Markdown Version | Session Recording

Session Date/Time: 25 Jul 2022 19:00

anima

Summary

The ANIMA Working Group discussed the status of several key drafts, including updates to JWS-signed vouchers, BR-SKi PRM, BR-SKi AE, GRASP-based information distribution, resource auto-deployment, constrained join proxy, and EAP-based onboarding for BR-SKi. Key decisions and discussions included a request for a "YANG doctor" review for consistency across ANIMA documents, the potential mandatory-to-implement status for stateless constrained join proxies, and the need to define a new CoAP scheme for discovery in constrained environments. Authors were encouraged to provide concrete implementation examples and engage the mailing list for further technical discussions and reviews.

Key Discussion Points

• Working Group Process & IPR: Early IPR disclosure is mandatory for WG adoption. Nine RFCs are published; implementers are encouraged to report errata. A new RFC, 9355 (ASA Guidelines), has been published.
• Draft Status (without dedicated slots):
  • draft-ietf-anima-voucher-cloud: No changes since IETF 113, ready for WG Last Call. Normative reference to an unadopted LAMPS draft is not an ANIMA blocker.
  • draft-ietf-anima-voucher-delegation: Continued interest, similar work ongoing outside IETF. Requires attention.
  • draft-ietf-anima-8366bis: Requires WG decision on progression to Internet Standard.
• draft-ietf-anima-jws-voucher:
  • Proposes JWS-signed JSON as an alternative to CMS-signed JSON (RFC 8366) for voucher artifacts, without changing the YANG model.
  • Fixed to Generalized JWS JSON Serialization to support multiple signatures and align with other formats like CBOR/COSE.
  • Version 4 added an optional type header parameter.
  • Implementers are encouraged to include implementation and interop testing details in a "to-be-removed" section for IESG review.
• draft-ietf-anima-burski-prm (BR-SKi PRM):
  • Significant updates from peer reviews, addressing 22-61 issues.
  • Added support for non-slash vouchers (e.g., for VLC channels).
  • Enhanced pledge CA certificate endpoint to receive signed CA cert responses from the Registrar.
  • Made the Registrar's proof of possession (via a second JWS signature in the voucher) mandatory, similar to TLS provisional accept.
  • Clarified SKI format and augmented the existing BR-SKi voucher request YANG model rather than redefining it.
  • A proof-of-concept (PoC) implementation is complete.
• YANG Consistency Across ANIMA Documents: Michael Richardson raised a concern about the consistent and correct use of YANG for "data at rest" across multiple ANIMA documents, requesting a comprehensive "YANG doctor" review for the entire working group's approach.
• draft-ietf-anima-burski-ae (BR-SKi AE):
  • Renamed from essence-enroll.
  • Generalizes BR-SKi by allowing alternative enrollment protocols (e.g., CMC, CMP) instead of EST.
  • Clarified the Registrar's role in delegating Registration Authority (RA) tasks to backend servers.
  • PoC implementation completed and well-received. Authors believe it's ready for WG Last Call.
• draft-ietf-anima-grasp-distribution:
  • Aimed at enhancing information distribution using GRASP.
  • Discussion on use cases, particularly automotive (kept as futuristic) and 3GPP integration (as motivation for ANIMA's potential).
  • Acknowledged missing security considerations and inconsistencies in "should/must" language.
  • Feedback requested to make the document more concrete with implementable GRASP method examples and specific application scenarios.
• draft-ietf-anima-resource-auto-deployment:
  • Proposes an autonomic negotiation mechanism for resource distribution.
  • Introduced a three-stage process: discovery, negotiation, and after-negotiation (including "secret synchronization").
  • Not a resource reservation protocol, but enables multi-round, multi-type resource negotiation.
  • No PoC implementation reported.
• draft-ietf-anima-constrained-join-proxy and draft-ietf-anima-constrained-voucher:
  • Discovery text moved from constrained-join-proxy to constrained-voucher.
  • Stateless Join Proxy Implementation: Discussed whether Join Proxies must implement both stateful and stateless modes. Security benefits of stateless (no state overload protection) and ease of implementation (for low-power devices) were noted. The Chair proposed making stateless mandatory to implement (MTI).
  • Wire Format Change: The old jpy message was removed and simplified to a small, encrypted "context" field, aligning with 6tisch minimal security onboarding (RFC 9031/9032). This is a significant change requiring WG review.
  • CoAP Discovery Scheme: Current CoAP discovery (coap://) is insufficient for the constrained join proxy which requires a jpy header. Carsten Bormann recommended creating a new, plumbing-specific CoAP scheme (e.g., jpy://) and defining its behavior within the document.
• draft-ietf-anima-eap-connect:
  • Proposes an EAP-based mechanism for BR-SKi onboarding over Wi-Fi, as an alternative to BR-SKi TEEP.
  • Uses EAP-TLS with a network identifier onboarding@eap.arpa where the server is provisionally not authenticated.
  • Leverages existing enterprise "captive portal" networks for initial untrusted IP connectivity.
  • Addresses a gap in RFC 5216 by defining unauthenticated EAP-TLS behavior.
  • A PoC implementation is expected by the next IETF.

Decisions and Action Items

• Chair: Review draft-ietf-anima-voucher-cloud and initiate WG Last Call.
• Chair: Ping authors of draft-ietf-anima-voucher-delegation and draft-ietf-anima-8366bis in two months to accelerate progress.
• Michael Richardson: Schedule a meeting to discuss ANIMA's YANG strategy with "YANG doctors" or experts.
• Stefan Fries (for jws-voucher and burski-prm):
  • Add changelog entries attributing reviewers/contributors.
  • Include information on PoC implementations and interop testing in drafts (in a "to-be-removed" section).
• Michael Richardson (for constrained-join-proxy and constrained-voucher):
  • Research and define a new CoAP scheme (e.g., jpy://) within the document to address CoAP discovery for the stateless join proxy.
  • Get back to the working group with a proposal for the scheme registration process.
• Kyung-Chul (for grasp-distribution): Provide concrete, implementable examples of GRASP method applications in the document, detailing interactions and objective exchanges for specific scenarios.
• Henrik Brockhaus (for burski-ae): Track reviewers and contributions in the document's changelog.
• Working Group Members: Engage in reviews for all active drafts, particularly those nearing WG Last Call.

Next Steps

• All Drafts: Authors to address open issues and review comments on the mailing list.
• draft-ietf-anima-jws-voucher: Further alignment with the Brewski design team, interop testing, seeking a document shepherd, working group review.
• draft-ietf-anima-burski-prm: Address 14 remaining open issues (clarifying response codes and endpoint handling), update security considerations, seeking a document shepherd. Expected to be ready for WG Last Call after these updates.
• draft-ietf-anima-burski-ae: Await Elliot's input on EST over CMC/CMP, seeking a document shepherd. Authors indicate readiness for WG Last Call pending reviews.
• draft-ietf-anima-grasp-distribution: Continue revisions, with a goal for WG Last Call by the end of the year, after incorporating concrete examples and addressing security considerations.
• draft-ietf-anima-resource-auto-deployment: Update autonomic resource management objectives and add practical scenario examples. Seek comments and contributions.
• draft-ietf-anima-constrained-join-proxy / constrained-voucher: These drafts are closely tied and will be progressed in parallel. A second WG Last Call for constrained-join-proxy is anticipated after addressing the wire format change and CoAP scheme definition.
• draft-ietf-anima-eap-connect: Further discussion on the mailing list. A PoC implementation is anticipated.