The following errata report has been held for document update for RFC8995, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6648 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Michael Richardson <[email protected]> Date Reported: 2021-07-27 Held by: Mahesh Jethanandani (IESG) Section: 5.1 Original Text ------------- Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is REQUIRED on the pledge side. TLS 1.3 (or newer) SHOULD be available on the registrar server interface, and the registrar client interface, but TLS 1.2 MAY be used. TLS 1.3 (or newer) SHOULD be available on the MASA server interface, but TLS 1.2 MAY be used. Corrected Text -------------- Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is REQUIRED on the pledge side. TLS 1.3 (or newer) SHOULD be available on the registrar server interface, and the registrar client interface, but TLS 1.2 MAY be used. When TLS 1.3 is used the use of Server Name Indicator (SNI, [RFC6066]) is not required, per RFC8446 section 9.2, this specification is an application profile specification. A pledge connects to the Registrar using only an IP address and it will not have any idea of a correct SNI value. This also implies that the Registrar interface may not be virtual \ hosted using SNI. Notes ----- Another errata says that SNI is mandatory on MASA interface, and the distinction between the two is subtle. AD Note: See the following thread - https://mailarchive.ietf.org/arch/msg/anima/4S-KwyJucJEsENG0VqtgkIcCSfE/ -------------------------------------- RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45) -------------------------------------- Title : Bootstrapping Remote Secure Key Infrastructure (BRSKI) Publication Date : May 2021 Author(s) : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen Category : PROPOSED STANDARD Source : Autonomic Networking Integrated Model and Approach Stream : IETF Verifying Party : IESG _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
