[Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt
"Fries, Steffen" <steffen.fries@siemens.com> Mon, 14 June 2021 16:27 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C0983A29D3 for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLCMe4KROrHp for <anima@ietfa.amsl.com>; Mon, 14 Jun 2021 09:27:40 -0700 (PDT)
Received: from gw-eagle1.siemens.com (gw-eagle1.siemens.com [194.138.20.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087F23A29D2 for <anima@ietf.org>; Mon, 14 Jun 2021 09:27:39 -0700 (PDT)
Received: from mail4.dc4ca.siemens.de (mail4.dc4ca.siemens.de [139.23.14.214]) by gw-eagle1.siemens.com (Postfix) with ESMTPS id E7CBC4F027A for <anima@ietf.org>; Mon, 14 Jun 2021 18:27:35 +0200 (CEST)
Received: from DEMCHDC8A0A.ad011.siemens.net (demchdc8a0a.ad011.siemens.net [139.25.226.106]) by mail4.dc4ca.siemens.de (Postfix) with ESMTPS id 9CF6027247DB for <anima@ietf.org>; Mon, 14 Jun 2021 18:27:35 +0200 (CEST)
Received: from DEMCHDC89XA.ad011.siemens.net (139.25.226.103) by DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Mon, 14 Jun 2021 18:27:35 +0200
Received: from DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) by DEMCHDC89XA.ad011.siemens.net ([139.25.226.103]) with mapi id 15.01.2176.014; Mon, 14 Jun 2021 18:27:35 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt
Thread-Index: AQHXYTmb4W5UKb3Un0C2c4MzhPOzVKsTsNvw
Date: Mon, 14 Jun 2021 16:27:35 +0000
Message-ID: <eb471e23b0a04f058eccd5cd60fb3786@siemens.com>
References: <162368780451.16015.5829264819793833732@ietfa.amsl.com>
In-Reply-To: <162368780451.16015.5829264819793833732@ietfa.amsl.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-06-14T16:27:34Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=7e7624a9-01ff-425e-8222-ae604a8ba5ff; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [144.145.220.66]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/55aTSyHy-JG3P-Vq_DjnQKdujCE>
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 16:27:45 -0000
Hello all, I just submitted an update of BRSKI-AE which contains the following list of changes to the 01 version: o Defined call flow and objects for interactions in use case2. Object format based on draft for JOSE signed voucher artifacts and aligned the remaining objects with this approach in Section 5.2.3 o Terminology change: issue #2 pledge-agent -> registrar-agent to better underline agent relation. o Terminology change: issue #3 PULL/PUSH -> pledge-initiator-mode and pledge-responder-mode to better address the pledge operation. o Communication approach between pledge and registrar-agent changed by removing TLS-PSK (former section TLS establishment) and associated references to other drafts in favor of relying on higher layer exchange of signed data objects. These data objects are included also in the pledge-voucher-request and lead to an extension of the YANG module for the voucher-request (issue #12). o Details on trust relationship between registrar-agent and registrar (issue #4, #5, #9) included in Section 5.2. o Recommendation regarding short-lived certificates for registrar- agent authentication towards registrar (issue #7) in the security considerations. o Introduction of reference to agent signing certificate using SKID in agent signed data (issue #11). o Enhanced objects in exchanges between pledge and registrar-agent to allow the registrar to verify agent-proximity to the pledge (issue #1) in Section 5.2.3. o Details on trust relationship between registrar-agent and pledge (issue #5) included in Section 5.2. o Split of use case 2 call flow into sub sections in Section 5.2.3. The stated resolved issues related to the once enumerated in the anima gitlab. Please provide feedback as it helps to further develop the approach. Best regards Steffen -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Montag, 14. Juni 2021 18:23 To: Eliot Lear <lear@cisco.com>; Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com>; Fries, Steffen (T RDA CST) <steffen.fries@siemens.com>; Werner, Thomas (T RDA CST SEA-DE) <thomas-werner@siemens.com> Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-02.txt A new version of I-D, draft-ietf-anima-brski-async-enroll-02.txt has been successfully submitted by Steffen Fries and posted to the IETF repository. Name: draft-ietf-anima-brski-async-enroll Revision: 02 Title: Support of asynchronous Enrollment in BRSKI (BRSKI-AE) Document date: 2021-06-14 Group: anima Pages: 59 URL: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-anima-brski-async-enroll-02.txt&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077385854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F6jTDHN9ZJuLOmKSx6AAXbOSHFDVOG9JrvPo6D%2FOx8o%3D&reserved=0 Status: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski-async-enroll%2F&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IinDSTTy3D%2BLcoGsUfM0GzUWmwvJaQaqlkr6DchcSG8%3D&reserved=0 Htmlized: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski-async-enroll&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yfaytb5npue822GNTiMEU%2Bi4di3OuABk9YBvvI2v%2FGo%3D&reserved=0 Diff: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-anima-brski-async-enroll-02&data=04%7C01%7Ccef9763c-149c-4881-b9c2-5fedc277663a%40ad011.siemens.com%7C3a48344b61fc45c0242e08d92f50bcfa%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637592846077395842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=C09nmKLYTx%2FbBLyFdwh4fEdU8LYT57msQzTIb6q8kCU%3D&reserved=0 Abstract: This document describes enhancements of bootstrapping a remote secure key infrastructure (BRSKI, [RFC8995] ) to also operate in domains featuring no or only timely limited connectivity between involved components. Further enhancements are provided to perform the BRSKI approach in environments, in which the role of the pledge changes from a client to a server . This changes the interaction model from a pledge-initiator-mode to a pledge-responder-mode. To support both use cases, BRSKI-AE relies on the exchange of authenticated self- contained objects (signature-wrapped objects) also for requesting and distributing of domain specific device certificates. The defined approach is agnostic regarding the utilized enrollment protocol allowing the application of existing and potentially new certificate management protocols. The IETF Secretariat
- [Anima] FW: New Version Notification for draft-ie… Fries, Steffen
- [Anima] towards adoption of draft-richardson-anim… Michael Richardson
- Re: [Anima] towards adoption of draft-richardson-… Carsten Bormann
- Re: [Anima] towards adoption of draft-richardson-… Michael Richardson