Hello,
Yesterday the second part of the original work on BRSKI-AE covering use case 2
was submitted as new WG draft.
The following changes have been made:
* Moved UC2 related parts defining the pledge in responder mode from
draft-ietf-anima-brski-async-enroll-03 to this document This
required changes and adaptations in several sections to remove the
description and references to UC1.
* Addressed feedback for voucher-request enhancements from YANG
doctor early review in Section 6 as well as in the security
considerations (formerly named ietf-async-voucher-request).
* Renamed ietf-async-voucher-request to IETF-voucher-request-prm to
to allow better listing of voucher related extensions; aligned
with constraint voucher (#20)
* Utilized ietf-voucher-request-async instead of ietf-voucher-
request in voucher exchanges to utilize the enhanced voucher-
request.
* Included changes from draft-ietf-netconf-sztp-csr-06 regarding the
YANG definition of csr-types into the enrollment request exchange.
If you have any comments or remarks, please let us know. We plan to present the
current state during the next IETF meeting.
Best regards
Steffen
-----Original Message-----
From: I-D-Announce <[email protected]> On Behalf Of
[email protected]
Sent: Montag, 25. Oktober 2021 23:19
To: [email protected]
Cc: [email protected]
Subject: I-D Action: draft-ietf-anima-brski-prm-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Autonomic Networking Integrated Model and
Approach WG of the IETF.
Title : BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Authors : Steffen Fries
Thomas Werner
Eliot Lear
Michael C. Richardson
Filename : draft-ietf-anima-brski-prm-00.txt
Pages : 46
Date : 2021-10-25
Abstract:
This document defines enhancements to the bootstrapping a remote
secure key infrastructure (BRSKI, [RFC8995] ) to facilitate
bootstrapping in domains featuring no or only timely limited
connectivity between a pledge and the domain registrar. This
specifically targets situations, in which the interaction model
changes from a pledge-initiator-mode as in BRSKI to a pledge-
responder-mode as desribed here. To support this functionality
BRSKI-PRM introduces a new registrar-agent component, which
facilitates the communication between pledge and registrar during the
bootstrapping phase. To support the establishment of a trust
relation between a pledge and the domain registrar, BRSKI-PRM relies
on the exchange of authenticated self-contained objects (signature-
wrapped objects). The defined approach is agnostic regarding the
utilized enrollment protocol, deployed by the registrar to
communicate with the Domain CA.
The IETF datatracker status page for this draft is:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski-prm%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JBk1ktTM0RellAqrjba%2Bp1RBqbDn8FkD6pcJrkjTq%2Fk%3D&reserved=0
There is also an htmlized version available at:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski-prm-00&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t0Yw9AoZJV5htAtmrkaY8%2FVjLLTiUtCUWnr3JuXhkIY%3D&reserved=0
Internet-Drafts are also available by anonymous FTP at:
https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Finternet-drafts%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FOEE0EKSZ%2BVx8lN8oY%2B64mFAUok6Ewc4Tc11KXR%2BbDM%3D&reserved=0
_______________________________________________
I-D-Announce mailing list
[email protected]
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fi-d-announce&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1e6EBV3iv97wfNmtV0ub84XU3g0DfeWo58LGBTU6u0o%3D&reserved=0
Internet-Draft directories:
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ietf.org%2Fshadow.html&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PegnvCbTyjvkNxcJUVeM%2BcRkpv62QhGLNqtZlEOmt0k%3D&reserved=0
or
https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Fietf%2F1shadow-sites.txt&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=altqe1ow2%2FXA0wXyI%2FDMbC2L7IGTT0xKj5cIB46Z1aI%3D&reserved=0
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
