[Anima] FW: New Version Notification for draft-ietf-anima-brski-prm-16.txt

"Fries, Steffen" <steffen.fries@siemens.com> Tue, 07 January 2025 17:13 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E2A3C151078 for <anima@ietfa.amsl.com>; Tue, 7 Jan 2025 09:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvB4zyEZwHVx for <anima@ietfa.amsl.com>; Tue, 7 Jan 2025 09:13:25 -0800 (PST)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2058.outbound.protection.outlook.com [40.107.241.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93D7EC151076 for <anima@ietf.org>; Tue, 7 Jan 2025 09:13:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lZjN6wIQcZBa5N+Axps3x5xxOpJ3NJSihoIbl8CKSJcVW8diNLNz3oYgU/bgJf3RSO+hzH1XuCHU6wx8ojJopSNzlGvFOgELS4FFebJCDArIktlZawnNCcNQm4BrxqxQ/bw5rMom5BskNY2EboqWfn1gbWjwoX21s2kHDoT9xB2LFxNVbXzkWZub4Mw4U5YhcvJYrXn6OAxfpRSo5vigMn0lX75z2LJr4YsD3EBg5/QCAGRXwtL2+dQvhTMitYUTiEBiIhGkqFSOh5Gyro7E5cBzWw91o6onOEJ24zhfhRvzC/HJGQKCLX7dnf52qur6O0R3D9dCn6n1TFSaq5vEYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DghZxGtbLwdC1kr1i+VHvsGZMDgNd7ahglanQEFP1Eo=; b=urPjaujzsgrSO3EDIyTJQif1EcMgMWjJ/UbaoN9rlD9TqwTOSBnbj83ptjh9vchCbVniC26kIIBsQU3Nh0ClYU850rd5u2UPhELjdZc9YnOxw11EoIBdWDRDxBZvohE0xBE5F5A8DT4zrO+F9efI4T1/Dc2uROi3KGHjK/wBsfMifqC7HNR6oe5TlMW2itR6BMBceutYkn5HoLSx9e2jhL7uzrpQ+XIEeyh39rjDZX9zKZOGDkVIPXRxvAsBFh1KGRQ4Wl8YgWX99aPHb757fsWcvimjwFEsqOFxeW8zADZOSvQgeTzyqrssl7pqTL7NxxVT6WhXUwQKx77zU5NrbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DghZxGtbLwdC1kr1i+VHvsGZMDgNd7ahglanQEFP1Eo=; b=bXz7/d8RcVrYzqFVKobkafAFJ+myd1Uytlxlb/jpBx63+B8rJCI+8BSzK9lQNXrr8GTBNsHb9bVqZSL3QPFu43+EOk1yCCzp9E3bVl2i4tJVVZm1Z+8oyhD3R5M1lw8HFcGXM5Ih8X3PJoEbTlS4dnqsmBwg3oQitNPSHayr64IR/SsRNc5hIzSPK8PJRq5rhVIK6QGYWHgVUPkddQFwVAW9uCRPgVXfEwrFDRcJ5Wk+XR6A0krnCo/EnJTJPGj2F1gfvSQmUwa4xCSpsa9tkvCj1UBn4VXusRdbguPAVsSOscgLUhzdkUz5SiLQoxPOmeiu2a2hIwMyTOF/fGf21Q==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by AS4PR10MB6039.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:576::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.9; Tue, 7 Jan 2025 17:13:22 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::634b:e5d0:8c00:762a]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::634b:e5d0:8c00:762a%3]) with mapi id 15.20.8335.007; Tue, 7 Jan 2025 17:13:22 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-anima-brski-prm-16.txt
Thread-Index: AQHbYSbrv+SqbhcN6EiVShcd/8HZzrMLi76w
Date: Tue, 07 Jan 2025 17:13:22 +0000
Message-ID: <DB9PR10MB6354081E9E51FFF2D4161418F3112@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
References: <173626976572.2028510.1126186903536688517@dt-datatracker-65f549669d-2xld9>
In-Reply-To: <173626976572.2028510.1126186903536688517@dt-datatracker-65f549669d-2xld9>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=186411d2-389a-44ff-b6d0-6cc5c9eca136;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2025-01-07T17:10:17Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|AS4PR10MB6039:EE_
x-ms-office365-filtering-correlation-id: adfdd30b-f1d7-4c20-989f-08dd2f3e96d8
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: yuxwb/2QydsC/Ylt89AQeRt+9Pixj4xlf9EUKCQEf0V76aQKYGoXTu0JOtmBmx2EPkL8tnuUFGIrHMONiNKgB6AdU+wDMyL48QBKQWl8UUAseZJg/RBcTLun+UI3uaEYRdNfI+cW0MvPkb87b7zQ8Z8tTn/fNC8c3RGViU0c8LsZ7uUAHaBBvc9L3mprLf+thmpgDISQeEDzkASjuwC/fhMmi24OKoVtdWuC46igd9AoJP+XPUrSA8mfam0cOEWrxDOwNqD5i8G4Ex6mqigewUNlYzcun+eX7GcTHpiM3kKFOwWe2ZLnfAtnzSO4BnbeFNsjgnYS/edV61flWF1VftI90YGk2kYDHdHpfVtHrcvAp6HrHCE1k7Q5Hj0cD+ThnyjQn+dUlGuiUGM9d1kpASePgG6M+YpSjhesnaiQfRTryv+m9TQOUdrRsHbe40DZp5uZ0Sd5ZOdvKsth3pwGkkqDoDUJzsLBBBhSAyqCW/cnJB7TW+aO6XtIZqdx9pcwMdrY3EKZ6vxhqKIrmQh9oddPEUyPYuR3I2vGHdpjHzb8AhsCcQwIOfIlcjuE8SBXLNJaMm8mlZiUdD11Vvxe4kptvqEzcpRHEp1g2cLrf8IQFuhakByFc2AK+pe8vKStizfGT80LkaEkWSWBKxuiJSJ5DFX6PfB1g2iNOb64XjmDSznPTajLzzrP8t9DPwO2gUq+3lmGj/zsNCmFAzH6tq0o2Q9iqHK0RyVgxHyviJqDOQIcYDkYkD13lIktWaXHZE8VH6CqTdTWBRHUo31u0HqY9wGwrZQtpQqhVvKUhgAg3GCRMLz1/AXGgp1SOh+sEPQiogT4E0gtzjEozo/s69msQcsyuK6xEuEoP4I87AuybQa9MYAEJHlWtJcK3DuXFbwHadXktcrmFi6ccV1c8boxtkGm9qzpeIct6vr9NUf8hlh3eZ+JFy9+969nOeqjh00zR7B8pfh9mVahbfbZ7A4EGMiC8/caB8s08B+wdCTiduA74rLAcHRUDk48Mi765Ux4DSNn0OgmqWnO7zAVtSkH9pT5gSSxVQ3vZwvHzHis9wgeL60ceH30q+eQOxApI/UGRzfAFFLfOinx/P67TX+ealUiCVNwYjQLPDkB0PriU9JIA4eZ+8cjhKJpK+nlOzxgLt/r2nmfHWj9SVQ0ZKuKjhiAXdSaQen06N4SfsCLlUzJpldS2j/TcCiyl2sq1MPRwHZzmX7d4kUmG8W5jXMs6JDeZpCoelTMDWGJhEwSoeeE7huCiKHW74yEAI6XtS5EQi7ZpZ6Ie90fIDHwwiPIgqEb3pUEbaCF+DC+lf48cZuSkgSRW8tKCQ2gBuJopYOnmzgce4qHXwRjB6EyCVcbFDx4LXo0ArPgO/Yx2FF+pgNIahZ877RLxCUfppcK79qY6MavmXml7soriHGxNQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KguB/TctB9KSPxm8pXDLpGJ69edltvam1UzKsis4AK8kQatBmXYZ0yUt8RvEcdB4G2DpBuJi9toHlKdxHchcsK1nIuBQJRjGIFMT06rJHESy7CSpTGIduNffm50QWM+OLoO8sgT5O3aDuZAVDuQMZMAMLPtHpsq8sQjuk49Ho9N1LY6DDkxqMR5e3YiPyQGcJWlcGXHwUeazvDv/JrAXsY65ODaCnX2VVnepcdAgJ8Q1Sh7bWINSi0+8mS6zEDGo3aUtqwAx9az7/WIBQ35yu9wPvWbugqzWO43qgbqQRUCQzgAXYKGhj6OgTOljTg/4KSE+lL7eD6F6pCVJ3AfHeFbcgw5jFccjgeftbRnwfTFwQibqc8oNkRqCM0t7SMnECbl+F6Pg2Dys5u/cxBSQywOobPL/YAicwgMcNzjWv3y3uQo6YOfADK1SbGKLDAI4kO8WgBg1MfHZG9liIsJ0Llf3HrO/nODTDLc0IArsSycJKUQ610kYNLT1qZLcouWsrFxfRPXEPscibFbMYqC1MPKvK2tWq2xzOZpDvwisxl2jvGYN2AaeyrVQWwC6fOtT4L4d+isBIOMSL1W/K6pJ5qZrQvXW1CrNtWRgy07gjxo8PecSBjTUEnHjDNUB3VYkT9nafWbpUZKIJzmf7AJwAJE84H9q8xOSEIu4LWIFYrzvinyZLd4tKjTkEzKsQDtRHf0UmSwUaHI7B10UZZraf9+O1lRMqkcAEGKyiacsa/9wmxvhrJB5JCQj1wd14PrMDSx8a9t8rnh/tOnlLeCiVUJodoT+HJErL2cxyWzG0T6R9zWO4p6YlOebPg1Qd0ENJN2ZaTSewj1auAw9nBZ2FBpTAznT/c6DVoVHrBxxKFFoY9GurbSMvJaVwUoltgZ9KlF49ZtrE0Ka7fqR3HSnSBTkDgWByA1KYBOotyKRgQwxySDFzAYR54voYvGj/zIz82XBEX9EQnl+bSiBYeOVhOBTE22bU5BVBC1q8TyAEGJD/Chu9DBNVmwfUk61clRWQKyXNr+sGhScsjdmTnRSm3OZXpbIqttOO7UZNUhRQl1bqpyZOgZl4Z5mI4vWk9/668cjQqZUnRyyNOlCt8ftZ/zizXtU0AJtWWu21XWcv6QJKdDGpGB6B69L6HWDGA1sney7j2Uqe3ODb4QzOM7ndRrIA+WOsGKs49XP1QjME/srrlrWab9CKHWb1XKx9I9vyJwarL47NP6PlIUH92EwSbLyVTG4SmRln2+W7SbNU345N8TuEP4sGk5s8Za6ylWmuHpm5jwuIkRSe468n8VFvBzBxNwoctbxR2au/CJ9lhhmyxr1FKEQoPnO4it+6lOY+mTX6jNcd9kmXZeFX7ytvXiJYWMhwtHLdP78hjSR00+qeWCLSV1P7aZ4VJQuwGdcECrpBwQnTdKKPKYbTdUOjHduMH19eqPNaSNs2tlvOSXjGMLvvj2ioYOBjHgFmZxIjz9keGE6PnVNhH7oBH+JomiakORkfAsUBkjrgrBdOZVu0D+JBiXR9Du4xwcMrBQYWUXNL2JymGDQu9OXUwMMcj93Jk9cJqCKitboR5ztRZ7fMHe9VeqLidvuamQ88aKh
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: adfdd30b-f1d7-4c20-989f-08dd2f3e96d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2025 17:13:22.1205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dbejLgH9eRWQXeAt9bVZU+XcXsC7ZOS9RszLnq8zeghX5FmKqndhe1ri1IpL9CqKj9tn2aIDr9wFL44We2WDoCnGhLIEf5cCbPPN9et65W0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB6039
Message-ID-Hash: Q7SAJEADYPFTYQMGUR6DDWF5YXZHLA6A
X-Message-ID-Hash: Q7SAJEADYPFTYQMGUR6DDWF5YXZHLA6A
X-MailFrom: steffen.fries@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Anima] FW: New Version Notification for draft-ietf-anima-brski-prm-16.txt
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/hqM2EM4XktB9THSCvCkLEwAKqlg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Hi all,

we just updated BRSKI -PRM addressing review comments from AD / IOTDIR / OPSDIR review.
The following changes are contained in draft version 16:

   *  issue #135: corrections from IOTDIR review (clarification
      regarding minimum supported discovery in Section 6.1.2,
      clarification regarding CDDl notation in Figure 27 and editorial
      nits.

   *  updated references (draft-ietf-netconf-sztp-csr became RFC 9646,
      included RFC 9662, operational considerations drafts for registrar
      and MASA)

   *  AD review: included term Registrar-Agent in Terminology section

   *  AD review: enhanced interaction information in Figure 1 and
      Figure 2

   *  AD review: included new section on Section 9 to outline
      operational considerations

   *  AD review: enhanced Section 8 with more detailed recommendations
      on logging

   *  AD review: enhanced Section 11 with enhanced recommendations
      concerning logging

   *  AD review: enhanced Section 12.3 with more information about
      misuse of the Registrar-Agent

   *  IOTDIR/OPSDIR/AD review: addressed various nits received
      throughout the draft


Best regards
Steffen


-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Tuesday, January 7, 2025 6:09 PM
To: Michael C. Richardson <mcr+ietf@sandelman.ca>; Eliot Lear <lear@cisco.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Fries, Steffen (FT RPD CST) <steffen.fries@siemens.com>; Werner, Thomas (FT RPD CST SEA-DE) <thomas-werner@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-prm-16.txt

A new version of Internet-Draft draft-ietf-anima-brski-prm-16.txt has been successfully submitted by Steffen Fries and posted to the IETF repository.

Name:     draft-ietf-anima-brski-prm
Revision: 16
Title:    BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Date:     2025-01-07
Group:    anima
Pages:    116
URL:      https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-16.txt
Status:   https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/
HTML:     https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-16.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-anima-brski-prm
Diff:     https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-16

Abstract:

   This document defines enhancements to Bootstrapping a Remote Secure
   Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in
   domains featuring no or only limited connectivity between a pledge
   and the domain registrar.  It specifically changes the interaction
   model from a pledge-initiated mode, as used in BRSKI, to a pledge-
   responding mode, where the pledge is in server role.  For this, BRSKI
   with Pledge in Responder Mode (BRSKI-PRM) introduces new endpoints
   for the Domain Registrar and pledge, and a new component, the
   Registrar-Agent, which facilitates the communication between pledge
   and registrar during the bootstrapping phase.  To establish the trust
   relation between pledge and registrar, BRSKI-PRM relies on object
   security rather than transport security.  The approach defined here
   is agnostic to the enrollment protocol that connects the domain
   registrar to the Key Infrastructure (e.g., domain CA).



The IETF Secretariat