Hi all, I'd like to bring your attention to the following Individual IETF draft and invite you to review the draft. I believe this draft best fits under the auspices of the ANIMA WG. It is welcome to give feedback or make comments.
The high level summary is as follows: ============================== 1. This document describes a lightweight certificateless enrollment protocol in BRSKI for constrained IoT devices. 2. A credential based on public keys is designed to replace the domain certificate used in BRSKI. 3. An authentication centre (AC) replaced the certification authority (CA) is used to issue the credential to the pledge. 4. A new mutual authentication protocol is designed for the authentication between two pledges by the credentials. More details are available in the ID text. Best regards, Lei YAN ----- Original Message ----- From: [email protected] <[email protected]> Sent: July 10, 2023 22:28 To: Yanlei(Ray) <[email protected]> Subject: New Version Notification for draft-yan-anima-brski-cle-00.txt A new version of I-D, draft-yan-anima-brski-cle-00.txt has been successfully submitted by Lei YAN and posted to the IETF repository. Name: draft-yan-anima-brski-cle Revision: 00 Title: BRSKI-CLE: A Certificateless Enrollment protocol in BRSKI Document date: 2023-07-10 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-yan-anima-brski-cle-00.txt Status: https://datatracker.ietf.org/doc/draft-yan-anima-brski-cle/ Html: https://www.ietf.org/archive/id/draft-yan-anima-brski-cle-00.html Htmlized: https://datatracker.ietf.org/doc/html/draft-yan-anima-brski-cle Abstract: Bootstrapping Remote Secure Key Infrastructure (BRSKI, RFC 8995) is an automated bootstrap protocol for unconfigured devices called "pledges". Existing enrollment protocols in BRSKI are all based on certificates, which are not suitable for constrained IoT devices. This document defines a certificateless enrollment protocol in BRSKI (BRSKI-CLE) for constrained IoT devices. To achieve a lightweight protocol, a credential based on public keys is designed to replace the domain certificate used in BRSKI. An authentication centre (AC) replaced the certification authority (CA) is used to issue the credential to the pledge. A new mutual authentication protocol is also designed to authenticate using the credentials. The IETF Secretariat _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
