As promised, here is a draft that attempts to wangle BRSKI to allow for
proof of possession tests.  This is very early work and intended for
discussion at this point during OPSAWG and at the side meeting we have
scheduled for Tuesday night.  If people like what they see, we can
discuss in more detail in Prague.

This draft includes three specific test types, one of which may come out
Real Soon:

 1. The registrar has obtained proof of possession and provides that
    proof to the MASA.  This solves a wireless case.
 2. The registrar has obtained proof of possession and, rather than
    providing proof to the MASA, provides proof to the pledge (two-party
    instead of three).
 3. The registrar tells the MASA, “Trust Me!  Really!” in its best Joe
    Isuzu voice*.  (This may be redundant, which is why it may come out.)

Discussion points:

  * The basis of all of this work is really that Max, Michael, and Kent
    did a bang up job by coming up with the voucher concept, and so
    let's all agree PLEASE that no matter how we slice it, a voucher
    request needs to be generated, and a voucher response needs to be
    delivered.  The means for proof, and even the identity returned, can
    be stretched.
  * Should we stretch further, and include different keying material
    objects?  I'm CCing EAP folk because that is a big fat question for
    them.

Eliot

* See https://www.youtube.com/watch?v=mR361ASrMew


--- Begin Message ---
A new version of I-D, draft-lear-brski-pop-00.txt
has been successfully submitted by Eliot Lear and posted to the
IETF repository.

Name:           draft-lear-brski-pop
Revision:       00
Title:          Proof of Possession to Devices for Onboarding
Document date:  2018-10-20
Group:          Individual Submission
Pages:          7
URL:            https://www.ietf.org/internet-drafts/draft-lear-brski-pop-00.txt
Status:         https://datatracker.ietf.org/doc/draft-lear-brski-pop/
Htmlized:       https://tools.ietf.org/html/draft-lear-brski-pop-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-lear-brski-pop


Abstract:
   This memo specifies a RESTful interface for local deployments to
   demonstrate proof of possession to a device or to a manufacturer
   authorized signing authority (MASA).  This covers the case where a
   MASA would not otherwise have knowledge of where a device is
   deployed, or when a MASA may not be required.  Such knowledge is
   important to onboard certain classes of devices, such as those on
   IEEE 802.11 networks.

                                                                                
  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat



--- End Message ---

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to