Following up on the discussion at the WG meeting.
All three:
https://github.com/anima-wg/brski-cloud/blob/master/presentations/three-flows.pngIn all cases the Pledge gets some kind of network connectivity. This could be an open WiFi, but is more often a cable plugged in with DHCPv4/IPv6. 2) Cloud Registrar Issues Voucher, Home RA issues LDevID (Note that the document has 7.2 having "Option 1", "Option 2", "Option 3". They are out of sync with the presentation) This is involves all the BRSKI mechanism occuring in the cloud, but the local domain still having a CA. The CA could be a pure EST (RFC7030) with no BRSKI extensions. The diagram is at: https://github.com/anima-wg/brski-cloud/blob/master/presentations/option-2-enroll-redirect.png 7.2.2 proposes to do this with the enroll getting a 3xx (probably 307) code: +--------+ +-----------+ +----------+ | Pledge | | Local | | Cloud RA | | | | Registrar | | / MASA | +--------+ +-----------+ +----------+ | | | 1. Full TLS | |<----------------------------------------------->| | | | 2. Voucher Request | |------------------------------------------------>| | | | 3. Voucher Response | |<------------------------------------------------| | | | 4. EST enroll | |------------------------------------------------>| | | | 5. 3xx Location: localra.example.com | |<------------------------------------------------| | | | 6. Full TLS | | |<-------------------->| | | | | | 7. EST Enrol | | |--------------------->| | | | | | 8. Certificate | | |<---------------------| | | | | | 9. etc. | | |--------------------->| | 7.2.3 proposes to do this with the voucher providing the address of the EST server. +--------+ +-----------+ +----------+ | Pledge | | Local | | Cloud RA | | | | Registrar | | / MASA | +--------+ +-----------+ +----------+ | | | 1. Full TLS | |<----------------------------------------------->| | | | 2. Voucher Request | |------------------------------------------------>| | | | 3. Voucher Response {localra:fqdn} | |<------------------------------------------------| | | | 4. Full TLS | | |<-------------------->| | | | | | 5. EST Enrol | | |--------------------->| | | | | | 6. Certificate | | |<---------------------| | | | | | 7. etc. | | |--------------------->| | In both cases, the voucher response provides a pinn of the Local Registrar. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
