Hello,
I just submitted the updated version of the BRSKI-AE draft as WG draft.
In the submitted version we already included updates and further revised the
text based on comments we received during the adoption call.
We would like to discuss the changes during the next ANIMA WG meeting.
The changes comprise mostly editorial changes related to restructuring,
simplifications of descriptions and stripping of replicated information from
BRSKI. A proposal is included in the draft for handling discovery of enrollment
endpoints at a domain registrar as outlined in the individual submission. We
would like to use some time in the next ANIMA WG meeting to discuss/refine
these with the WG and also discuss the next steps for the document.
The following list summarizes the changes from individual version 03 -> IETF
draft 00:
o Inclusion of discovery options of enrollment endpoints at the
domain registrar based on well-known endpoints in Section 5.3 as
replacement of section 5.1.3 in the individual draft. This is
intended to support both use cases in the document. An
illustrative example is provided.
o Missing details provided for the description and call flow in
pledge-agent use case Section 5.2, e.g. to accommodate
distribution of CA certificates.
o Updated CMP example in Section 6 to use lightweight CMP instead of
CMP, as the draft already provides the necessary /.well-known
endpoints.
o Requirements discussion moved to separate section in Section 4.
Shortened description of proof of identity binding and mapping to
existing protocols.
o Removal of copied call flows for voucher exchange and registrar
discovery flow from [I-D.ietf-anima-bootstrapping-keyinfra] in
section 5.1 to avoid doubling or text or inconsistencies.
o Reworked abstract and introduction to be more crisp regarding the
targeted solution. Several structural changes in the document to
have a better distinction between requirements, use case
description, and solution description as separate sections.
History moved to appendix.
Best regards
Steffen
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Freitag, 10. Juli 2020 09:29
To: Fries, Steffen (CT RDA CST) <[email protected]>; Eliot Lear
<[email protected]>; Brockhaus, Hendrik (CT RDA CST SEA-DE)
<[email protected]>
Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-00.txt
A new version of I-D, draft-ietf-anima-brski-async-enroll-00.txt
has been successfully submitted by Steffen Fries and posted to the IETF
repository.
Name: draft-ietf-anima-brski-async-enroll
Revision: 00
Title: Support of asynchronous Enrollment in BRSKI (BRSKI-AE)
Document date: 2020-07-10
Group: anima
Pages: 35
URL:
https://www.ietf.org/internet-drafts/draft-ietf-anima-brski-async-enroll-00.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-async-enroll/
Htmlized:
https://tools.ietf.org/html/draft-ietf-anima-brski-async-enroll-00
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-async-enroll
Abstract:
This document describes enhancements of bootstrapping a remote secure
key infrastructure (BRSKI) to also operate in domains featuring no or
only timely limited connectivity between involved components. It
addresses connectivity to backend services supporting enrollment like
a Public Key Infrastructure (PKI) and also to the connectivity
between pledge and registrar. For this it enhances the use of
authenticated self-contained objects in BRSKI also for request and
distribution of deployment domain specific device certificates. The
defined approach is agnostic regarding the utilized enrollment
protocol allowing the application of existing and potentially new
certificate management protocols.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
