-05-21 |
2020-05-11
|
09 | Robert Wilton | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2020-05-11
|
09 | Robert Wilton | Ballot has been issued |
2020-05-11
|
09 | Robert Wilton | [Ballot Position Update] New position, Yes, has been recorded for Robert Wilton |
2020-05-11
|
09 | Robert Wilton | Created "Approve" ballot |
2020-05-07
|
09 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2020-05-07
|
09 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-09.txt |
2020-05-07
|
09 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-05-07
|
09 | Warren Kumari | Uploaded new revision |
2020-05-06
|
08 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2020-05-05
|
08 | Mirja Kühlewind | Request for Last Call review by TSVART Completed: Ready. Reviewer: Mirja Kühlewind. Sent review to list. |
2020-05-04
|
08 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2020-05-04
|
08 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-opsawg-sdi-08, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-opsawg-sdi-08, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2020-05-04
|
08 | Wesley Eddy | Request for Last Call review by TSVART is assigned to Mirja Kühlewind |
2020-05-04
|
08 | Wesley Eddy | Request for Last Call review by TSVART is assigned to Mirja Kühlewind |
2020-04-22
|
08 | Robert Wilton | Ballot writeup was changed |
2020-04-22
|
08 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2020-04-22
|
08 | Amy Vezza | The following Last Call announcement was sent out (ends 2020-05-06): From: The IESG To: IETF-Announce CC: mcr+ietf@sandelman.ca, opsawg@ietf.org, draft-ietf-opsawg-sdi@ietf.org, rwilton@cisco.com, opsawg-chairs@ietf.org … The following Last Call announcement was sent out (ends 2020-05-06): From: The IESG To: IETF-Announce CC: mcr+ietf@sandelman.ca, opsawg@ietf.org, draft-ietf-opsawg-sdi@ietf.org, rwilton@cisco.com, opsawg-chairs@ietf.org, Michael Richardson Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Secure Device Install) to Informational RFC The IESG has received a request from the Operations and Management Area Working Group WG (opsawg) to consider the following document: - 'Secure Device Install' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2020-05-06. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Deploying a new network device in a location where the operator has no staff of its own often requires that an employee physically travel to the location to perform the initial install and configuration, even in shared datacenters with "smart-hands" type support. In many cases, this could be avoided if there were a secure way to initially provision the device. This document extends existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure. [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication. This document is being collaborated on in Github at: https://github.com/wkumari/draft- wkumari-opsawg-sdi. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. ] [ Ed note: This document introduces concepts and serves as the basic for discussion - because of this, it is conversational, and would need to be firmed up before being published ] The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-opsawg-sdi/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-opsawg-sdi/ballot/ No IPR declarations have been submitted directly on this I-D. |
2020-04-22
|
08 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2020-04-22
|
08 | Robert Wilton | Last call was requested |
2020-04-22
|
08 | Robert Wilton | Last call announcement was generated |
2020-04-22
|
08 | Robert Wilton | Ballot approval text was generated |
2020-04-22
|
08 | Robert Wilton | Ballot writeup was generated |
2020-04-22
|
08 | Robert Wilton | IESG state changed to Last Call Requested from AD Evaluation |
2020-04-21
|
08 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-08.txt |
2020-04-21
|
08 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-04-21
|
08 | Warren Kumari | Uploaded new revision |
2020-04-16
|
07 | Robert Wilton | IESG state changed to AD Evaluation from Publication Requested |
2020-04-12
|
07 | Joe Clarke | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? This document is intended as Informational. This document does not proscribe any specific protocol or mechanism, but rather outlines a general technique. The details of how to do the encryption, or how to deliver the encrypted configuration file are left to vendors to define, using some choice of available protocols. As such, it is inappropriate for this to be standards track. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document provides a guide for vendors to extend existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure for operators. Working Group Summary: The document receives a modest amount of discussion and was reviewed by a number of people who provided useful additions. Given that the document is a guide and does not specify a directly implementable protocol, it was difficult for reviewers to say very much about the protocol, as the details will be up to vendors who implement this. Document Quality: No vendors have committed to implement this protocol. The document still contains a number of editorial [] notes, some of which make the document seem very uncertain. Ignoring the notes, the document is actually quite mature. No MIB or YANG doctor was needed. Personnel: The document shepherd is Michael Richardson. The Responsible area Director is Ignas Bagdonas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The Document Shepherd first read the document during the adoption discussion, and reviewed it again end to end (version -05) during the WGLC. A review of the differences from 00 to 05 was made to understand whether the input of the WG was taken into account, the changes seem reasonable. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document makes very soft security requirements, and has not at this point received a security review. More security review was asked for by the WG at various tims, and it is not clear that this input will be taken into account. The document relies upon vendor practice to create key pairs, and for vendors to create detailed mechanisms. It is difficult to throw any rocks at this document, as there is no specific protocol to evaluate: equipment vendors will have to do a lot of work to finish things out, and the results will be vendor specific. (That's why this is not standards track) (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. The only component which is specifically mentioned is DHCP, and it does not define any new DHCP behaviour or define any new DHCP options, so a DHCP review is not necessary. Had the document suggested a specific mechanism for encryption (CMS, OpenPGP, JOSE, etc.) then a review there would be useful, but it leaves that decision to vendors. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The authors have confirmed. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG consensus is weak. The document is the result of a strong concurrence of a few individuals, most others are silent. As OPSAWG is a rather loose group of people, this is probably as strong a consensus as one will get. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. none were done, none required. (13) Have all references within this document been identified as either normative or informative? yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? Yes. The document speaks about DHCP, but does not reference any DHCP specifications. Perhaps it should. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. no. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document does not update any other document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). There are no IANA Considerations, and none are needed. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. none. (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? no YANG module. |
2020-04-12
|
07 | Joe Clarke | Responsible AD changed to Robert Wilton |
2020-04-12
|
07 | Joe Clarke | IETF WG state changed to Submitted to IESG for Publication from WG Document |
2020-04-12
|
07 | Joe Clarke | IESG state changed to Publication Requested from I-D Exists |
2020-04-12
|
07 | Joe Clarke | IESG process started in state Publication Requested |
2020-04-12
|
07 | Joe Clarke | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2020-04-12
|
07 | Joe Clarke | This is an informational draft describing a process whereby new devices can be more securely bootstrapped than commonly existing DHCP/TFTP mechanisms that expose config in … This is an informational draft describing a process whereby new devices can be more securely bootstrapped than commonly existing DHCP/TFTP mechanisms that expose config in the clear. It is designed to address specific use cases and not be an all-encompassing solution for all bootstrapping needs. |
2020-04-12
|
07 | Joe Clarke | Intended Status changed to Informational from None |
2020-04-07
|
07 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-07.txt |
2020-04-07
|
07 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-04-07
|
07 | Warren Kumari | Uploaded new revision |
2020-04-03
|
06 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-06.txt |
2020-04-03
|
06 | (System) | New version approved |
2020-04-03
|
06 | (System) | Request for posting confirmation emailed to previous authors: Warren Kumari , Colin Doyle |
2020-04-03
|
06 | Warren Kumari | Uploaded new revision |
2020-03-17
|
05 | Joe Clarke | Shepherd has completed write-up. Some additional items were raised. Awaiting a new document revision to address, then this can move on to IESG. |
2020-03-17
|
05 | Joe Clarke | Tag Doc Shepherd Follow-up Underway cleared. |
2020-03-17
|
05 | Joe Clarke | IETF WG state changed to WG Document from WG Consensus: Waiting for Write-Up |
2020-03-06
|
05 | Michael Richardson | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? This document is intended as Informational. This document does not proscribe any specific protocol or mechanism, but rather outlines a general technique. The details of how to do the encryption, or how to deliver the encrypted configuration file are left to vendors to define, using some choice of available protocols. As such, it is inappropriate for this to be standards track. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document provides a guide for vendors to extend existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure for operators. Working Group Summary: The document receives a modest amount of discussion and was reviewed by a number of people who provided useful additions. Given that the document is a guide and does not specify a directly implementable protocol, it was difficult for reviewers to say very much about the protocol, as the details will be up to vendors who implement this. Document Quality: No vendors have committed to implement this protocol. The document still contains a number of editorial [] notes, some of which make the document seem very uncertain. Ignoring the notes, the document is actually quite mature. No MIB or YANG doctor was needed. Personnel: The document shepherd is Michael Richardson. The Responsible area Director is Ignas Bagdonas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The Document Shepherd first read the document during the adoption discussion, and reviewed it again end to end (version -05) during the WGLC. A review of the differences from 00 to 05 was made to understand whether the input of the WG was taken into account, the changes seem reasonable. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document makes very soft security requirements, and has not at this point received a security review. More security review was asked for by the WG at various tims, and it is not clear that this input will be taken into account. The document relies upon vendor practice to create key pairs, and for vendors to create detailed mechanisms. It is difficult to throw any rocks at this document, as there is no specific protocol to evaluate: equipment vendors will have to do a lot of work to finish things out, and the results will be vendor specific. (That's why this is not standards track) (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. The only component which is specifically mentioned is DHCP, and it does not define any new DHCP behaviour or define any new DHCP options, so a DHCP review is not necessary. Had the document suggested a specific mechanism for encryption (CMS, OpenPGP, JOSE, etc.) then a review there would be useful, but it leaves that decision to vendors. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The authors have confirmed. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG consensus is weak. The document is the result of a strong concurrence of a few individuals, most others are silent. As OPSAWG is a rather loose group of people, this is probably as strong a consensus as one will get. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. none were done, none required. (13) Have all references within this document been identified as either normative or informative? yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? Yes. The document speaks about DHCP, but does not reference any DHCP specifications. Perhaps it should. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. no. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document does not update any other document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). There are no IANA Considerations, and none are needed. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. none. (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? no YANG module. |
2020-03-06
|
05 | Michael Richardson | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? This document is intended as Informational. This document does not proscribe any specific protocol or mechanism, but rather outlines a general technique. The details of how to do the encryption, or how to deliver the encrypted configuration file are left to vendors to define, using some choice of available protocols. As such, it is inappropriate for this to be standards track. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document provides a guide for vendors to extend existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure for operators. Working Group Summary: The document receives a modest amount of discussion and was reviewed by a number of people who provided useful additions. Given that the document is a guide and does not specify a directly implementable protocol, it was difficult for reviewers to say very much about the protocol, as the details will be up to vendors who implement this. Document Quality: No vendors have committed to implement this protocol. The document still contains a number of editorial [] notes, some of which make the document seem very uncertain. Ignoring the notes, the document is actually quite mature. No MIB or YANG doctor was needed. Personnel: The document shepherd is Michael Richardson. The Responsible area Director is Ignas Bagdonas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The Document Shepherd first read the document during the adoption discussion, and reviewed it again end to end (version -05) during the WGLC. A review of the differences from 00 to 05 was made to understand whether the input of the WG was taken into account, it the changes seem reasonable. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document makes very soft security requirements, and has not at this point received a security review. More security review was asked for by the WG at various tims, and it is not clear that this input will be taken into account. The document relies upon vendor practice to create key pairs, and for vendors to create detailed mechanisms. It is difficult to throw any rocks at this document, as there is no specific protocol to evaluate: equipment vendors will have to do a lot of work to finish things out, and the results will be vendor specific. (That's why this is not standards track) (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. The only component which is specifically mentioned is DHCP, and it does not define any new DHCP behaviour or define any new DHCP options, so a DHCP review is not necessary. Had the document suggested a specific mechanism for encryption (CMS, OpenPGP, JOSE, etc.) then a review there would be useful, but it leaves that decision to vendors. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The authors have confirmed. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG consensus is weak. The document is the result of a strong concurrence of a few individuals, most others are silent. As OPSAWG is a rather loose group of people, this is probably as strong a consensus as one will get. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. none were done, none required. (13) Have all references within this document been identified as either normative or informative? yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? Yes. The document speaks about DHCP, but does not reference any DHCP specifications. Perhaps it should. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. no. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document does not update any other document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). There are no IANA Considerations, and none are needed. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc. none. (20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342? no YANG module. |
2020-03-06
|
05 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-05.txt |
2020-03-06
|
05 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-03-06
|
05 | Warren Kumari | Uploaded new revision |
2020-03-04
|
04 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-04.txt |
2020-03-04
|
04 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-03-04
|
04 | Warren Kumari | Uploaded new revision |
2020-02-21
|
03 | Joe Clarke | Notification list changed to Michael Richardson <mcr+ietf@sandelman.ca> |
2020-02-21
|
03 | Joe Clarke | |
2020-02-21
|
03 | Joe Clarke | WGLC has concluded with some WG and a GenArt review. Some comments have been addressed already, but others are pending. The authors need to submit … WGLC has concluded with some WG and a GenArt review. Some comments have been addressed already, but others are pending. The authors need to submit a new revision. Michael Richardson has agreed to act as shepherd for this document. |
2020-02-21
|
03 | Joe Clarke | Tags Revised I-D Needed - Issue raised by WGLC, Doc Shepherd Follow-up Underway set. |
2020-02-21
|
03 | Joe Clarke | IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document |
2020-02-18
|
03 | Mehmet Ersue | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Mehmet Ersue. Sent review to list. |
2020-02-18
|
03 | Francis Dupont | Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Francis Dupont. |
2020-02-11
|
03 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-03.txt |
2020-02-11
|
03 | (System) | New version accepted (logged-in submitter: Warren Kumari) |
2020-02-11
|
03 | Warren Kumari | Uploaded new revision |
2020-02-10
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mehmet Ersue |
2020-02-10
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mehmet Ersue |
2020-02-06
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Francis Dupont |
2020-02-06
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Francis Dupont |
2020-02-06
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sean Turner |
2020-02-06
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sean Turner |
2020-02-04
|
02 | Joe Clarke | Requested Last Call review by OPSDIR |
2020-02-04
|
02 | Joe Clarke | Requested Last Call review by GENART |
2020-02-04
|
02 | Joe Clarke | Requested Last Call review by SECDIR |
2020-02-01
|
02 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-02.txt |
2020-02-01
|
02 | (System) | New version approved |
2020-02-01
|
02 | (System) | Request for posting confirmation emailed to previous authors: Warren Kumari , Colin Doyle |
2020-02-01
|
02 | Warren Kumari | Uploaded new revision |
2020-01-17
|
01 | Colin Doyle | New version available: draft-ietf-opsawg-sdi-01.txt |
2020-01-17
|
01 | (System) | New version approved |
2020-01-17
|
01 | (System) | Request for posting confirmation emailed to previous authors: Warren Kumari , Colin Doyle |
2020-01-17
|
01 | Colin Doyle | Uploaded new revision |
2019-08-06
|
00 | Tianran Zhou | This document now replaces draft-wkumari-opsawg-sdi instead of None |
2019-07-22
|
00 | Warren Kumari | New version available: draft-ietf-opsawg-sdi-00.txt |
2019-07-22
|
00 | (System) | WG -00 approved |
2019-07-22
|
00 | Warren Kumari | Set submitter to "Warren Kumari ", replaces to (none) and sent approval email to group chairs: opsawg-chairs@ietf.org |
2019-07-22
|
00 | Warren Kumari | Uploaded new revision |