Re: [Anima] Questions raised during IETF 105 regarding BRSKI-AE

"Fries, Steffen" <> Mon, 26 August 2019 06:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C12B1120104 for <>; Sun, 25 Aug 2019 23:10:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OLS64U7tDdw9 for <>; Sun, 25 Aug 2019 23:10:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 689281200A4 for <>; Sun, 25 Aug 2019 23:10:34 -0700 (PDT)
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x7Q6ASd8032697 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 26 Aug 2019 08:10:28 +0200
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x7Q6ARQV025513 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 26 Aug 2019 08:10:27 +0200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 26 Aug 2019 08:10:27 +0200
Received: from ([]) by ([]) with mapi id 14.03.0439.000; Mon, 26 Aug 2019 08:10:26 +0200
From: "Fries, Steffen" <>
To: Michael Richardson <>
CC: "" <>, Eliot Lear <>
Thread-Topic: [Anima] Questions raised during IETF 105 regarding BRSKI-AE
Thread-Index: AdVYNh7DQasumPNcQl+zj+APp3f5iQBsXsKAAHpqnWA=
Date: Mon, 26 Aug 2019 06:10:26 +0000
Message-ID: <>
References: <> <10184.1566595133@localhost>
In-Reply-To: <10184.1566595133@localhost>
Accept-Language: en-US
Content-Language: en-US
x-document-confidentiality: NotClassified
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Anima] Questions raised during IETF 105 regarding BRSKI-AE
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Aug 2019 06:10:37 -0000

Hi Michael,

> From: Michael Richardson <>
> Fries, Steffen <> wrote:
>     > There was a question regarding the benefits on Full CMC (PKI) Request
>     > support in EST from Michael. One of the benefits of the Full CMC
>     > request is that it provides a way to bind the entity identification and
>     > authentication to the certification request. This can be achieved by an
>     > additional signature over the certification request with the IDevID EE
>     > cert of a pledge. The result is what we called in the draft a
>     > self-contained object with two signatures, one with the private key
>     > corresponding to the contained public key in the CSR, the second with
>     > the private key, which's corresponding certificate can be validated.
>     > Maybe the term is misleading as the CSR is also self-contained. So we
>     > may need to fine a better term.
> okay.  I need to re-read things to better understand.
[stf] the essential point is to have the binding of the authentication using IDevID EE credentials directly on the CSR instead of indirectly using the communication link. We definitely need a better term as self-containing may be misleading.
>     > Having this type of self-contained object comes with some advantages:
>     > - It removes the strict binding of the  certification request with the
>     > pledge authentication in TLS using the tls-unique value in the CSR
>     > during the EST run. This is especially interesting for scenarios, in
>     > which the registrar (EST server) acts as LRA and has (temporarily) no
>     > connection to the issuing RA/CA. If it needs to store the CSR and
>     > forward it later on for further processing to the RA/CA, the
>     > information about the identity and authentication is not directly bound
>     > to the CSR and would require other mechanisms.
>     > - For the "no soup case - come back later" case (Eliot, I just borrowed
>     > your analogy)  it provides the advantage, if the tls-unique parameter
>     > is used in the CSR (BRSKI is open to this) to bind the CSR to a
>     > specific TLS connection. If the TLS connection between the pledge and
>     > the registrar was teared down, EST (in simple enroll/reenroll) requires
>     > to resent the CSR, which would require to include a new tls-unique
>     > number, which in turn would require rebuilding the CSR (also described
>     > in RFC 7030, section 4.2.3).
> I agree that this is a good feature.
> Can you tell us more about how you'd use it?
[stf] Retry in EST is done by resending the CSR is after the signaled retry after period in the 202 message from the server. The server must keep track of all states necessary to assign the try request to an already received request. Other protocols provide a request identifier, which can be leveraged to ask for the certificate using the request identifier based on the initially provided CSR.
> My next question would be, given that some would like CMP rather than EST as an option, and it appears that LAMPS may do a
> minimal profile of CMP, maybe that would suit you better for these disconnected uses rather than fullcmc.
[stf] The intention of lightweight CMP is to reduce the versality of CMP down to what is necessary in typical industrial or IoT scenarios. It can be used in a similar way as FullCMC and thus it can be used to address the BRSKI-AE case. As stated in BRSKI-AE draft, the message wrapping with signature provided in CMP and FullCMC provides the binding to the initial authentication on an object base. That said, I would propose to let the registrar support multiple enrollment protocols to be able to handle different deployment environments.

> Regardless, how would one discover and signal the use of fullcmc or CMP?
[stf] EST provides this option by using the well-known URI approach. It specifies this for /simpeenroll and /simplereenroll, but also for /fullcmc. In BRSKI-AE we followed that path and utilized the same mimic and proposed "/.well-known/enrollment-variant/request". This would allow to support different options on the Registrar side and let the pledge pick one.

Best regards
> --
> Michael Richardson <>, Sandelman Software Works  -= IPv6 IoT consulting =-