# IETF113 ANIMA WG Meeting Notes **IETF113 is the first ever hybrid IETF. Please familiarize yourself with the new&changed procedures for participating in-person or remote: https://www.ietf.org/how/meetings/113/preparation/** Master on https://codimd.ietf.org/notes-ietf-113-anima Friday, March 25th,Afternoon session I, 12:30 UTC+01 - 14:30 UTC+1 Note taker: Hendrick Brockhaus + collaborative ## 00 Chair-Slides Time: 10 minutes Presenter: Toerless Eckert Notes about status of documents, asa-guidelines is in AUTH48 for 45 days (and not, 48 days yet... which was a joke) Voucher delegation - low priority vs. the other working group drafts <Sheng Jiang> draft-ietf-anima-voucher-delegation expired last December Toerless motivates participants providing reviews and becoming shepherd of a draft All ANIMA documants should have a github entry ## 01 Status update Constrained Voucher and Hackathon Presenter: Michael Richardson Time: 10 minutes Draft: https://datatracker.ietf.org/doc/draft-ietf-anima-constrained-voucher-16 (was -14 at IETF112) Michael presented the changes since IETF 112 Interop tests are ongoing. Further people are welcome to join. Setting up the IETF Hackathon VPN (MicroTik) boxes to use for link-local/L2 discovery protocol tests. An early registration of 'TBD3' would be appreciated. Michael askes for WGLC or further reviews (Esko) agrees with WGLC even though some minor updates, for the examples, from the hackathon will pop up (Jiang) asked for a document shepherd ## 02 Status update on JWS voucher Presenter: Thomas Werner Time: 5 minutes Draft: https://datatracker.ietf.org/doc/draft-ietf-anima-jws-voucher/03/ (was -01 at IETF112) Thomas presented the change to JWS JSON serialization Next steps are aliging with the BRSKI Design Team and post results to the email list ## ~12:58 03 Status update on BRSKI-PRM Presenter(s): Steffen Fries Time: 10 minutes Draft: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/02/ (was -00 at IETF112) Steffen provided an update on BRSKI-PRM (PRM = pledge in responder mode) and presented the changes since IETF 112 based on the github issues and the change history The updated draft offers multiple signatures on the voucher response by the registrar to provide proof-of-posession. There are no open issues right now. Security recommendations need to be updated. Steffen askes for reviews. Reviews wanted! ## ~13:08 04 Status update on BRSKI-AE Presenter(s): David von Oheimb Time: 10 minutes Draft: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-async-enroll/05/ (was -04 at IETF112) David presented the current status of BRSKI-AE (surrently AE = Asynchronous Enrollment). Since the document was splitted last year, he proposes to rename to BRSKI-AE (AE = Alternative Enrollment) to better reflect the scope of the draft. The draft offers chosing enrollment protocolls using self-contained signed objects to also support further use cases as described in the Appendix of the draft. (Toerless) asks to also have the message flow in the draft as the information is very helpfull Mcr: unfortunately only in greyscale Toerless: authors pls. ping us when its time. <MichaelRichardson> the tool chain allows for *black* and *white* only, not even greyscale, AFAIK. But, the proceedings have the slides, and we can refer to the proceedings from the document as an informational reference. <cabo> For an example for a picture, see HTML or PDF for RFC 9100 (a formula there). <cabo> You can always hatch :-) <MichaelRichardson> My understanding is that the RPC will reject dithering. <cabo> Dithering maybe, hatching? See RFC 7996 <Sheng Jiang> we can find a way to transfer the figure into white and black David requested the change of the file name. (Toerless) please submit the next version using the new file name and the WG chairs will approve it - submit with link to old file name, so data-tracker will correctly link it! As next step, the Section on using the Lightweight CMP Profile will need to be detailed a little further. It also needs to be decided if EST with /fullcmc should be further detailed Any reviews or interop testings are welcome ## ~13:21 05 RFC8366bis Presenter: Michael Richardson Time: 15 minutes Drafts: https://datatracker.ietf.org/doc/draft-ietf-anima-rfc8366bis/00/ (was https://datatracker.ietf.org/doc/draft-richardson-anima-rfc8366bis/00 at IETF112) Reminder of original problem: The way how the YANG model was specified was non-extensible. BRSKI-AE (and likely other future docs will want to expand the module. Now we figured out how to rewrite the YANG module in a backward compatible fashion (no change to bits on wire) that will be extensible. And it outsources the work to IANA. Thats prime goal of the -bis. Kent Watson: differences of new encoding target: yang data: grouping, sx: container Michael requests reviews by RFC8791 YANG experts. Authors would like to upgrade status to (full) Internet Standard as opposed to proposed (rfc8366) AD (Rob Wilton): Pls. first go through PS (Proposed Standard) status. Could be upgraded without text change later on to full standard (with additional process). Open discussion: still multiple extensions to 8366 through various other RFC/drafts. should these be pulled back into rfc8366 ? Toerless: smart money ? on keeping documents separate so it's easier to also evolve them separately. AD (Rob Wilton): Instead of merge, just consider you can also use 'Update' tag in RFCs to create the desired linkage to the other documents. Kent Watson: We already have dependencies referring to 8366(rfc8572) Michael: think it's ok. to obsolete rfc8366 because it is completely the same functionally on the wire. ## ~13:37 06 BRSKI Cloud Presenter: Michael Richardson Time: 10 minutes Drafts: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-cloud/03 (was -02 at IETF112) The draft addresses the use case that a pledge wants to directly talk to the cloud than to a local registrar. The draft also offers that a local registrar points to a home registrar on the cloud to use for enrollment. ## ~13:40 07 An Autonomic Mechanism for Resource-based Network Services Auto-deployment Presenter(s): Yujing Zhou Time: 10 minutes Draft: https://datatracker.ietf.org/doc/draft-ietf-anima-network-service-auto-deployment/ (was https://datatracker.ietf.org/doc/draft-dang-anima-network-service-auto-deployment/01/ at IETF112) Yujing presented the changes since IETF 112 and the negotiation phase of the auto-deployment process (Toerless) will review the draft. He likes the slides providing further details. Details/examples or a detailed use case (negotiation) could be integrated into the draft as well. ## ~13:52 08 Autonomic IP Address To Access Control Group ID Mapping Presenter(s): Yujing Zhou Time: 10 minutes Draft: https://datatracker.ietf.org/doc/draft-yizhou-anima-ip-to-access-control-groups/ (was -01 at IETF112) Yujing introduced the basic idea of the draft and the changes from IETF 112. Yujing asks for WG adoption. (Zongpeng Du) Security ? Answer: We will think about it. Yizhou Li (co-author): security yes possible applicability, but this is about policy, so it would have to be the policy of some security function. Sheng Jiang: (DHCP only) If that is the case, why ANIMA? (next slide): Where is the negotiation? Yizhou: (DHCP slide): Just an example; show the readers that even some part is not ANIMA, can be piece of this work ... we can add description to the document to have introduction on this; negotiation just single request/response add deny to this example, too Toerless: similar to TACACS RADIUS DIAMETER; a comparison to those would be useful to indicate what this proposal can do that T/R/D can't. E.g., pushing out to multiple points (traditional solutions are request/reply) ## ~14:12 09 DNS-SD Compatible Service Discovery in GRASP Presenter: Toerless Eckert Time: 5 minutes Draft: https://datatracker.ietf.org/doc/draft-eckert-anima-grasp-dnssd/03/ (was -02 at IETF112) The document is quite stable and any review is appreciated. ## 10 Autoconfiguration of infrastructure services in ACP networks via DNS-SD over GRASP Presenter: Toerless Eckert Time: 5 minutes Draft: https://datatracker.ietf.org/doc/draft-eckert-anima-services-dns-autoconfig/01/ (was -01 at IETF112) operator sets up services in the NOC enables service announcements in the ACP (MDNS, ...) ACP nodes get service announcements and start consuming these services (Note: below discussion is for the above agenda item grasp-dnssd, it seems - see slide) Stuart: IANA registry as per RFC6335 Also some mapping not DNS over bluetooth. Mcr: Would love to see DNS resolution for ACP ULA. Toerless: probably separate spec. Also: how to use names so as to select going across ACP vs. going across data-plane. Toerless askes for WG adoption of both drafts. Sheng Jiang likes the work, but he requests to have some reviews first. The discussion will be continued on the email list. ## ~ 14:34 meeting closes ## Action items collected DONE (toerless): fixup chair slides for auto-deployment there actually is a slot. DONE (michael) Update: slot for weekly BRSKI meeting time, send out to list. TBD (chairs): work with constrained voucher authors for early allocation request (TBD3) TBD (chairs): WG last call start for constrained voucher, to be sent out monday 4/4/2022 (lot of early reviews done) would like to see same 3 reviewers as we had for BRSKI (in whatever fashion - jari christen and russ) TBD: BRSKI-cloud sector reviews/WG-last-call-prep TBD (toerless): review anima-network-service-auto-deployment