[Anima] FW: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt

["Fries, Steffen" <steffen.fries@siemens.com>]

Hi,

We provided an update on the BRSKI-AE draft. The update addresses many of the "TBD" places from the 00 version. Specifically it provides the use case description as well as the potential call flow. We also started a mapping to existing enrollment. 

I will write a separate email asking for a presentation slot during the next IETF meeting

Best regards
Steffen

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Montag, 8. Juli 2019 12:01
To: Eliot Lear <lear@cisco.com>; Fries, Steffen (CT RDA CST) <steffen.fries@siemens.com>; Brockhaus, Hendrik (CT RDA CST SEA-DE) <hendrik.brockhaus@siemens.com>
Subject: New Version Notification for draft-fries-anima-brski-async-enroll-01.txt


A new version of I-D, draft-fries-anima-brski-async-enroll-01.txt
has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:		draft-fries-anima-brski-async-enroll
Revision:	01
Title:		Support of asynchronous Enrollment in BRSKI
Document date:	2019-07-08
Group:		Individual Submission
Pages:		23
URL:            https://www.ietf.org/internet-drafts/draft-fries-anima-brski-async-enroll-01.txt
Status:         https://datatracker.ietf.org/doc/draft-fries-anima-brski-async-enroll/
Htmlized:       https://tools.ietf.org/html/draft-fries-anima-brski-async-enroll-01
Htmlized:       https://datatracker.ietf.org/doc/html/draft-fries-anima-brski-async-enroll
Diff:           https://www.ietf.org/rfcdiff?url2=draft-fries-anima-brski-async-enroll-01

Abstract:
   This document discusses an enhancement of automated bootstrapping of
   a remote secure key infrastructure (BRSKI) to operate in domains
   featuring no or only timely limited connectivity to backend services
   offering enrollment functionality, specifically a Public Key
   Infrastructure (PKI).  In the context of deploying new devices the
   design of BRSKI allows for online (synchronous object exchange) and
   offline interactions (asynchronous object exchange) with a
   manufacturer's authorization service.  For this it utilizes a self-
   contained voucher to transport the domain credentials as a signed
   object to establish an initial trust between the pledge and the
   deployment domain.  The currently supported enrollment protocol for
   request and distribution of deployment domain specific device
   certificates provides only limited support for asynchronous PKI
   interactions.  This memo motivates the enhancement of supporting
   self-contained objects for certificate management by using an
   abstract notation.  This allows off-site operation of PKI services
   outside the deployment domain of the pledge.  This addresses
   specifically scenarios, in which the final authorization of
   certification request of a pledge cannot be made in the deployment
   domain and is therefore delegated to a operator backend.  The goal is
   to enable the usage of existing and potentially new PKI protocols
   supporting self-containment for certificate management.

                                                                                  


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat