[Anima] FW: I-D Action: draft-ietf-anima-brski-prm-10.txt
"Fries, Steffen" <steffen.fries@siemens.com> Mon, 23 October 2023 14:35 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F373EC151557 for <anima@ietfa.amsl.com>; Mon, 23 Oct 2023 07:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ar4vjIjyzS0 for <anima@ietfa.amsl.com>; Mon, 23 Oct 2023 07:35:16 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2057.outbound.protection.outlook.com [40.107.15.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11052C151082 for <anima@ietf.org>; Mon, 23 Oct 2023 07:35:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TabuBc8HAqszqGFJwDhnMFiCpb6cfBJA+dG1M2/imltmQmnw5r+sN1lLYRBHC3mdt1dFsK2mD1izKb6CRxJGjNJ2cDPrFq4JaT5P6R1YKIaGbaDfRgXCQX5ncasiXHl/+DYfqYhsuHnFdEsuNwA17kUfs+tY1b7grKix7UxPwCKGK1GhiClpdHtcX2zMPac12Y6v0oyDNXX1PJBOzSOvYb2gyG+XtMVS5W8/MObyHsB9HCw7M89V924BGwYcS6aFtyHrgZQHvnC+y53yd4Z/uMoZm2B/add7MidTeyf46vGaW0d4x8BI0/qyuoqz3GykTtksBIYKJhSPBjEQlwesgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cO7wQqL3/ssA8FBfD2+9VmVxmgU4WgERDdXRh1Mcfvo=; b=AyTR5nsRrNtYUoDGLbgxcvzv0jpwSMoZyyYQPw9Wt+4TyMkr+KXFsSAHAAeW3JPGlzsTosfA7KzNoZEGsJg2iaeN49Kl+9M5UoCGJI+w+K15uNOaJvfhODO3/aG6JuQ130lhj/hk0YmgbD6xbg81b3AasINMZlvMnKOEoNYBlOiKMVzufLlZ0l+AZJHUGteyB0MNQIwqRetC0V18T78sOLE6vofTD93BnFH3ZuOAAy6BVgoz/5PpM+wPTCKWPd6SMonUFTuUE1pALCYO0D0o6NW75lYRpdYXF+T4HhEgd2zcIOJWoC3DQMp66uXvaHZifchuXmSVh0z4NOMpQWimsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cO7wQqL3/ssA8FBfD2+9VmVxmgU4WgERDdXRh1Mcfvo=; b=CpwHyXoH47XS0hvBvw8e0UFvtsX5Zw6KUtIuesd2ZpZfMWV/wpWEKvd+oSC2fg5Mri+c0C6wev217Kwf4C8csVx3Fzt4hgkO5owQArQqDHTSBmRJQAZp8m7xY0k8+DLN0La+9Bi1JJ+gHGKtUkecDf4zZMk/lre4qSLOvfq1cG+dmobL2krI3QVvr9AVi0Tuu0DmL6d8UaJfNCSrv1rv75R9MsqPb9t+BLqHt9P2fUuUjRubeLvFoz14oNMaT4pjBr+0B/lbPlWJ3If+wXcDaf/E+bsFLS4bukkz9eH+SJKSDP57/Icm2xbc74haJxnyDGGmUjnZ9m+zRaprfDWRcQ==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by DU0PR10MB5921.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3b7::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.26; Mon, 23 Oct 2023 14:35:13 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::ba31:66ab:8869:1034]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::ba31:66ab:8869:1034%4]) with mapi id 15.20.6863.046; Mon, 23 Oct 2023 14:35:13 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] I-D Action: draft-ietf-anima-brski-prm-10.txt
Thread-Index: AQHaBb2fqjAldnZbf06SRgKmF7gW07BXb+Kw
Date: Mon, 23 Oct 2023 14:35:13 +0000
Message-ID: <DB9PR10MB6354E4FBA7D30FAFB03955E2F3D8A@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <169807147914.48910.9468392642910784714@ietfa.amsl.com>
In-Reply-To: <169807147914.48910.9468392642910784714@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=e606bed6-c250-41fe-adf3-ecdc43de699e; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2023-10-23T14:32:00Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|DU0PR10MB5921:EE_
x-ms-office365-filtering-correlation-id: 2c617caa-ada1-429d-aa32-08dbd3d54489
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: j3WZSXEnjLgC8GC/T6z6S8E94IcoFHsYlMPdg4GRNcnmxsoye0epIiFGM/TZC7Mxh87d2qbanBscOfQ4+BSRv+c7zYtHvpdFd3akWG8oLSiJhuImRQACTMsFT8PTWwWwf5FJ7uuOsMQrDb1Luxj7JVsEWDBh2l7e/S7VKFNzMkKulbrVSK6g5EoV3+N0FET2DOjHmbn/YTiK+rzHs+s5tH3K4OlY3Q5N6nNdIn5uKijK4UWkmmg8tuY1ZtXY+eOgH70KH+cnBPFtkmWquVU/yV3KKzcOoljJNP8NBAgajuE5UAHOqJpLDWyauSa9EsrtURkE3OudNryjVMcsrBihS4iVQpUtsK6wtSAtU3vpMM7wLvjbnfvUwdd+IkdyPg9Rr8mhrFsrjhKFv7G6x7ScVcHWIHeGVM4jG2POu71i2fRAilS/aIWaST22rrvFBMoFAVh3mRstIJe2VTZHKe2vUH22exwIk0+pTAzZIQx4Ss8ZRg20a50XjgpvViRh0E2poI7wxJinjzALxQ3EBFxrYbqW6sBysXMgGBuW+duOmps+EAwDsPrcIc1LATQhamxLNdOmBetVq3Dmd6LkPYNrv+0CwtXC26QHJBDvFd2Whnk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(396003)(136003)(366004)(376002)(230922051799003)(186009)(1800799009)(64100799003)(451199024)(66446008)(6916009)(55016003)(316002)(66476007)(64756008)(66946007)(76116006)(66556008)(83380400001)(86362001)(45080400002)(6506007)(7696005)(478600001)(26005)(9686003)(71200400001)(53546011)(966005)(66574015)(33656002)(38100700002)(41300700001)(38070700009)(82960400001)(2906002)(4001150100001)(122000001)(8676002)(8936002)(5660300002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HDTGePu9s3X7EIlm46yrVU8lo5T9Bg6wd80WwqBMT+6ef4A4S7WlkpmkXjBmroVzHlBwVrg/yhe1ctGKwuYspbLCjYTzQ641ecwnZC4I/+SBnnjITxaO+IhOYKSFenc+X7jLdmV6kMMCKFo/ma2zblCa9GEPy2b+P5PToACL6PgIKqogoygWX5zFYtE5IP7/f2DBpZ1130mp13qR7lMq2Jjn5wIKa2gJYjLjoeH4xSqpFcYUIb1KK70jUQMpqolhsvIu4C6k3xRBqiVlcCpnJubb4lBdOPsHnA+SHOf3FABTLnJnGHSoFBLiXRZeeFxgtgVaKhnAsM1kYyBQzTfepILvl/QyHCYOB3nCOo0DtT9OFFPPR4ytDb1ZaBcefFcAJBEnbUCLo0ODNQqpFfkelUB5/4KB05IQ2NlAt0Lsp5qWz/yJSXec89Gw4xKYqtPTQnWiAw54yvE2rMaemvgFv4T2FtmmWVpoiH16Hij8jJbsPUV1fBzkjSFZtgDo3F8HKbYGJvgnDRVuXRcbERU+Z9oWO5q7weV8CP1z2QfM6z+fmvFbiDMMn2voe5bMjFlwy2OIUiv9fXeEF5eaEXkbjXMUeTMF2RoVG11RuJmicrg7jQ/8HGcgD+yVgDR8zbjeWkmiajWOBtCPDjUzKezFEZQyBOBnIGTMtyOZsotbrfCM/EN9pyw+JJk/VccrkC+JBgkYHvZNnOo6D4K/XE1KYI+hmZDdjde3By7b3mRCcHSLMYxtpP8EOTZISu2fAhGP1IDkaqw5riCVMa1uGUb7B9K8+JoAAEC37WoGx516LeWwNbzAZwajsrWGzPhVRAL4m6/FvsnfoO+KxxAW3s5b8hWulJtnL1+TnRM1RksBWFsPXNIvoKvDqR5SiabQSWMG/525U7lgM0GVzcCL6BqzVjZTm24mb/4aMVPtrHbt250djwBneFUVG4AQPqOl4PtrUlZuyeISYcY8xvy91KG+It/GaUF/V2DbKlgsEHXMwMMCtrRjJZ0iZj0jjM+uzRytZdoAWjrebTXvM03t883TD1wrrybjyr95aFr9SHz6lUyTvBy+m7sQHxDHp3Fd9Grojrd5De9xd/LCyAgNaRBUz7CkwoQpqJtsaHxGUu7W+PjyLzFL73Hs29Jp2RG8t9SmQtTM+LLnszlVqkH3mTl9gw+HS49Yzin3WAyEiQ+Ds/bfmfjGUDWb/nDzzQ+D4J0SjWxcdKkjPZgnsK9x4ohHaNh8jcIq3r7TIM8AKozeBkgitZUyKrUhwr8bM4h6ga7+2XrSimbZNhzq6VYWsWMWTfMY/SZ7hDdCaD4jqHTM8nKbuD3tH4MBuMFqW6Wlg7Rh4MmL1ryusUaOwuNgL/aFU52udPS+WHxJibELJkVtubSKt6u8nzoxvPClgbXnxhkrSZDHfeLT4myThIvrVl5HLRPJ4YlQ5haFZfAuI9yre7X2KHC/d9hUoumaP1drIZjGo65Hq8n8xup5NSJPyc+CTLHmBhZ1vTRoLaBLxsSlqMD8abEp+7o2PVqhdr+YXrZwwdstqwJdmpx+viExS9S1IbJdcR7AeVWVByop9SXHxgNwL3tN7gBjWDRAz7ebW1c1caLJWBg8zXEqiZgeVu3Dvg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c617caa-ada1-429d-aa32-08dbd3d54489
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2023 14:35:13.3884 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xaKy2ipZfXpik3wNrALNHg0uCiEcJsbWBSiSLNDBT0xkH0p6hewiL7YlwgP5Q8QfSLj67fy12+7AXaMIGW6ogrNf0iyWwroXTXSnE0pyXns=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5921
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/fSqUcLAtSBB_Ad6iezkEzhCzlAg>
Subject: [Anima] FW: I-D Action: draft-ietf-anima-brski-prm-10.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2023 14:35:21 -0000
Hello, We just updated uploaded BRSKI-PRM (draft-ietf-anima-brski-prm-10.txt) with the following changes from IETF draft 09 -> IETF draft 10: * issue #79, clarified discovery in the context of BRSKI-PRM and included information about future discovery enhancements in a separate draft in Section 5.3.1. * issue #93, included information about conflict resolution in mDNS and GRASP in Section 5.3.2 * issue #103, included verification handling for the wrapped CA certificate provisioning in Section 6.3.3 * issue #106, included additional text to elaborate more the registrar status handling in Section 6.3.6 * issue #116, enhanced DoS description in Section 10.1 * issue #120, included statement regarding pledge host header processing in Section 5.2 * issue #122, availability of serial number information on registrar agent clarified in Section 6.1 * issue #123, Clarified usage of alternative voucher formats in Section 6.2.3 * issue #124, determination of pinned domain certificate done as in RFC 8995 included in Section 6.2.4 * issue #125, remove strength comparison of voucher assertions in Section 5.1 and Section 6 * issue #130, aligned the usage of site and domain throughout the document * changed naming of registrar certificate from LDevID(RegAgt) to EE (RegAgt) certificate throughout the document * change x5b to x5bag according to [RFC9360] * updated JSON examples -> "signature": BASE64URL(JWS Signature) We will present discussions during IETF 118 in the ANIMA session Best regards Steffen -----Original Message----- From: Anima <anima-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Montag, 23. Oktober 2023 16:31 To: i-d-announce@ietf.org Cc: anima@ietf.org Subject: [Anima] I-D Action: draft-ietf-anima-brski-prm-10.txt Internet-Draft draft-ietf-anima-brski-prm-10.txt is now available. It is a work item of the Autonomic Networking Integrated Model and Approach (ANIMA) WG of the IETF. Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM) Authors: Steffen Fries Thomas Werner Eliot Lear Michael C. Richardson Name: draft-ietf-anima-brski-prm-10.txt Pages: 95 Dates: 2023-10-23 Abstract: This document defines enhancements to Bootstrapping a Remote Secure Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in domains featuring no or only limited connectivity between a pledge and the domain registrar. It specifically changes the interaction model from a pledge-initiated mode, as used in BRSKI, to a pledge- responding mode, where the pledge is in server role. For this, BRSKI with Pledge in Responder Mode (BRSKI-PRM) introduces a new component, the registrar-agent, which facilitates the communication between pledge and registrar during the bootstrapping phase. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. The approach defined here is agnostic to the enrollment protocol that connects the domain registrar to the domain CA. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-prm-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-10 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
- [Anima] I-D Action: draft-ietf-anima-brski-prm-10… internet-drafts
- [Anima] FW: I-D Action: draft-ietf-anima-brski-pr… Fries, Steffen