Hello,
I just submitted an update of the BRSKI-AE draft
(draft-ietf-anima-brski-async-enroll-01)
This document is an intermediate version to also address the upcoming expiry
date of the previous version.
The main changes from IETF draft 00 -> IETF 01 comprise
o Update of scope in Section 3.1 to include in which the pledge acts as a
server. This is one main motivation for use case 2.
o Rework of use case 2 in Section 5.2 to consider the transport between the
pledge and the pledge-agent. Addressed is the TLS
channel establishment between the pledge-agent and the pledge as well as
the endpoint definition on the pledge.
o First description of exchanged object types (needs more work)
o Clarification in discovery options for enrollment endpoints at the domain
registrar based on well-known endpoints in Section 5.3 do
not result in additional /.well-known URIs. Update of the illustrative
example. Note that the change to /brski for the
voucher related endpoints has been taken over in the BRSKI main document.
(thanks to Michael)
o Updated references.
o Included Thomas Werner as additional author for the document.
There are several open issues to be addressed in the document. Also the
currently described PUSH mechanism in Use Case 2 needs more discussion
regarding the underlying trust models and exchanges.
Please provide feedback as it helps to further develop the approach.
Best regards
Steffen
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Donnerstag, 7. Januar 2021 15:24
To: Eliot Lear <[email protected]>; Brockhaus, Hendrik (T RDA CST SEA-DE)
<[email protected]>; Fries, Steffen (T RDA CST)
<[email protected]>; Werner, Thomas (T RDA CST SEA-DE)
<[email protected]>
Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-01.txt
A new version of I-D, draft-ietf-anima-brski-async-enroll-01.txt
has been successfully submitted by Steffen Fries and posted to the IETF
repository.
Name: draft-ietf-anima-brski-async-enroll
Revision: 01
Title: Support of asynchronous Enrollment in BRSKI (BRSKI-AE)
Document date: 2021-01-07
Group: anima
Pages: 41
URL:
https://www.ietf.org/archive/id/draft-ietf-anima-brski-async-enroll-01.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-async-enroll/
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-async-enroll
Htmlized:
https://tools.ietf.org/html/draft-ietf-anima-brski-async-enroll-01
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-brski-async-enroll-01
Abstract:
This document describes enhancements of bootstrapping a remote secure
key infrastructure (BRSKI) to also operate in domains featuring no or
only timely limited connectivity between involved components.
Moreover, newly introduced are methods to perform the BRSKI approach
in environments, in which the role of the pledge changes to a server
instead of the client. This changes the interaction model as the
pledge is pushed to interact with the registrar instead of pulling
information from the registrar. To support both, BRSKI-AE relies on
the exchange of it authenticated self-contained objects (signature-
wrapped objects) also for requesting and distributing of domain
specific device certificates. The defined approach is agnostic
regarding the utilized enrollment protocol allowing the application
of existing and potentially new certificate management protocols.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
