[Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt

"Fries, Steffen" <steffen.fries@siemens.com> Mon, 14 June 2021 16:27 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C0983A29D3 for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLCMe4KROrHp for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:27:40 -0700 (PDT)
Received: from gw-eagle1.siemens.com (gw-eagle1.siemens.com [194.138.20.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087F23A29D2 for <anima@ietf.org>; Mon, 14 Jun 2021 09:27:39 -0700 (PDT)
Received: from mail4.dc4ca.siemens.de (mail4.dc4ca.siemens.de [139.23.14.214]) by gw-eagle1.siemens.com (Postfix) with ESMTPS id E7CBC4F027A for <anima@ietf.org>; Mon, 14 Jun 2021 18:27:35 +0200 (CEST)
Received: from DEMCHDC8A0A.ad011.siemens.net (demchdc8a0a.ad011.siemens.net [139.25.226.106]) by mail4.dc4ca.siemens.de (Postfix) with ESMTPS id 9CF6027247DB for <anima@ietf.org>; Mon, 14 Jun 2021 18:27:35 +0200 (CEST)
Received: from DEMCHDC89XA.ad011.siemens.net (139.25.226.103) by DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Mon, 14 Jun 2021 18:27:35 +0200
Received: from DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) by DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) with mapi id 15.01.2176.014; Mon, 14 Jun 2021 18:27:35 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt
Thread-Index: AQHXYTmb4W5UKb3Un0C2c4MzhPOzVKsTsNvw
Date: Mon, 14 Jun 2021 16:27:35 +0000
Message-ID: <eb471e23b0a04f058eccd5cd60fb3786@siemens.com>
References: <162368780451.16015.5829264819793833732@ietfa.amsl.com>
In-Reply-To: <162368780451.16015.5829264819793833732@ietfa.amsl.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-06-14T16:27:34Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=7e7624a9-01ff-425e-8222-ae604a8ba5ff; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [144.145.220.66]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/55aTSyHy-JG3P-Vq_DjnQKdujCE>
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 16:27:45 -0000

Hello all,

I just submitted an update of BRSKI-AE which contains the following list of changes to the 01 version:

   o  Defined call flow and objects for interactions in use case2.  Object
      format based on draft for JOSE signed voucher artifacts and
      aligned the remaining objects with this approach in Section 5.2.3

   o  Terminology change: issue #2 pledge-agent -> registrar-agent to
      better underline agent relation.

   o  Terminology change: issue #3 PULL/PUSH -> pledge-initiator-mode
      and pledge-responder-mode to better address the pledge operation.

   o  Communication approach between pledge and registrar-agent changed
      by removing TLS-PSK (former section TLS establishment) and
      associated references to other drafts in favor of relying on
      higher layer exchange of signed data objects.  These data objects
      are included also in the pledge-voucher-request and lead to an
      extension of the YANG module for the voucher-request (issue #12).

   o  Details on trust relationship between registrar-agent and
      registrar (issue #4, #5, #9) included in Section 5.2.

   o  Recommendation regarding short-lived certificates for registrar-
      agent authentication towards registrar (issue #7) in the security
      considerations.

   o  Introduction of reference to agent signing certificate using SKID
      in agent signed data (issue #11).

   o  Enhanced objects in exchanges between pledge and registrar-agent
      to allow the registrar to verify agent-proximity to the pledge
      (issue #1) in Section 5.2.3.

   o  Details on trust relationship between registrar-agent and pledge
      (issue #5) included in Section 5.2.

   o  Split of use case 2 call flow into sub sections in Section 5.2.3.

The stated resolved issues related to the once enumerated in the anima gitlab. 
Please provide feedback as it helps to further develop the approach.

Best regards
Steffen

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Montag, 14. Juni 2021 18:23
To: Eliot Lear <lear@cisco.com>; Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com>; Fries, Steffen (T RDA CST) <steffen.fries@siemens.com>; Werner, Thomas (T RDA CST SEA-DE) <thomas-werner@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt


A new version of I-D, draft-ietf-anima-brski-async-enroll-02.txt
has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:		draft-ietf-anima-brski-async-enroll
Revision:	02
Title:		Support of asynchronous Enrollment in BRSKI (BRSKI-AE)
Document date:	2021-06-14
Group:		anima
Pages:		59
URL:            https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-anima-brski-async-enroll-02.txt&amp;data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077385854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=%2F6jTDHN9ZJuLOmKSx6AAXbOSHFDVOG9JrvPo6D%2FOx8o%3D&amp;reserved=0
Status:         https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski-async-enroll%2F&amp;data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IinDSTTy3D%2BLcoGsUfM0GzUWmwvJaQaqlkr6DchcSG8%3D&amp;reserved=0
Htmlized:       https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski-async-enroll&amp;data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=yfaytb5npue822GNTiMEU%2Bi4di3OuABk9YBvvI2v%2FGo%3D&amp;reserved=0
Diff:           https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-anima-brski-async-enroll-02&amp;data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=C09nmKLYTx%2FbBLyFdwh4fEdU8LYT57msQzTIb6q8kCU%3D&amp;reserved=0

Abstract:
   This document describes enhancements of bootstrapping a remote secure
   key infrastructure (BRSKI, [RFC8995] ) to also operate in domains
   featuring no or only timely limited connectivity between involved
   components.  Further enhancements are provided to perform the BRSKI
   approach in environments, in which the role of the pledge changes
   from a client to a server . This changes the interaction model from a
   pledge-initiator-mode to a pledge-responder-mode.  To support both
   use cases, BRSKI-AE relies on the exchange of authenticated self-
   contained objects (signature-wrapped objects) also for requesting and
   distributing of domain specific device certificates.  The defined
   approach is agnostic regarding the utilized enrollment protocol
   allowing the application of existing and potentially new certificate
   management protocols.

                                                                                  


The IETF Secretariat