Re: [Anima] New Version Notification for draft-ietf-anima-brski-prm-09.txt
"Fries, Steffen" <steffen.fries@siemens.com> Mon, 10 July 2023 19:43 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89388C16B1E5 for <anima@ietfa.amsl.com>; Mon, 10 Jul 2023 12:43:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZyQoaorW_NK7 for <anima@ietfa.amsl.com>; Mon, 10 Jul 2023 12:43:25 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2055.outbound.protection.outlook.com [40.107.21.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2BBC131C43 for <anima@ietf.org>; Mon, 10 Jul 2023 12:43:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aVqMwRkJx3DDrpXnjlFMRWJylE31AJ9QeIrNCsCLHt5x2++sIeuaT0umYoF4hVutgfygq5ALQeV0WtG1d/yd8QfgcV2sDf3z7VAFMKTwGjywAqPNbK3GPTB5Cuu5zznmsJKsnH3C026hGGBSF/L4BVdBWXgeLRd5JpYaItXcanDcMO9d58I8VvWr/o9nkKY7ZSMjQ8TmbpaQul6CDlqki/2kUDUyYBz4QqQFAWcugsNI2GZByh7a2QGXrAf9MCFWzRvn1QqvPrJX01LccedGkzuRrz8FYrbVAtm32yvdloHqBn+quBAsJKJs4K5oyZYRo5yo4Q+IVn070omY0Kg/RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M6OtEIRTdC3eXT/Of+0rVaWPu4+8JxJHDSl7HyjjYis=; b=A9KjmaTLxp7+321iWrGtjcwvyDvnZwJwZC4GzqDxFXax8uBXubk1h9pbnQrjvRdZLzrtaoCZuNqgwPNdCNG6IxVWbux05x+jKu2PMYCaUJjJ3gWJusAsGcy8TzXAjQM1EeRk1YQyAwqMKfizDykpxwEzALj5lLZQi8+4p0vTFgp2urFg3GFBgJpqYBmGLevAnvSbmmYRZZZ3NhRw7N/FBRYpKxf3pfAye2lQ5/gjb1bi+xhGSP4hk08MQCyuIIAkJ1sBy8g+Fp0tkW8MrSY7JTela5Oi8+JevWueGOUIongS0hE8MSuVPLSz4falkEmlwaiIsuIUhtJWmJe/IIhTBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M6OtEIRTdC3eXT/Of+0rVaWPu4+8JxJHDSl7HyjjYis=; b=L/MpVpdAs8delbkTyj1HeEQLT6RDcwHBHwhzQwi6kCNp7LNmXNlZuCuBHQfvhilHLIEcngnGucpfCkaBVfeOspCr1VsI25WjAL1tncxrrFN42LMUrCBKbCob36xlegk761E70kAN2pxffY8SF3b/+tAWCbWT0aRl7XISxjKJQsnZzprbV0rGAAQli1qvbGsANqASj45ClO83icdIwHn65RdVQUt044KZeNlUch5Y8sGc4Ff4WzAkUsBX8Q1TiRhysLbx7H+IZANwlv/B98BoUO7zXBNDuf7QRBzC46oZPgeRa3m9UtGOksx/Rzd6xIbBBoQGghk+VM8HR5FY0RlH0Q==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by AS8PR10MB6337.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:53f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.30; Mon, 10 Jul 2023 19:43:20 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::2890:fbf:a66a:24de]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::2890:fbf:a66a:24de%4]) with mapi id 15.20.6565.028; Mon, 10 Jul 2023 19:43:20 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
CC: "Michael C. Richardson" <mcr+ietf@sandelman.ca>, Eliot Lear <lear@cisco.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "Werner, Thomas" <thomas-werner@siemens.com>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-prm-09.txt
Thread-Index: AQHZs2Vs4KYeNbEqnUqGWlIriEA1CK+zZIDg
Date: Mon, 10 Jul 2023 19:43:20 +0000
Message-ID: <DB9PR10MB6354FF9794C8720B7B1F7035F330A@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <168901761438.22784.16280415153171036044@ietfa.amsl.com>
In-Reply-To: <168901761438.22784.16280415153171036044@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=36cd8022-3705-4473-86e8-2878dd5b6432; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2023-07-10T19:35:13Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|AS8PR10MB6337:EE_
x-ms-office365-filtering-correlation-id: b94824f5-3990-41c5-83c6-08db817dea2e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bmKR0CzZ/UMzzsDyISMxe5+tli79mjgebGrlxaA7bCZeWJbfhrcDEQ+ru1j++lIBxF5qj8/DBAOaEtFjHdBugPskSXSVuUDOSmoKA0mY08p6q1Fn8MzNpa7ZjLH1AOwOu09iSuW4HEYwCMq3J5mlMgJ4V6RrWyIgikqLH0hN3E70rSsRA+lmyE0RWga9tJRyV4+mGJ3xpEOg0AvIWlVlRiuzaDvzP+0+gFr0vuhd+uE8KhGsywylVFgbLBwtr4THstBH6dmtqKnVvBuTjh/kyM2J0/iojwxmafWu8ul0yhJaBbMW4pAwlS9Czc4Eu+pCQ8cBWoKOdp5LKZmRec5tLXFKJzTJLq0wVJTHWsK9YxpSx9SZ4BKtKlh30iZ8xHwRKJ9+zgDdM+FeFuOy2QurgkPhl+DjYioks6I6K2GDuICkrOoVSh2JvVFchRzed1HfsRPx4Ep9aNAyFhT0cIgtzBPAu3InEj1orLGOyKBylG42Jfj9Uz9ahBFqn3q8QFA519dMdDx0/rC5Ghe3I29RRjcLluNwFkjW7orPrclT/O5H5VaURh5WhgACtiKgGEoXyMA7Q9PWGZWV5xqMhhAdLeV16FXmUevXYoBG9wAdans/dhKQfk0EptcO+PFtzTss
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(451199021)(52536014)(5660300002)(8676002)(15650500001)(66556008)(64756008)(41300700001)(8936002)(66446008)(66476007)(76116006)(66946007)(2906002)(6916009)(4326008)(316002)(45080400002)(71200400001)(7696005)(966005)(54906003)(53546011)(9686003)(6506007)(107886003)(26005)(186003)(83380400001)(66899021)(66574015)(38100700002)(478600001)(122000001)(82960400001)(38070700005)(33656002)(55016003)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 15bbRuV0bcOjQibTVKD2LjHxQdX8xEfoBm/DdjYGYmHwB33llrce5Te4EyQY5EcjYf38olr1zo+4A3kMIt3v7W6J5cWQk6pqrePuGAE0SogYEVE+BCKZ4ny+OLajy1h+ivtmE0IcL5T+wBkqKvmhRH5NOImPMWnCwfQFob9Zj0+7O5UFi/0uM9i5uwl1XjxAfbMB3Fvfd2DxHMC0b/aS/SkjXX53c3Elfp/Y1tE2+xvUsBm//4VtedHIezWD17XGtROo4EBA8az/VmUSZHXpIDJ3xCt6bHUmU5M+uaot6XJMf6lhkMsCYl6qrmKWbF4Ot047IQZ8T9uEaQX8rK2F2FVTZ2THAq7Dp4Vf4q33WIrX1qn5doufl/ZxxozUpZ+RpbsX/iqZCkWeZ3LhCHDmEiXDYmM1TDOYk0FMAq8sspvVE8qHAUN/vYLXdUE+3LCCDDZvNtxCtJJfRwCjpWylC3FrPQs7Nx4VJd2I/vmMFrkncj2ahmidesTrIXrSClgu4to7nVwOmauVli93mILEGuvzfkhbGk0ifOgw4DyxkYQCqBgbhQR6hnRzIo94JF6BO9eu4SaUeTq3H7rc+VdusYkfyPVLLt35+3Zv88NHJoni3hR81/9z6YgmjxAeByTP8i1tJRe4XT7Mis6RV4ui1BM9W26tFiyA9ofnm918o1jyJ3vX41/rWz1lZ2dSqr0kKnjcXXOm0XkA8nYakSH2bBiLqq3oR+pSjg6M+wUG0edRzkFp6mSfRwbhy0ShqzpDeORDRSYMwy8YQV6MnuipmqNoN4EQxw9vTpM3gg5A3OIMZwe8cch/rRg1u6BJk2cOUgMKdn915J5KEEL50mGMyZEJeiRcBe9J/kk39u/xF9KgD/ghtf/NVuOZYHEmjEjdg/KsjcnyJn8BhptONGwI3zlw9ID6Nr16L36+NyzAUGs1gDwp+r0rzkgZAqqQ1mE2C25b5wiyue5FanaGA9NRqn90XWb1sbFlchRmUX/eLuH70vxZNZstCDzbVo/8VWWbKdvnAS3swoOPFcwiG2hQMUX2E24P0OZSMdt5wnCLM5fkoW80CQYRGVEUAIYvNTMLSBdIIyKUEvqdnMhKl72R/2GVR80Kq1vdqVsGM/32xW+RJhTTTZ9qK3tYiPfq8QJ0zckgC4PzEC8VWXWqZQKWacSKghI4uCuicmvw5qtKT5hpBo4WagZZ38AtwgUKR3u7uYwRw9EYbrHwlseUXn15zk8NvDRFTVHNmbaPtlomUhKwHM3VCK4dFtHkWD2NNL9Q2lGaWJ2llu+pxMRjzG7KZHI4Nxqdi1WB0BXj3ncz2O4R0vUe2u1XuL5UTkplIlrE51pt/brwX+zdQ/8po3i3e7IHnVjt2r/PR2hpjXDNBW71egV5bNX8whz5z16dnhO40b7clyXYQ3ZFfee9vQSJ7JLEIn3EvD06uDKovWStRvKlQyo0zzxxn/W0VW6UJN3a25hKQ7fZKtg7jwJwnOnuBZ/v91RERgoiYSuMipsR+k/ob8ginf7ePW0bIMbE9TJOtvpbCpjtd3DBBsna+syXLyRVJ6CApL2uqZXZuODvIQHCsOtAiS1jSQAeZ4BbT+D6byH8aJAw0OoQ8AFVXOuA9A==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b94824f5-3990-41c5-83c6-08db817dea2e
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2023 19:43:20.2667 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fSe1rncSVSOKnOBO22uUX0ts9vDi0X9fUgL31FvJf1vtUs19HehfaN4qQ4G4pUdoaPo2DSnUoXkf2nXW1OR3f/kQnPcTa/4w9IHUPfsIkTI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB6337
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/Cqm4Vm-cJwLDwHkMml_atW0ab0s>
Subject: Re: [Anima] New Version Notification for draft-ietf-anima-brski-prm-09.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2023 19:43:29 -0000
Hello, We just submitted an update of BRSKI-PRM (now version 09) Since the last IETF meeting we mainly addressed the comments from the WGLC and the chair review, as there are: * issue #80, enhanced Section 5.3.2 with clarification on the serial number and the inclusion of GRASP * issue #81, enhanced introduction with motivation for agent_signed_data * issue #82, included optional TLS protection of the communication link between registrar-agent and pledge in the introduction, Section 4, and Section 6.1 * issue #83, enhanced Section 6.1.4 and Section 6.2.6 with note to re-enrollment * issue #87, clarified available information at the registrar-agent in Section 6.1 * issue #88, clarified, that the PVR in Section 6.1.2 and PER in Section 6.1.4 may contain the certificate chain. If not contained it MUST be available at the registrar. * issue #91, clarified that a separate HTTP connection may also be used to provide the PER in Section 6.2.6 * resolved remaining editorial issues discovered after WGLC (responded to on the mailing list in Reply 1 and Reply 2) resulting in more consistent descriptions * issue #92: kept separate endpoint for wrapped CSR on registrar Section 6.2.7 * issue #94: clarified terminology (possess vs. obtained) * issue #95: clarified optional IDevID CA certificates on registrar- agent Section 6.3 * issue #96: updated Figure 14 to correct to just one CA certificate provisioning * issue #97: deleted format explanation in Section 6.3 as it may be misleading * issue #99: motivated verification of second signature on voucher in Section 6.3 * issue #100: included negative example in Figure 15 * issue #101: included handling if Section 6.3.2 voucher telemetry information has not been received by the registrar-agent * issue #102: relaxed requirements for CA certs provisioning in Section 6.3.3 * issue #105: included negative example in Figure 16 * issue #107: included example for certificate revocation in Section 6.3.6 * issue #108: renamed heading to Pledge-Status Request of Section 6.4.1 * issue #111: included pledge-status response processing for authenticated requests in Section 6.4.2 * issue #112: added "Example key word in pledge-status response in Figure 22 * issue #113: enhanced description of status reply for "factory-default" in Section 6.4.2 * issue #114: Consideration of optional TLS usage in Privacy Considerations * issue #115: Consideration of optional TLS usage in Privacy Considerations to protect potentially privacy related information in the bootstrapping like status information, etc. * issue #116: Enhanced DoS description and mitigation options in security consideration section Most changes resulted in clarifications of terminology and approaches and additional error handling. There are some open issues in the ANIMA git, which are discussed during the design team meetings. The solution of these issues is expected straight forward. There is one issue to be discussed for the BRSKI enhancements in general, which relates to the discovery of registrars with additional features. The intention is to come up for a solution, which is applicable to BRSKI-AE, BRSKI-PRM, constraint BRSKI. Best regards Steffen > -----Original Message----- > From: internet-drafts@ietf.org <internet-drafts@ietf.org> > Sent: Monday, July 10, 2023 9:34 PM > To: Michael C. Richardson <mcr+ietf@sandelman.ca>; Eliot Lear > <lear@cisco.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Fries, > Steffen (T CST) <steffen.fries@siemens.com>; Werner, Thomas (T CST SEA-DE) > <thomas-werner@siemens.com> > Subject: New Version Notification for draft-ietf-anima-brski-prm-09.txt > > > A new version of I-D, draft-ietf-anima-brski-prm-09.txt has been successfully > submitted by Steffen Fries and posted to the IETF repository. > > Name: draft-ietf-anima-brski-prm > Revision: 09 > Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM) > Document date: 2023-07-10 > Group: anima > Pages: 91 > URL: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .ietf.org%2Farchive%2Fid%2Fdraft-ietf-anima-brski-prm- > 09.txt&data=05%7C01%7Csteffen.fries%40siemens.com%7Cdf72d4003fab4 > 2993ac008db817c8e09%7C38ae3bcd95794fd4addab42e1495d55a%7C1% > 7C0%7C638246144182588719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300 > 0%7C%7C%7C&sdata=KnV6w2R9H22iRcIL53A822%2FowLa12mlNsbREGgv > MyeU%3D&reserved=0 > Status: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat > racker.ietf.org%2Fdoc%2Fdraft-ietf-anima-brski- > prm%2F&data=05%7C01%7Csteffen.fries%40siemens.com%7Cdf72d4003fa > b42993ac008db817c8e09%7C38ae3bcd95794fd4addab42e1495d55a%7C1 > %7C0%7C638246144182588719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi > MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3 > 000%7C%7C%7C&sdata=2GdedDwvgEVmhwY994avpYCKI3sCz1YqR5X3PwN > TSLo%3D&reserved=0 > Htmlized: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat > racker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-anima-brski- > prm&data=05%7C01%7Csteffen.fries%40siemens.com%7Cdf72d4003fab429 > 93ac008db817c8e09%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C > 0%7C638246144182588719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000% > 7C%7C%7C&sdata=8ZFSU%2FGnubEe5W7FRwhHJKrDqvthZ8vFtwTKMF25PT > E%3D&reserved=0 > Diff: > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautho > r-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-anima-brski-prm- > 09&data=05%7C01%7Csteffen.fries%40siemens.com%7Cdf72d4003fab4299 > 3ac008db817c8e09%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0 > %7C638246144182588719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000% > 7C%7C%7C&sdata=MOapl34wQtbcDeb9bcZEWK0y4Rp%2BIpHmlBvX8Xy4i% > 2Bk%3D&reserved=0 > > Abstract: > This document defines enhancements to Bootstrapping a Remote Secure > Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in > domains featuring no or only limited connectivity between a pledge > and the domain registrar. It specifically changes the interaction > model from a pledge-initiated mode, as used in BRSKI, to a pledge- > responding mode, where the pledge is in server role. For this, BRSKI > with Pledge in Responder Mode (BRSKI-PRM) introduces a new component, > the registrar-agent, which facilitates the communication between > pledge and registrar during the bootstrapping phase. To establish > the trust relation between pledge and registrar, BRSKI-PRM relies on > object security rather than transport security. The approach defined > here is agnostic to the enrollment protocol that connects the domain > registrar to the domain CA. > > > > > The IETF Secretariat >
- Re: [Anima] New Version Notification for draft-ie… Fries, Steffen