Hi all,
we just updated BRSKI -PRM addressing review comments from AD / IOTDIR / OPSDIR
review.
The following changes are contained in draft version 16:
* issue #135: corrections from IOTDIR review (clarification
regarding minimum supported discovery in Section 6.1.2,
clarification regarding CDDl notation in Figure 27 and editorial
nits.
* updated references (draft-ietf-netconf-sztp-csr became RFC 9646,
included RFC 9662, operational considerations drafts for registrar
and MASA)
* AD review: included term Registrar-Agent in Terminology section
* AD review: enhanced interaction information in Figure 1 and
Figure 2
* AD review: included new section on Section 9 to outline
operational considerations
* AD review: enhanced Section 8 with more detailed recommendations
on logging
* AD review: enhanced Section 11 with enhanced recommendations
concerning logging
* AD review: enhanced Section 12.3 with more information about
misuse of the Registrar-Agent
* IOTDIR/OPSDIR/AD review: addressed various nits received
throughout the draft
Best regards
Steffen
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Tuesday, January 7, 2025 6:09 PM
To: Michael C. Richardson <[email protected]>; Eliot Lear <[email protected]>;
Michael Richardson <[email protected]>; Fries, Steffen (FT RPD CST)
<[email protected]>; Werner, Thomas (FT RPD CST SEA-DE)
<[email protected]>
Subject: New Version Notification for draft-ietf-anima-brski-prm-16.txt
A new version of Internet-Draft draft-ietf-anima-brski-prm-16.txt has been
successfully submitted by Steffen Fries and posted to the IETF repository.
Name: draft-ietf-anima-brski-prm
Revision: 16
Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Date: 2025-01-07
Group: anima
Pages: 116
URL: https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-16.txt
Status: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/
HTML: https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-16.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-prm
Diff:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-16
Abstract:
This document defines enhancements to Bootstrapping a Remote Secure
Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in
domains featuring no or only limited connectivity between a pledge
and the domain registrar. It specifically changes the interaction
model from a pledge-initiated mode, as used in BRSKI, to a pledge-
responding mode, where the pledge is in server role. For this, BRSKI
with Pledge in Responder Mode (BRSKI-PRM) introduces new endpoints
for the Domain Registrar and pledge, and a new component, the
Registrar-Agent, which facilitates the communication between pledge
and registrar during the bootstrapping phase. To establish the trust
relation between pledge and registrar, BRSKI-PRM relies on object
security rather than transport security. The approach defined here
is agnostic to the enrollment protocol that connects the domain
registrar to the Key Infrastructure (e.g., domain CA).
The IETF Secretariat
_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]
