IETF Logo Mail Archive

[Anima] FW: New Version Notification for draft-ietf-anima-brski-prm-11.txt

"Fries, Steffen" <steffen.fries@siemens.com> Mon, 20 November 2023 16:50 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538A0C1519A7 for <anima@ietfa.amsl.com>; Mon, 20 Nov 2023 08:50:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZa_eqVpUPYd for <anima@ietfa.amsl.com>; Mon, 20 Nov 2023 08:50:29 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2087.outbound.protection.outlook.com [40.107.7.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D774C1519AB for <anima@ietf.org>; Mon, 20 Nov 2023 08:50:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lFAv/bS2jfDBlv31hiKkN6s7OpHVpyrsSjdJ8+BaMopkhSxjg3qcEm4BwuvR1iRUl8dRSQhO5nl08PEDU/3frNA/Hq/SfzjdayhXZm9N2UB6Ooc33BBXrI5sNsRuSjST9QZecLU8RS/y0vqgufHCu5es/iaV+41QdzKSPu4dm0PzdF6HX3bmWOxBhmU9igssfq84+KfQWJkWJndbemIneHCuXwEOQfWX1wWb3++Va5q74d7F0LQ4YAUSuwVIGKsfcoZYUoBp1pOW4QRYe8MIFvYOou4xp9izWlqMYD7I0ntLoyzHwIKM7j06/HU37sgWNX3N6R4oOWu50aahLU/hZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aAT+6yPGaTQhvvxgUArqBEG6bcJSRzY9t+x5BSZ5qBk=; b=CvJkJvhDJXKgGQYx4xSwD1QEFiFr1XOmoabijHJafiASuzm+8KRt2QK1UYCTFoy8ONM55G9LHKX21r+FrF9z0j4w06DG8w6xh6zSOYVAVDEtvBbLV2naVhITd8pMaaLdZz8stiOURXoj/Gh+FYtc9Zo1PEyjuvNZoSmz4TQUt4hr46q7FPrlGFhWVIpsLqy8WRHZRELjVuM8w+eQ6ZHfPDvmqzbh2IRBene+xNM2m5RDI79JxxoGop7E77ug+/bVKtJenF/UGjOMcIgwpqWYHSg+H0xFQ3dZcHKEHiDb5Xt8oU7ec9IK0wYO2uqmbTy9e6H7mSKcHkjbyd3oH8BCiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aAT+6yPGaTQhvvxgUArqBEG6bcJSRzY9t+x5BSZ5qBk=; b=cO6wwLQVuWr3Y3wO4DbHYpkrQPqxQILL3JY9V193Zm/pKNHYvPI4j9TKccdw3AGZ3+wJNs99FcU2eAnLzkzZjtf+HfvRAOgMnTzEZYxxUYBtVDzJ0KOzkN9ff+TpmvTnzLId+kH1tBtw9MxvYZ8rPKybs3Mf3NiGlNWJX1FgwXEiEeO6MqK0WggB6M+GD4NxL/mwXdwRdZy2KHtuCx/O5/80ze/ThZkegJ9bocTNuy363VK4uQppeA+xhFYwAV1ONIAORQGilDLRiAp5D27l1Fnf6ViFH9PqCchYok6ZxJLdg+GHqQIgz9QRz9G22SRXhtR6cP876lW1VT190jK5WA==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by PA4PR10MB5585.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:273::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.26; Mon, 20 Nov 2023 16:50:22 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::ba31:66ab:8869:1034]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::ba31:66ab:8869:1034%4]) with mapi id 15.20.7002.027; Mon, 20 Nov 2023 16:50:21 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-prm-11.txt
Thread-Index: AQHaG9AXvZUR/saupECaJAhcZuxDf7CDaLgQ
Date: Mon, 20 Nov 2023 16:50:21 +0000
Message-ID: <DB9PR10MB6354EE6F0E840A6483DE8468F3B4A@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <170049834921.24057.10106398656296025698@ietfa.amsl.com>
In-Reply-To: <170049834921.24057.10106398656296025698@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=ca1c407a-a006-48b3-904c-4709d7e3aab7; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2023-11-20T16:39:46Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|PA4PR10MB5585:EE_
x-ms-office365-filtering-correlation-id: 9d5a5a4d-8ee2-404d-1d2f-08dbe9e8c8f8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WSaHRS/epd/lynIvDwgTHR8wezAXLxj/wTyaxqbmz8DWBhffy8+6Jm3jrIcTnBQRZ4YOskhWn/SAU7CbkC78lgioh3I951kUIQJJoI9zXLqRRstypCEHtZenBpP84SyWLDMuyBB2nUfXypbrnkgK9fP84yqB7yWN07QNfpGo+/jVuZeT3LIK+kju8lbc0jIGJhJZKYnVdzMyOa03zUBqSAPO4x1fm8BMYR6bXHxP2YMKkkFUytCGUcNP0UZbKenSFhFyPfgDKGIKHY0MLEVq2EMywXK/b7t0QLQldUbRarxWm0rj4nPNfx9SwxEP/nYmyayX0fX2nwBchUQdvHEtay4RUBQ8N9dyFyA5bEpvfkKlg7efqjNFildR0MJK6FmxXbeQ/ApAeAXhROF6rlOLoTM7maE0glLZQmVFb0HDfu4hVrHdzv+h08HO4cnrGhESPgAMM3syyPHQh/Z8yJdR88f/uRlUdCULc9KBejhwpp665P7xsSv/o9qgF6H5m8zXhNzJ/q1U9CA7/O1HZcQJaayC8QTVurq2XzFDb5yfP/UmDFEBsaMP7pRouk8cLkv/RomRGxKVIaqmEq5AcnYV3KFxyXxUuEoS0xMaefDYfbQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(366004)(230922051799003)(451199024)(186009)(64100799003)(1800799012)(66574015)(83380400001)(53546011)(26005)(9686003)(41300700001)(8676002)(52536014)(8936002)(38100700002)(15650500001)(2906002)(4001150100001)(5660300002)(478600001)(45080400002)(966005)(6506007)(7696005)(71200400001)(76116006)(6916009)(64756008)(66446008)(66476007)(66946007)(316002)(66556008)(33656002)(122000001)(86362001)(82960400001)(38070700009)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: wceSyYFJ36jsLbrEp+6hr1m53PO/KcFgcA2SaNI1d61CoGFyrEInk/cEQNwvnOjJqbc4TYImVVnqfZ1C6Cjteq2et9NppEaEQ2j0BOlgZsddf+LdDYbreaVfzoY8IKz1A8BdPK2V5u+Ybj6z3U7d8IU7g02oF+TYVOTlwyaMlCZdWDKH3SZKbHTkbn4e9uJLElNgojGP2MbpmTzROnt3wNUYEhpjpNe7HZaATF5cpcGy8CpYsv0ejhyRHWQ28CnaY4Sd1pU5XSlPNwS1fw6vc6s+7ZiRIGLL9H+kkTlcWXreePVeFSb1WyS3ssowVPPCYXd+e+35mMO0Rx5p0mger186OPRCPWXhpO3LADdmx1S2xxF9BueX9BydvpFAzbBTRwooLXewXhsl4efMpB7KMPOx312XNXZi2yyjgdAZ52GBZQcFxCdDJwx/VUo4fRoGlymxkCUaEjHnXiZ1FcBKL1NEJqwNqJs3fnlbA8EWYZ4Vgf/EbkKLe2sP8XfpkOljAt2nhmauFznUz9Ue5ibge0kbUR4WXYfc9tlDikZAdm7dnuZoAFOvKExvxF1eczKTjOoKuafigIJhz+Ic7pCCEErxMyUDxseJL7J9SUVV7F7lsVKlRFv/VhKofBgEL0GMDmm8P8vddz4/Yf3l2lR1EELEZyCLCAa4X8rlagJqoWOf/9x0CQU6XYZjnkZjuFHKFlf+wd1Boxa4EfehHMHKpofgDTicCLFI2rkDrd73q2Zkdgr+F92rYcN/C2kF06HH9dYDF7B1wR826QdNUgxrTKgI3CmxFUf0RsjSKrNB6eSRVGnkPl2esh1XpeU7ee95e8MVSEEJVOqXVLvUvjQR0S0Zfn+2gKbWScR8k0lSn7yicmDbOO+foVSMBpwMOe58F0gxrZXXS+sLO49m2ZS6TVhL1Y/q3fuGGJOhNWJ9/DWQyypbD5s1p3Wm6nOHiSm9O58cA4meUG81bfXziZgILTSwcY1u9dKHCKtFBDbKOzoV3BOsCYIXCqhyTFdslY8AnfkULyp8ws62j7JA8zTjHqan7hf7Z2mGfAEqnLGwiOQSOyUDOJVrnsP3VlhcN7JMEKl2/XfrghTbw1bwGlsI7Ssrxv0a0HZbU1xQwJi/m/3kuZuS95s5GijlTC+vTPNEWfSyBrrt0eaJ7eGWwqv5jKBNa5d4WtI2Hl3+NWUL89uu+TFpOcvkAtMqLBup+ImEVZjBDGMJWttFkERxLDV7Pd2I6xfTnzUz0LcVeCC/ZEiaBxHAvwdAIqdDpsJf6eJ4m0MJFAaeRvGl4iGIe0nufoRZKNujF6nWCQkQ3mhCpXpIOVHmYNIA+SHCZaDuz/rtIqCFGQQRj/LhXrF9P+P71ftU2o3ZmWWQjWUBqEKEwu/wMZW3IBverd+/36F6wAxYrK4sJiKT72WJK7eEaDYTiVy7GHPCLIorObRsNovM0flmgVahf5GAnXvKtdGcz4t/sV19JUh9aKR+79OdX+ayiMMI3EcyTyjcN/5jY6gScpHMOOGWRfr7DDkB3toeLIhg20mi69lMFbz1UaW9/fH3MQnswOIsLKAR95CXWL/gm8lI0tCNHxZDpPH3jxe8KfSn9MN9jt5/LkJp4ShftJdSfg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9d5a5a4d-8ee2-404d-1d2f-08dbe9e8c8f8
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2023 16:50:21.6158 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o6VJ03UBpXwF0UcJIID2ixYLxDTUvCN3Y2heg+40XiVwwIo1RmsFv42drWKEePjr5HrNYtqn1rY9OeteZj/kr5w8FrwGV3rdMIM6NYQTeDU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR10MB5585
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/ZaUjURCSMsrKQk3q97W-7va6jkM>
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-prm-11.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2023 16:50:33 -0000

Hi,

We just uploaded an update of BRSKI-PRM. The changes address the remaining open issues from WGLC and also the result of further discussions in the design team meetings as well as the second early review of the SECDIR. Based on the latest changes all of the issues collected on github (https://github.com/anima-wg/anima-brski-prm/issues) could be closed.
Stating that, the current version is ready for the Shepherd's review, which was announced as next step in the process during IETF 118.

Some summary on the changes done:
- issue #79, clarified that BRSKI discovery in the context of BRSKI-PRM is not needed in Section 5.6.1.
- issue #103, removed step 6 in verification handling for the wrapped CA certificate provisioning as only applicable after enrollment Section 6.3.3
- issue #128: included notation of nomadic operation of the Registrar-Agent in Section 5, including proposed text from PR #131
- issue #130, introduced DNS service discovery name for brski_pledge to enable discovery by the Registrar-Agent in Section 8
- removed unused reference RFC 5280
- removed site terminology
- deleted duplicated text in Section 5.5
- clarified registrar discovery and relation to BRSKI-Discovery in Section 5.6.1
- clarified discovery of pledges by the Registrar-Agent in Section 5.6.2, deleted reference to GRASP as handled in BRSKI-Discovery
- addressed comments from SECDIR early review

Thank you for the discussion.

Best regards
Steffen

-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, November 20, 2023 5:39 PM
To: Michael C. Richardson <mcr+ietf@sandelman.ca>; Eliot Lear <lear@cisco.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Fries, Steffen (T CST) <steffen.fries@siemens.com>; Werner, Thomas (T CST SEA-DE) <thomas-werner@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-prm-11.txt

A new version of Internet-Draft draft-ietf-anima-brski-prm-11.txt has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:     draft-ietf-anima-brski-prm
Revision: 11
Title:    BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Date:     2023-11-20
Group:    anima
Pages:    99
URL:      https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-11.txt
Status:   https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/
HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-prm
Diff:     https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-11

Abstract:

   This document defines enhancements to Bootstrapping a Remote Secure
   Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in
   domains featuring no or only limited connectivity between a pledge
   and the domain registrar.  It specifically changes the interaction
   model from a pledge-initiated mode, as used in BRSKI, to a pledge-
   responding mode, where the pledge is in server role.  For this, BRSKI
   with Pledge in Responder Mode (BRSKI-PRM) introduces a new component,
   the Registrar-Agent, which facilitates the communication between
   pledge and registrar during the bootstrapping phase.  To establish
   the trust relation between pledge and registrar, BRSKI-PRM relies on
   object security rather than transport security.  The approach defined
   here is agnostic to the enrollment protocol that connects the domain
   registrar to the domain CA.



The IETF Secretariat

v2.23.0 | Report a Bug | By Email