[Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-01.txt

"Fries, Steffen" <steffen.fries@siemens.com> Thu, 07 January 2021 14:31 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id BBD353A1184 for <anima@ietfa.amsl.com>; Thu, 7 Jan 2021 06:31:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id IBlLqNKcvEZE for <anima@ietfa.amsl.com>; Thu, 7 Jan 2021 06:31:38 -0800 (PST)
Received: from gw-eagle2.siemens.com (gw-eagle2.siemens.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D08FF3A10CA for <anima@ietf.org>; Thu, 7 Jan 2021 06:31:37 -0800 (PST)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de []) by gw-eagle2.siemens.com (Postfix) with ESMTPS id F3DA2468008 for <anima@ietf.org>; Thu, 7 Jan 2021 15:31:35 +0100 (CET)
Received: from DEMCHDC89YA.ad011.siemens.net (demchdc89ya.ad011.siemens.net []) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id EFF8517DD56FC for <anima@ietf.org>; Thu, 7 Jan 2021 15:31:35 +0100 (CET)
Received: from DEMCHDC89XA.ad011.siemens.net ( by DEMCHDC89YA.ad011.siemens.net ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 7 Jan 2021 15:31:35 +0100
Received: from DEMCHDC89XA.ad011.siemens.net ([]) by DEMCHDC89XA.ad011.siemens.net ([]) with mapi id 15.01.2106.006; Thu, 7 Jan 2021 15:31:35 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-async-enroll-01.txt
Thread-Index: AQHW5QC7damZsZVixkuFExoPaLXOGqocN4XQ
Date: Thu, 7 Jan 2021 14:31:35 +0000
Message-ID: <257aa4fd76ab45f795a8800bcde7dca4@siemens.com>
References: <161002942767.25870.16730011440580315501@ietfa.amsl.com>
In-Reply-To: <161002942767.25870.16730011440580315501@ietfa.amsl.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-01-07T14:31:34Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=400dbea2-6e1e-48f4-8465-d480411a24e9; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: []
x-tm-snts-smtp: A0C6DBE3CF7FFA9D645B6786F2522AF9901AE1BDE6A51E13D816F475152D8B002000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/1bXRaZeup4v1BoI3t8cQO1XWEoU>
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-01.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 14:31:40 -0000


I just submitted an update of the BRSKI-AE draft (draft-ietf-anima-brski-async-enroll-01)
This document is an intermediate version to also address the upcoming expiry date of the previous version. 

The main changes from IETF draft 00 -> IETF 01 comprise
o  Update of scope in Section 3.1 to include in which the pledge acts as a server.  This is one main motivation for use case 2.
o  Rework of use case 2 in Section 5.2 to consider the transport between the pledge and the pledge-agent.  Addressed is the TLS
      channel establishment between the pledge-agent and the pledge as well as the endpoint definition on the pledge.
o  First description of exchanged object types (needs more work)
o  Clarification in discovery options for enrollment endpoints at the domain registrar based on well-known endpoints in Section 5.3 do
      not result in additional /.well-known URIs.  Update of the  illustrative example.  Note that the change to /brski for the
      voucher related endpoints has been taken over in the BRSKI main document. (thanks to Michael)
o  Updated references.
o  Included Thomas Werner as additional author for the document.

There are several open issues to be addressed in the document. Also the currently described PUSH mechanism in Use Case 2 needs more discussion regarding the underlying trust models and exchanges. 

Please provide feedback as it helps to further develop the approach.

Best regards

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Donnerstag, 7. Januar 2021 15:24
To: Eliot Lear <lear@cisco.com>om>; Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com>om>; Fries, Steffen (T RDA CST) <steffen.fries@siemens.com>om>; Werner, Thomas (T RDA CST SEA-DE) <thomas-werner@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-01.txt

A new version of I-D, draft-ietf-anima-brski-async-enroll-01.txt
has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:		draft-ietf-anima-brski-async-enroll
Revision:	01
Title:		Support of asynchronous Enrollment in BRSKI (BRSKI-AE)
Document date:	2021-01-07
Group:		anima
Pages:		41
URL:            https://www.ietf.org/archive/id/draft-ietf-anima-brski-async-enroll-01.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-anima-brski-async-enroll/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-async-enroll
Htmlized:       https://tools.ietf.org/html/draft-ietf-anima-brski-async-enroll-01
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-brski-async-enroll-01

   This document describes enhancements of bootstrapping a remote secure
   key infrastructure (BRSKI) to also operate in domains featuring no or
   only timely limited connectivity between involved components.
   Moreover, newly introduced are methods to perform the BRSKI approach
   in environments, in which the role of the pledge changes to a server
   instead of the client.  This changes the interaction model as the
   pledge is pushed to interact with the registrar instead of pulling
   information from the registrar.  To support both, BRSKI-AE relies on
   the exchange of it authenticated self-contained objects (signature-
   wrapped objects) also for requesting and distributing of domain
   specific device certificates.  The defined approach is agnostic
   regarding the utilized enrollment protocol allowing the application
   of existing and potentially new certificate management protocols.


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat