[Anima] I-D Action: draft-ietf-anima-bootstrapping-keyinfra-11.txt

2018-02-20 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Autonomic Networking Integrated Model and Approach WG of the IETF. Title : Bootstrapping Remote Secure Key Infrastructures (BRSKI) Authors : Max

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Michael Richardson
Toerless Eckert wrote: >> "Registrar". The term JRC is used in common with other bootstrap >> mechanisms. >> >> + (Public) Key Infrastructure: The collection of systems and processes >> + that sustain the activities of a public key system. In an

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Toerless Eckert
On Wed, Feb 21, 2018 at 02:45:12AM +, Max Pritikin (pritikin) wrote: > > The MASA is a certifier of vouchers. A voucher isn???t really a PKI construct > today. Its more of a distribution of trust-anchor or ???pinned cert??? > construct used to bootstrap a PKI because the PKI???s don???t

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Michael Richardson
Toerless Eckert wrote: > Thanks, Michael > Can't see a commit on github since 6 dyays ago, maybe in different branch ? > Comments for now therefore inline against your email. Yeah, it's on the toerless-terminology-comments branch. About to be in -11. -- Michael

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Max Pritikin (pritikin)
> On Feb 20, 2018, at 7:38 PM, Toerless Eckert wrote: > > Thanks, Michael > Can't see a commit on github since 6 dyays ago, maybe in different branch ? > Comments for now therefore inline against your email. > > On Tue, Feb 20, 2018 at 07:54:40PM -0500, Michael Richardson

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Michael Richardson
Toerless Eckert wrote: > Overall: > a) Requirements about EST: > - The introduction says: "Integration with a complete EST enrollment is > optional but trivial" > - 5.8.3 says "The Pledge MUST request a new client certificate". > - 1.4 says "bootstrapped

Re: [Anima] Shepherd review draft-ietf-anima-bootstrapping-keyinfra-09

2018-02-20 Thread Michael Richardson
Max Pritikin (pritikin) wrote: >>> b) Key infrastructure >> >>> There is no definition/reference for this term. Please describe on >>> first use and in terminology. Is there a difference >>> between "key infrastructure" and "keying material" ? If

Re: [Anima] verification of manufacturer in BRSKI

2018-02-20 Thread 'Toerless Eckert'
On Tue, Feb 20, 2018 at 03:30:14PM +0530, Anoop Kumar Pandey wrote: > Trusted world is something like "every entity in the domain is a trusted > entity." Also in this case, trust can be derived. For example, if a pledge > is issued by a trusted/enlisted MI, then that pledge can also be trusted. >

Re: [Anima] verification of manufacturer in BRSKI

2018-02-20 Thread Anoop Kumar Pandey
>"I do not know what a 'trusted world' is, we have not been using that term in ANIMA. >Do you mind to elaborate what you think is redundant in the "cryptographically maintained long procedure" ?" Trusted world is something like "every entity in the domain is a trusted entity." Also in this