[Anima] FW: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt
"Fries, Steffen" <steffen.fries@siemens.com> Mon, 08 July 2019 10:12 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DC6D120129 for <anima@ietfa.amsl.com>; Mon, 8 Jul 2019 03:12:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQBh3XJsyuAP for <anima@ietfa.amsl.com>; Mon, 8 Jul 2019 03:12:06 -0700 (PDT)
Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0585D12010F for <anima@ietf.org>; Mon, 8 Jul 2019 03:12:05 -0700 (PDT)
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x68AC30H025614 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <anima@ietf.org>; Mon, 8 Jul 2019 12:12:03 +0200
Received: from DEFTHW99ERIMSX.ww902.siemens.net (defthw99erimsx.ww902.siemens.net [139.22.70.134]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id x68AC3v4016310 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <anima@ietf.org>; Mon, 8 Jul 2019 12:12:03 +0200
Received: from DENBGAT9ERIMSX.ww902.siemens.net (139.22.70.138) by DEFTHW99ERIMSX.ww902.siemens.net (139.22.70.134) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 8 Jul 2019 12:12:03 +0200
Received: from DENBGAT9EJ5MSX.ww902.siemens.net ([169.254.12.197]) by DENBGAT9ERIMSX.ww902.siemens.net ([139.22.70.138]) with mapi id 14.03.0439.000; Mon, 8 Jul 2019 12:12:02 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt
Thread-Index: AQHVNXRQSYuO9dRAP0yIPUaI9jpKqabAf37g
Date: Mon, 08 Jul 2019 10:12:01 +0000
Message-ID: <E6C9F0E527F94F4692731382340B337826FE3454@DENBGAT9EJ5MSX.ww902.siemens.net>
References: <156258004189.1093.17800160134532385145.idtracker@ietfa.amsl.com>
In-Reply-To: <156258004189.1093.17800160134532385145.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-document-confidentiality: NotClassified
x-originating-ip: [139.22.70.12]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/82KexV4L7G28zk0t4QWpw3_ynGQ>
Subject: [Anima] FW: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 10:12:09 -0000
Hi, We provided an update on the BRSKI-AE draft. The update addresses many of the "TBD" places from the 00 version. Specifically it provides the use case description as well as the potential call flow. We also started a mapping to existing enrollment. I will write a separate email asking for a presentation slot during the next IETF meeting Best regards Steffen -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Montag, 8. Juli 2019 12:01 To: Eliot Lear <lear@cisco.com>; Fries, Steffen (CT RDA CST) <steffen.fries@siemens.com>; Brockhaus, Hendrik (CT RDA CST SEA-DE) <hendrik.brockhaus@siemens.com> Subject: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt A new version of I-D, draft-fries-anima-brski-async-enroll-01.txt has been successfully submitted by Steffen Fries and posted to the IETF repository. Name: draft-fries-anima-brski-async-enroll Revision: 01 Title: Support of asynchronous Enrollment in BRSKI Document date: 2019-07-08 Group: Individual Submission Pages: 23 URL: https://www.ietf.org/internet-drafts/draft-fries-anima-brski-async-enroll-01.txt Status: https://datatracker.ietf.org/doc/draft-fries-anima-brski-async-enroll/ Htmlized: https://tools.ietf.org/html/draft-fries-anima-brski-async-enroll-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-fries-anima-brski-async-enroll Diff: https://www.ietf.org/rfcdiff?url2=draft-fries-anima-brski-async-enroll-01 Abstract: This document discusses an enhancement of automated bootstrapping of a remote secure key infrastructure (BRSKI) to operate in domains featuring no or only timely limited connectivity to backend services offering enrollment functionality, specifically a Public Key Infrastructure (PKI). In the context of deploying new devices the design of BRSKI allows for online (synchronous object exchange) and offline interactions (asynchronous object exchange) with a manufacturer's authorization service. For this it utilizes a self- contained voucher to transport the domain credentials as a signed object to establish an initial trust between the pledge and the deployment domain. The currently supported enrollment protocol for request and distribution of deployment domain specific device certificates provides only limited support for asynchronous PKI interactions. This memo motivates the enhancement of supporting self-contained objects for certificate management by using an abstract notation. This allows off-site operation of PKI services outside the deployment domain of the pledge. This addresses specifically scenarios, in which the final authorization of certification request of a pledge cannot be made in the deployment domain and is therefore delegated to a operator backend. The goal is to enable the usage of existing and potentially new PKI protocols supporting self-containment for certificate management. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Anima] FW: New Version Notification for draft-fr… Fries, Steffen