[Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-00.txt

"Fries, Steffen" <steffen.fries@siemens.com> Fri, 10 July 2020 07:40 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 977893A0E84 for <anima@ietfa.amsl.com>; Fri, 10 Jul 2020 00:40:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pPqcGt5yhS4Z for <anima@ietfa.amsl.com>; Fri, 10 Jul 2020 00:40:01 -0700 (PDT)
Received: from gw-eagle1.siemens.com (gw-eagle1.siemens.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84BA13A0E82 for <anima@ietf.org>; Fri, 10 Jul 2020 00:40:01 -0700 (PDT)
Received: from mail2.dc4ca.siemens.de (mail2.dc4ca.siemens.de []) by gw-eagle1.siemens.com (Postfix) with ESMTPS id D3AB44F000E for <anima@ietf.org>; Fri, 10 Jul 2020 09:39:59 +0200 (CEST)
Received: from DEMCHDC8A0A.ad011.siemens.net (demchdc8a0a.ad011.siemens.net []) by mail2.dc4ca.siemens.de (Postfix) with ESMTPS id CF92714D31735 for <anima@ietf.org>; Fri, 10 Jul 2020 09:39:59 +0200 (CEST)
Received: from DEMCHDC8A1A.ad011.siemens.net ( by DEMCHDC8A0A.ad011.siemens.net ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Fri, 10 Jul 2020 09:39:59 +0200
Received: from DEMCHDC8A1A.ad011.siemens.net ([]) by DEMCHDC8A1A.ad011.siemens.net ([]) with mapi id 15.01.1979.003; Fri, 10 Jul 2020 09:39:59 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-async-enroll-00.txt
Thread-Index: AQHWVovDv41rxIdde0a4PfZNeN7gRakAbOJA
Date: Fri, 10 Jul 2020 07:39:59 +0000
Message-ID: <6d97fc3fd7074243944dee7319cfbee0@siemens.com>
References: <159436612878.4549.16244632802362802533@ietfa.amsl.com>
In-Reply-To: <159436612878.4549.16244632802362802533@ietfa.amsl.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
x-originating-ip: []
x-tm-snts-smtp: 3D9A08D034FA54F92C412844A1272A3A63EA1A904D5D90D495510462D85A4D982000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/HWG77OlPVp0zBxuyR4vvfMMU62I>
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-async-enroll-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 07:40:04 -0000


I just submitted the updated version of the BRSKI-AE draft as WG draft.

In the submitted version we already included updates and further revised the text based on comments we received during the adoption call. 
We would like to discuss the changes during the next ANIMA WG meeting. 

The changes comprise mostly editorial changes related to restructuring,  simplifications of descriptions and stripping of replicated information from BRSKI. A proposal is included in the draft for handling discovery of enrollment endpoints at a domain registrar as outlined in the individual submission. We would like to use some time in the next ANIMA WG meeting to discuss/refine these with the WG and also discuss the next steps for the document. 

The following list summarizes the changes from individual version 03 -> IETF draft 00:

   o  Inclusion of discovery options of enrollment endpoints at the
      domain registrar based on well-known endpoints in Section 5.3 as
      replacement of section 5.1.3 in the individual draft.  This is
      intended to support both use cases in the document.  An
      illustrative example is provided.

   o  Missing details provided for the description and call flow in
      pledge-agent use case Section 5.2, e.g. to accommodate
      distribution of CA certificates.

   o  Updated CMP example in Section 6 to use lightweight CMP instead of
      CMP, as the draft already provides the necessary /.well-known

   o  Requirements discussion moved to separate section in Section 4.
      Shortened description of proof of identity binding and mapping to
      existing protocols.

   o  Removal of copied call flows for voucher exchange and registrar
      discovery flow from [I-D.ietf-anima-bootstrapping-keyinfra] in
      section 5.1 to avoid doubling or text or inconsistencies.

   o  Reworked abstract and introduction to be more crisp regarding the
      targeted solution.  Several structural changes in the document to
      have a better distinction between requirements, use case
      description, and solution description as separate sections.
      History moved to appendix.

Best regards

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Freitag, 10. Juli 2020 09:29
To: Fries, Steffen (CT RDA CST) <steffen.fries@siemens.com>; Eliot Lear <lear@cisco.com>; Brockhaus, Hendrik (CT RDA CST SEA-DE) <hendrik.brockhaus@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-async-enroll-00.txt

A new version of I-D, draft-ietf-anima-brski-async-enroll-00.txt
has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:		draft-ietf-anima-brski-async-enroll
Revision:	00
Title:		Support of asynchronous Enrollment in BRSKI (BRSKI-AE)
Document date:	2020-07-10
Group:		anima
Pages:		35
URL:            https://www.ietf.org/internet-drafts/draft-ietf-anima-brski-async-enroll-00.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-anima-brski-async-enroll/
Htmlized:       https://tools.ietf.org/html/draft-ietf-anima-brski-async-enroll-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-async-enroll

   This document describes enhancements of bootstrapping a remote secure
   key infrastructure (BRSKI) to also operate in domains featuring no or
   only timely limited connectivity between involved components.  It
   addresses connectivity to backend services supporting enrollment like
   a Public Key Infrastructure (PKI) and also to the connectivity
   between pledge and registrar.  For this it enhances the use of
   authenticated self-contained objects in BRSKI also for request and
   distribution of deployment domain specific device certificates.  The
   defined approach is agnostic regarding the utilized enrollment
   protocol allowing the application of existing and potentially new
   certificate management protocols.


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat