Dear ACE WG, (cc: ANIMA)
below the info of the latest draft of cBRSKI. It now provides a clearer
description of what elements from RFC 9148 are updated.
Any comments are of course welcome. FYI we had some prior discussion in
the BRSKI design team on how such updates should be written down:
1) as currently done (free-form text, not literally quoting RFC 9148 text)
2) quote exact RFC 9148 text and use OLD/NEW to indicate the change
3) provide NEW text for particular RFC 9148 sections, replacing what was
there before.
The discussion wasn't fully settled yet but until now no major pushback
was observed for our method 1).
One element to consider is whether these updates are also useful for, or
may interfere with, other post-9148 drafts such as
draft-ietf-ace-coap-est-oscore ?
best regards,
Esko
-------- Forwarded Message --------
Subject: [Anima] I-D Action: draft-ietf-anima-constrained-voucher-31.txt
Date: Mon, 08 Jun 2026 02:42:55 -0700
From: [email protected]
Reply-To: [email protected]
To: [email protected]
CC: [email protected]
Internet-Draft draft-ietf-anima-constrained-voucher-31.txt is now available.
It is a work item of the Autonomic Networking Integrated Model and Approach
(ANIMA) WG of the IETF.
Title: Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI)
Authors: Michael Richardson
Peter van der Stok
Panos Kampanakis
Esko Dijk
Name: draft-ietf-anima-constrained-voucher-31.txt
Pages: 96
Dates: 2026-06-08
Abstract:
This document defines the Constrained Bootstrapping Remote Secure Key
Infrastructure (cBRSKI) protocol, which provides a solution for
secure zero-touch onboarding of resource-constrained (IoT) devices
into the network of a domain owner. This protocol is designed for
constrained networks, which may have limited data throughput or may
experience frequent packet loss. cBRSKI is a variant of the BRSKI
protocol, which uses an artifact signed by the device manufacturer
called the "voucher" which enables a new device and the owner's
network to mutually authenticate. While the BRSKI voucher data is
encoded in JSON, cBRSKI uses a compact CBOR-encoded voucher. The
BRSKI voucher data definition is extended with new data types that
allow for smaller voucher sizes. The Enrollment over Secure
Transport (EST) protocol, used in BRSKI, is replaced with EST-over-
CoAPS; and HTTPS used in BRSKI is replaced with DTLS-secured CoAP
(CoAPS). This document Updates RFC 8995 and RFC 9148.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-constrained-voucher/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-anima-constrained-voucher-31.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-constrained-voucher-31
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]
