Dear ANIMA WG,
as given below, we have published a new version of the BRSKI-AE draft,
which contains the latest results of our exchange in the design team
meetings.
For convenience, here is the list of recent changes,
along with those of a couple of versions before.
Cheers,
David
IETF draft ae-08 -> ae-09:
• In response to review by Toerless,
*
tweak abstract to make meaning of 'alternative enrollment' more clear
*
expand on first use not "well-known" abbreviations, such as 'EST',
adding also a references on their first use
*
add summary and reason for choosing CMP at end of Section 3.2
*
remove paragraph on optimistic discovery in controlled environments
*
mention role of reviewers also in acknowledgments section
• A couple of grammar and spelling fixes
IETF draft ae-07 -> ae-08:
• Update references to service names in Section 5.1
IETF draft ae-06 -> ae-07:
*
Update subsections on discovery according to discussion in the
design team
*
In Section 5.1, replace 'mandatory' by 'REQUIRED' regarding
adherence to LCMPP,
in response to SECDIR Last Call Review of ae-06 by Barry Leiba
IETF draft ae-05 -> ae-06:
* Extend section on discovery according to discussion in the design team
* Make explicit that MASA voucher status telemetry is as in BRSKI
* Add note that on delegation, RA may need info on pledge authorization
IETF draft ae-04 -> ae-05:
*
Remove entries from the terminology section that should be clear
from BRSKI
*
Tweak use of the terms IDevID and LDevID and replace PKI RA/CA by RA/CA
*
Add the abbreviation 'LCMPP' for Lightweight CMP Profile to the
terminology section
*
State clearly in Section 5.1 that LCMPP is mandatory when using CMP
*
Change URL of BRSKI-AE-overview graphics to slide on IETF 116
meeting material
On 19.12.23 19:10, [email protected] wrote:
Internet-Draft draft-ietf-anima-brski-ae-09.txt is now available. It is a work
item of the Autonomic Networking Integrated Model and Approach (ANIMA) WG of
the IETF.
Title: BRSKI-AE: Alternative Enrollment Protocols in BRSKI
Authors: David von Oheimb
Steffen Fries
Hendrik Brockhaus
Name: draft-ietf-anima-brski-ae-09.txt
Pages: 40
Dates: 2023-12-19
Abstract:
This document defines an enhancement of Bootstrapping Remote Secure
Key Infrastructure (BRSKI, RFC 8995). It supports alternative
certificate enrollment protocols, such as CMP, that use authenticated
self-contained signed objects for certification messages.
This offers the following advantages. The origin of requests and
responses can be authenticated independently of message transfer.
This supports end-to-end authentication (proof of origin) also over
multiple hops, as well as asynchronous operation of certificate
enrollment. This in turn provides architectural flexibility where
and when to ultimately authenticate and authorize certification
requests while retaining full-strength integrity and authenticity of
certification requests.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-ae/
There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-ae-09
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-ae-09
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
