Hi guys, After the meeting and from corridor conversations with Toerless, I had actually already started on such a draft.
What I have started so far is attached. Its not on a public repo yet, but will put it there. You are already named on it Rifaat, happy to add you too Michael and you can help figure out some of the open redirect options outlined in it ☺ My high level thoughts on this were to keep the ACME specifics out of the draft, and use the draft to define the cloud RA behaviour, and the pledge behaviour when interacting with the cloud RA, and the various cert, CA, TLS, redirect, etc. details. The fact that the RA (whether cloud or local) *may* use ACME to talk to the CA is transparent to the pledge. I was thinking that the ACME specifics could be covered in a different draft based on merging draft-yusef-acme-3rd-party-device-attestation and draft-friel-acme-integrations, but leave the BRSKI clarifications/specifics in this one. Thoughts? Owen From: Iot-onboarding <iot-onboarding-boun...@ietf.org> On Behalf Of Rifaat Shekh-Yusef Sent: 02 August 2019 19:09 To: anima@ietf.org; iot-onboard...@ietf.org Subject: [Iot-onboarding] Device Certificate Deployment Automation with ACME using BRSKI All, During the last IETF meeting in Montreal we had a side meeting to discuss the deployment automation of ACME issued certificates to devices, and the potential use of the BRSKI mechanism to help with this. It was clear from the discussion that BRSKI can be used to help address this use case, and that further discussion is needed to define the needed enhancements to BRSKI. The current BRSKI mechanism only briefly discusses the Cloud Registrar option in section 2.7, which could be used to help address this use case. Michael Richardson and I had another meeting over lunch yesterday to further discuss this and we decided to work on a new draft to describe the issue and define a solution. Because of vacations and other commitments, we will try to publish the first version of the draft early October. Regards, Rifaat & Michael
draft-friel-brski-cloud.md
Description: draft-friel-brski-cloud.md
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
