Hi all, I just uploaded the updated version of BRSKI-PRM with the following changes: * Update of list of reviewers * Issue #67, shortened the pledge endpoints to prepare for constraint deployments * Included table for new endpoints on the registrar in the overview of the registrar-agent * addressed review comments from SECDIR early review * addressed review comments from IOTDIR early review
The remaining issue relates to the YANG module and the augmentation of the voucher. Based on Michaels analysis, this issue may be solved in the context of a RFC 8366bis, which has been discussed already to address the enumeration issue in the assertion of the voucher. Besides this, we have a proof of concept implementation available, for which we would be happy to do interop testing. The authors think the draft is technically sound and may go into WGLC soon. Best regards Steffen > -----Original Message----- > From: Anima <[email protected]> On Behalf Of internet- > [email protected] > Sent: Mittwoch, 11. Januar 2023 16:26 > To: [email protected] > Cc: [email protected] > Subject: [Anima] I-D Action: draft-ietf-anima-brski-prm-06.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Autonomic Networking Integrated Model and > Approach WG of the IETF. > > Title : BRSKI with Pledge in Responder Mode (BRSKI-PRM) > Authors : Steffen Fries > Thomas Werner > Eliot Lear > Michael C. Richardson > Filename : draft-ietf-anima-brski-prm-06.txt > Pages : 86 > Date : 2023-01-11 > > Abstract: > This document defines enhancements to bootstrapping a remote secure > key infrastructure (BRSKI, RFC8995) to facilitate bootstrapping in > domains featuring no or only time limited connectivity between a > pledge and the domain registrar. It specifically targets situations > in which the interaction model changes from a pledge-initiated-mode, > as used in BRSKI, to a pledge-responding-mode as described in this > document. To support the pledge-responding mode, BRSKI-PRM > introduces a new component, the registrar-agent, which facilitates > the communication between pledge and registrar during the > bootstrapping phase. To establish the trust relation between pledge > and domain registrar, BRSKI-PRM relies on object security rather than > transport security. > > The approach defined here is agnostic with respect to the underlying > enrollment protocol which connects the pledge and the domain > registrar to the Domain CA. > > > The IETF datatracker status page for this draft is: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat > racker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski- > prm%2F&data=05%7C01%7Csteffen.fries%40siemens.com%7C1389d0a4f00d > 43c780f208daf3e81ef2%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0% > 7C638090475535201376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C% > 7C&sdata=JetQcFlwiWWaD%2F9fUzgzCcXVMmE3OxSxgWrJ4e4sGuc%3D&re > served=0 > > There is also an htmlized version available at: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat > racker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski-prm- > 06&data=05%7C01%7Csteffen.fries%40siemens.com%7C1389d0a4f00d43c78 > 0f208daf3e81ef2%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63 > 8090475535201376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C > &sdata=hXzsyeRPNhsT1s2sXuMz1bnr2gGavtr6ZDVwvNl8%2BSA%3D&reserv > ed=0 > > A diff from the previous version is available at: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauth > or-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-anima-brski-prm- > 06&data=05%7C01%7Csteffen.fries%40siemens.com%7C1389d0a4f00d43c78 > 0f208daf3e81ef2%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63 > 8090475535201376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C > &sdata=SEjrqfPXmk4%2Fbbhp%2FLMP5y6LRcxomkUCmZLGFq7C%2BMI%3D > &reserved=0 > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > Anima mailing list > [email protected] > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .ietf.org%2Fmailman%2Flistinfo%2Fanima&data=05%7C01%7Csteffen.fries% > 40siemens.com%7C1389d0a4f00d43c780f208daf3e81ef2%7C38ae3bcd95794f > d4addab42e1495d55a%7C1%7C0%7C638090475535201376%7CUnknown%7CT > WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC > JXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FFgFtgo3U6BwvGBVvLgfjtSJPx > LiLL9Xg5U8QclFKVQ%3D&reserved=0 _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
