Hi Michael,
Thanks for the updates. It looks like one instance of the reference to
'draft-ietf-tls-rfc4492bis-17' as shown in the text below still is
present in the rev -28, where the related text should be removed also.
I also think the voucher request format is generic and could store any
public key type! It's up to the specific protocol like BRSKI, cBRSKI or
others, or profiles of these protocols, to define what ciphersuites are
to be supported in the (D)TLS connections. So the crypto details should
be removed also here and left to the specific protocol using vouchers/VRs.
leaf proximity-registrar-pubk {
type binary;
description
"The proximity-registrar-pubk replaces
the proximity-registrar-cert in constrained uses of
the voucher-request.
The proximity-registrar-pubk is the
Raw Public Key of the Registrar. This field is encoded
as specified in RFC7250, section 3.
The ECDSA algorithm MUST be supported.
The EdDSA algorithm as specified in
draft-ietf-tls-rfc4492bis-17 SHOULD be supported.
Support for the DSA algorithm is not recommended.
Support for the RSA algorithm is a MAY, but due to
size is discouraged.";
regards
Esko
On 3/16/26 01:11, Michael Richardson wrote:
[email protected] wrote:
> Internet-Draft draft-ietf-anima-rfc8366bis-28.txt is now available. It
is a
> work item of the Autonomic Networking Integrated Model and Approach
(ANIMA) WG
> of the IETF.
> Title: A Voucher Artifact for Bootstrapping Protocols
> Name: draft-ietf-anima-rfc8366bis-28.txt
> A diff from the previous version is available at:
>https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-rfc8366bis-28
This version deals with the AD review comments from Mahesh.
They are all complete, and I don't think there was anything particularly
controversial that the WG needed to be consulted on. Of course, read the
diff and disagree. (Or send text)
If you want to see how I dealt with each comment, then one could start at:
https://github.com/anima-wg/voucher/issues/116
Each sub-issue deals with a type of comment, such as:
https://github.com/anima-wg/voucher/issues/116?issue=anima-wg%7Cvoucher%7C119
Where you can see a comment like:
mcr added a commit that references this issue 3 days ago
remove redundant word -grouping from names of groupings. close #119
with a link to,
e.g.,https://github.com/anima-wg/voucher/commit/ac84b245a12107a7271a984926075e3100444ac6
In the process of dealing with references from the YANG modules that did not
lead anywhere, I wound up removing some BCP14 language about supported
algorithms. Seehttps://github.com/anima-wg/voucher/issues/125
and alsohttps://github.com/anima-wg/constrained-voucher/issues/346
This is not just about for (D)TLS itself, but in effect also supported
algorithms for the IDevID and registrar server certificate.
--
Michael Richardson<[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________
Anima mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]
