Hi, the BRSKI design team met this morning at "7:30AM EST", i.e. 1230UTC. We have met most weeks since 2020-10-01. We are using: https://meet.sandelman.ca/BRSKIDesignTeam (a JITSI instance) and the password, if asked is "anima". We meet weekly.
Typical attendees include:
* Peter van der Stok
* Ejko Dijk
* Thomas Werner
* Aurelio Schellenbaum
* Steffen Fries
* Michael Richardson
* Wei Pan
* Hendrik Brockhaus
* Eliot Lear
We are working on the following documents/repositories:
https://github.com/anima-wg/anima-brski-async-enroll
https://github.com/anima-wg/constrained-voucher
https://github.com/anima-wg/constrained-6tisch-anima-dtls-join-proxy.git
and perhaps:
https://github.com/mcr/anima-jose-voucher
This morning we dealt with:
1) https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-brski-async-enroll-01
That is, the changes that Steffen has done to brski-async-enroll,
specifically section 5.2. We discussed how we could create an assertion from
the *PLEDGE AGENT* that it in fact has proximity to the PLEDGE.
This section introduces DPP-like QR code using a PSK.
There are many manufacturing challenges with a QR code, which are similar to
those created by an IDevID.
Having the result be a PSK further complicates things as it must now not just
be synchronized, but kept private.
(Though, DPP also requires that the printed public key remain essentially
private, as if it's actually the private part of the keypair)
We agreed that Steffen would post the -01 version above so that we can
have a larger discussion about this.
In particular, Eliot asked about the relationship between the pledge-agent
and the Registrar: what is it?
2) We worked on two of the three currently open pull requests.
a) https://github.com/anima-wg/constrained-voucher/pull/68
rewrite intro and abstract
-- make intro text match intention that this is about:
- constrained voucher
AND - constrained BRSKI
-- probably the title needs to change too.
b) https://github.com/anima-wg/constrained-voucher/pull/69
Voucher pin considerations
This adds a diagram about certificate chains and how BRSKI 5.5 says to do
things, and how that translates to COSE.
My advice is to put the x5bag in the protected headers, but there are some
concerns about what things mean.
We could do some interesting things by assigning semantics to whether
the certificate is in a protected or unprotected header. That might
not be good.
c) https://github.com/anima-wg/constrained-voucher/pull/67
clarify BRSKI-EST and BRSKI-MASA protocols
We did not get to this item.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
