[Anima] BRSKI-AE #4 Trust relation between registrar-agent and registrar
"Fries, Steffen" <steffen.fries@siemens.com> Fri, 12 March 2021 12:09 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 267F13A199B for <anima@ietfa.amsl.com>; Fri, 12 Mar 2021 04:09:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtf4GwwVXbi0 for <anima@ietfa.amsl.com>; Fri, 12 Mar 2021 04:09:39 -0800 (PST)
Received: from gw-eagle1.siemens.com (gw-eagle1.siemens.com [194.138.20.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B9F43A199A for <anima@ietf.org>; Fri, 12 Mar 2021 04:09:39 -0800 (PST)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de [139.25.224.78]) by gw-eagle1.siemens.com (Postfix) with ESMTPS id E767F4F0004 for <anima@ietf.org>; Fri, 12 Mar 2021 13:09:36 +0100 (CET)
Received: from DEMCHDC89YA.ad011.siemens.net (demchdc89ya.ad011.siemens.net [139.25.226.104]) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id 9E55218EC678D for <anima@ietf.org>; Fri, 12 Mar 2021 13:09:34 +0100 (CET)
Received: from DEMCHDC89YA.ad011.siemens.net (139.25.226.104) by DEMCHDC89YA.ad011.siemens.net (139.25.226.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 12 Mar 2021 13:09:34 +0100
Received: from DEMCHDC89YA.ad011.siemens.net ([139.25.226.104]) by DEMCHDC89YA.ad011.siemens.net ([139.25.226.104]) with mapi id 15.01.2176.009; Fri, 12 Mar 2021 13:09:34 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: BRSKI-AE #4 Trust relation between registrar-agent and registrar
Thread-Index: AdcXNGcNkjrbAkbGTJiHOg2WPoXwkQ==
Date: Fri, 12 Mar 2021 12:09:34 +0000
Message-ID: <b271add21a234befbf481284fdbf0737@siemens.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-12T12:09:32Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=a030ca2e-9047-4c49-9035-5fce1f681de5; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: [144.145.220.66]
x-tm-as-product-ver: SMEX-14.0.0.1158-8.6.1012-26024.007
x-tm-as-result: No-10--13.330000-8.000000
x-tmase-matchedrid: 7A6GU0Gm5XEXfmJvMkpJAZW2sEHNJAAn7xTEU85S9ZaY4WcYQvQk40pl /9BUBA/Yy5JfHvVu9Iv5ih3vHFgxg3pCbysIZKfzLb6XLHjqIvQYv4PCknmy9R0WcJq8YkZGE8y 1lAEMreiD5J8KjbO0ayc5aFljLyodzkovv0N3yYBAsKvFfIYYch9J5bZqJbIJYjzB3tJbO8u6fn Xe9tOx5u9FCyScBaYaPWK4LjUFUKhhhL+8zADGa1+24nCsUSFNjaPj0W1qn0Q7AFczfjr/7F1kM QiGd6uoKoj+dgwDJZRQY6L72zoBvMuCTzqvUV5HqGIjCmGWUBo=
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--13.330000-8.000000
x-tmase-version: SMEX-14.0.0.1158-8.6.1012-26024.007
x-tm-snts-smtp: 08111410B4672CD4266B9D82CDFC32E9945E0EFAB96FE3709B8F25FB2A98042A2000:8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/RufCWSWTaTNbzNTnGyARdqwtCVI>
Subject: [Anima] BRSKI-AE #4 Trust relation between registrar-agent and registrar
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 12:09:41 -0000
Hi, based on the discussion during the ANIMA session this week, we would like to discuss some open issues related to BRSKI-AE. They are also available under https://github.com/anima-wg/anima-brski-async-enroll/issues Issue #4: Trust relation between registrar-agent and registrar (use case 2 in the draft) It is proposed to assume an already available LDevID on the registrar-agent (former pledge-agent), as it is considered to be a site/domain component. This LDevID can be provided by a prior BRSKI run or by other means. The registrar-agent uses this LDevID for (D)TLS client authentication at the protected registrar endpoints. Any objection or thoughts? Best regards Steffen -- Steffen Fries Siemens AG
- [Anima] BRSKI-AE #4 Trust relation between regist… Fries, Steffen