Hello, We just updated uploaded BRSKI-PRM (draft-ietf-anima-brski-prm-10.txt) with the following changes from IETF draft 09 -> IETF draft 10: * issue #79, clarified discovery in the context of BRSKI-PRM and included information about future discovery enhancements in a separate draft in Section 5.3.1. * issue #93, included information about conflict resolution in mDNS and GRASP in Section 5.3.2 * issue #103, included verification handling for the wrapped CA certificate provisioning in Section 6.3.3 * issue #106, included additional text to elaborate more the registrar status handling in Section 6.3.6 * issue #116, enhanced DoS description in Section 10.1 * issue #120, included statement regarding pledge host header processing in Section 5.2 * issue #122, availability of serial number information on registrar agent clarified in Section 6.1 * issue #123, Clarified usage of alternative voucher formats in Section 6.2.3 * issue #124, determination of pinned domain certificate done as in RFC 8995 included in Section 6.2.4 * issue #125, remove strength comparison of voucher assertions in Section 5.1 and Section 6 * issue #130, aligned the usage of site and domain throughout the document * changed naming of registrar certificate from LDevID(RegAgt) to EE (RegAgt) certificate throughout the document * change x5b to x5bag according to [RFC9360] * updated JSON examples -> "signature": BASE64URL(JWS Signature)
We will present discussions during IETF 118 in the ANIMA session Best regards Steffen -----Original Message----- From: Anima <[email protected]> On Behalf Of [email protected] Sent: Montag, 23. Oktober 2023 16:31 To: [email protected] Cc: [email protected] Subject: [Anima] I-D Action: draft-ietf-anima-brski-prm-10.txt Internet-Draft draft-ietf-anima-brski-prm-10.txt is now available. It is a work item of the Autonomic Networking Integrated Model and Approach (ANIMA) WG of the IETF. Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM) Authors: Steffen Fries Thomas Werner Eliot Lear Michael C. Richardson Name: draft-ietf-anima-brski-prm-10.txt Pages: 95 Dates: 2023-10-23 Abstract: This document defines enhancements to Bootstrapping a Remote Secure Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in domains featuring no or only limited connectivity between a pledge and the domain registrar. It specifically changes the interaction model from a pledge-initiated mode, as used in BRSKI, to a pledge- responding mode, where the pledge is in server role. For this, BRSKI with Pledge in Responder Mode (BRSKI-PRM) introduces a new component, the registrar-agent, which facilitates the communication between pledge and registrar during the bootstrapping phase. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. The approach defined here is agnostic to the enrollment protocol that connects the domain registrar to the domain CA. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-prm-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-10 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
