Hello, Yesterday the second part of the original work on BRSKI-AE covering use case 2 was submitted as new WG draft. The following changes have been made: * Moved UC2 related parts defining the pledge in responder mode from draft-ietf-anima-brski-async-enroll-03 to this document This required changes and adaptations in several sections to remove the description and references to UC1.
* Addressed feedback for voucher-request enhancements from YANG doctor early review in Section 6 as well as in the security considerations (formerly named ietf-async-voucher-request). * Renamed ietf-async-voucher-request to IETF-voucher-request-prm to to allow better listing of voucher related extensions; aligned with constraint voucher (#20) * Utilized ietf-voucher-request-async instead of ietf-voucher- request in voucher exchanges to utilize the enhanced voucher- request. * Included changes from draft-ietf-netconf-sztp-csr-06 regarding the YANG definition of csr-types into the enrollment request exchange. If you have any comments or remarks, please let us know. We plan to present the current state during the next IETF meeting. Best regards Steffen -----Original Message----- From: I-D-Announce <i-d-announce-boun...@ietf.org> On Behalf Of internet-dra...@ietf.org Sent: Montag, 25. Oktober 2021 23:19 To: i-d-annou...@ietf.org Cc: anima@ietf.org Subject: I-D Action: draft-ietf-anima-brski-prm-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Autonomic Networking Integrated Model and Approach WG of the IETF. Title : BRSKI with Pledge in Responder Mode (BRSKI-PRM) Authors : Steffen Fries Thomas Werner Eliot Lear Michael C. Richardson Filename : draft-ietf-anima-brski-prm-00.txt Pages : 46 Date : 2021-10-25 Abstract: This document defines enhancements to the bootstrapping a remote secure key infrastructure (BRSKI, [RFC8995] ) to facilitate bootstrapping in domains featuring no or only timely limited connectivity between a pledge and the domain registrar. This specifically targets situations, in which the interaction model changes from a pledge-initiator-mode as in BRSKI to a pledge- responder-mode as desribed here. To support this functionality BRSKI-PRM introduces a new registrar-agent component, which facilitates the communication between pledge and registrar during the bootstrapping phase. To support the establishment of a trust relation between a pledge and the domain registrar, BRSKI-PRM relies on the exchange of authenticated self-contained objects (signature- wrapped objects). The defined approach is agnostic regarding the utilized enrollment protocol, deployed by the registrar to communicate with the Domain CA. The IETF datatracker status page for this draft is: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski-prm%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JBk1ktTM0RellAqrjba%2Bp1RBqbDn8FkD6pcJrkjTq%2Fk%3D&reserved=0 There is also an htmlized version available at: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski-prm-00&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t0Yw9AoZJV5htAtmrkaY8%2FVjLLTiUtCUWnr3JuXhkIY%3D&reserved=0 Internet-Drafts are also available by anonymous FTP at: https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Finternet-drafts%2F&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FOEE0EKSZ%2BVx8lN8oY%2B64mFAUok6Ewc4Tc11KXR%2BbDM%3D&reserved=0 _______________________________________________ I-D-Announce mailing list i-d-annou...@ietf.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fi-d-announce&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1e6EBV3iv97wfNmtV0ub84XU3g0DfeWo58LGBTU6u0o%3D&reserved=0 Internet-Draft directories: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ietf.org%2Fshadow.html&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PegnvCbTyjvkNxcJUVeM%2BcRkpv62QhGLNqtZlEOmt0k%3D&reserved=0 or https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Fietf%2F1shadow-sites.txt&data=04%7C01%7Csteffen.fries%40siemens.com%7Cb346cd09911e4fa6d6c808d997fd1cac%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637707935638989592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=altqe1ow2%2FXA0wXyI%2FDMbC2L7IGTT0xKj5cIB46Z1aI%3D&reserved=0 _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima