IETF Logo Mail Archive

Re: [Anima] I-D Action: draft-ietf-anima-constrained-voucher-23.txt

Esko Dijk <esko.dijk@iotconsultancy.nl> Wed, 10 January 2024 09:42 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8185C1CAF58 for <anima@ietfa.amsl.com>; Wed, 10 Jan 2024 01:42:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hyt-VI-wLhDV for <anima@ietfa.amsl.com>; Wed, 10 Jan 2024 01:42:14 -0800 (PST)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2107.outbound.protection.outlook.com [40.107.104.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B5BC14F61E for <anima@ietf.org>; Wed, 10 Jan 2024 01:42:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DauuoeCZ9b173utqMZ0yWSEPSWnvqzCLbIPZILt3p7IBJKe3zQ2ljqGtpp1aSE7vbebqd5NN0QXLNjTEnqQ8F+X/YVH+yckAOPbqO4TXm86kyNE/Wde0zko0ZfdfE74ziULyCiCLhM+LPeJBo3VLNT84IjpuswJhzAIMuhTVdQAhzz9j664+nCSWNlyfnwpbTx74sGAOxlEmWbFpLwUd7AZZuW4BZpLXEVN6WxEvaIroZcIbvK6LLrGbiV6KW3qtpD83YrsBlUiPDjFzPOgbgcNR3nphCfQmSx2lUOyUoz+bUJ+FjGoLlPggIZMMc59yX00aBAlsOFIfwzuYECS37w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GixzFwiNOq79KIZkkioU92ucCz9sTRPbN0PPEdayXiU=; b=iDozzjJHYkgLf6Eb8SQ4ctKigFtY2d97rp5T3jkgbs97PFGVXV4IbH2bOFf7Z9NMt1VVTNKAUrbO4vFps/7wZzEQVG0frLr1ct7i0cNbGdGYyDAUpVD+VoV2rdx3FGZdPCaxc2Et9K5FoCn7jSAB09upoZYgSMR+7uYKWFzoploOm62skBZocKfFc4rlZJkaJyxXloZzp54wxDDTQn6lM8W9HdP7XjHGu8jayrQUHo+snrWrrYlbpXSHT4orBXetA5KWcra8R9i3mu/kwsVreB21nuwOlUEPtAIYSSTIcRYpRJgyc3r+LpPs6aBoB4/sk+q1i4PynAd8yarwsiqQJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GixzFwiNOq79KIZkkioU92ucCz9sTRPbN0PPEdayXiU=; b=VJ6NkURl7JpXF1z3wJ1H6Gj/HaRbl3FCtES1wYXfIEocgNFg7dHQetW2+cfdKq78MoaSulBBSvdEn+PAXHICum5TQ1dWmPIibvq91k0ItquZOun3jB3f9jrVcDx+uaIv5SmHJBBtUD8ker4BK31LyXlKU67/T89xoQMIL4bEb48=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by AM9P190MB1140.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:26d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.17; Wed, 10 Jan 2024 09:42:10 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::96d1:5abe:32f4:91d8]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::96d1:5abe:32f4:91d8%3]) with mapi id 15.20.7181.015; Wed, 10 Jan 2024 09:42:10 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] I-D Action: draft-ietf-anima-constrained-voucher-23.txt
Thread-Index: AQHaQ6Vqpwfdv+0fAE+dqp08//xGGrDSyPuw
Date: Wed, 10 Jan 2024 09:42:10 +0000
Message-ID: <DU0P190MB1978C2380B604831A00451A7FD692@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <170487805819.51525.1209287951757591997@ietfa.amsl.com>
In-Reply-To: <170487805819.51525.1209287951757591997@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|AM9P190MB1140:EE_
x-ms-office365-filtering-correlation-id: 5028668f-8386-4713-90a6-08dc11c06ac4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IAViARhaHsB4Ec4mF/XDp4CCXM6piCb/ujIOE3npcd7uKdZlgSExm0GQNBlmTFWL8o3s/6cJWDqe/eAgCxhPNCDwRG1ctYqmhZVtVhtVLMMS0QM0HQtZLod1rtY6ogXthVhlW5hqUb7GkNXfoPdXgqyMf+zJIzauUPAQJJ8IFGKk8LCZ8v+QMdmG6Hgy0BnxBNsXlz1sRrpqIFwEwGeRECytWFOilLzxBBZmAntEJPxTnRHf6hl4Van1qO/bac6N6ZYJxvL6PCgDmG1/C0rpqsjEmxqacWmyzOtiXUVb1ZIDNa5ogoh1VWPzfdTQsknNPeD+G+Mh07Pff/wi6Q+sC0rkx0opOe1qrtobOp6BoRMyC9npXZp5EGh52qVF1Lc0w7xnT2Hi0Uz9mSc/iET+7GjMG3Lt1vw5DP+kaQLnCN11TU9An1kKngUqEZ+UwlPFL0BnSKZKnMzqgQPP5I5M3NItTYdgEUkyg9xUENRRE2xY6uLsEvLIycWxLEDuKbJ1Jqu238qz6X0H/Gdye+FgDnKFqm791C2z5hD5y0B+ExkW5Iy/tXBp0kSlALPSWIpAAqBe1WJoltztO0pVgFisZJF+qytpvgO2DhdVzNsSAlI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(366004)(346002)(39830400003)(396003)(376002)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(122000001)(38100700002)(38070700009)(55016003)(86362001)(9686003)(66574015)(83380400001)(53546011)(8676002)(316002)(66556008)(66476007)(66446008)(76116006)(8936002)(66946007)(71200400001)(7696005)(6506007)(6916009)(64756008)(966005)(478600001)(33656002)(2906002)(41300700001)(52536014)(44832011)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yVJlWvzFFysvtDhwuPlFIQPKYlsqEazYeqc8JQXghvTX5qfklxmTyKUMwwtjlT8LaGQ2RjdNRtaYZ2xDdPT3nUmth6Tn1KFOGQTuK+kuOSz5+8PPy/eF8EA2E+k3JWr4Rv+KpEe57T7c00JRhQTPhhnUFl8te37GLjT8NleOFR4gOsrUnrP4fC9txOJsDQ1kfRwwAt2ll3bmsPgue+H2p+AR5gKcBJAd/2rN5UmV2uEchAXZtpS+1Jl8WcxE/8i5IZy/0hZ7AJkczsJKV6MgvbSPPMTJGaIE8cLNNvgBfwkTZJl2csxHKuZnmnqHzgwnzoVhF+PmSEr/M34h/3iIUzJLejB4kY7psWM+e8EruDxRYr1BQGYg/YmVHIyCGFlTpCD7dR5DzNjiIu3AxfydAr6087FzEcfFmeAT+Sc89DcDbgXseALSnPZ0P2alvC6USph6lqLZB89mN/KMGdHzZ9zAvjaYfcgGzC7wxzpuHeo3cC836CrrVjbzQB21NB578bPtxvyuQ/CdRkRX6QSVqPeElKhLsBVsfel3egwsoIhQQgG0Os/x5kr2DnC+FggLar2R3ztbFcAr3nxGUyccrt4ASldjFKiw8Dp4XMqRroiY0B+eeRQkK565iIfZkGexSb+2JJdaX+C29Q2RWfom7Jn5Xr491Gzx2cY094zxcuY2HTn21sPEzk/o3Red9H75eYcyZb3Ukj37lhjOwQlhQ40zziy+SQo2Z1gGRjLvh+X2IfA7O62F8TSZJaOBleOlXVJrLQArmXRjzawnBL8Wjqil5dhtSkzZkJOmzIIFXgqrKFzn8ch/ECAGYsUHaoct6l0IBv/dtoGQdFpSAd/7KA+D8K/R4H0EVoTmRmxcT2rLmsW1QUkkl+YL3K22ygr2pf8OwTpqHoN8tFDS13twRejT4IQwl/HVspDcRUwDctn+9Z7+gcEPP0i5c8kujHQxUQkTzQDTCahM5hkGXrcfxv/WU8p4YywoO7BMVQWLiB2wpxveyILLCCjDPB1cnBbA0418JsK5zMn+xbAPq0J7JWyw0u7XRyJp5YPpe2McVlcqLD3Gb9x64nvWCC0v9nLrso4qC+9uWfMcUKF3NfXAdvg2XnlylRjMlMgJUf/zT32xgagV65nVOtUaPETNC9+NB0fNmy7IVtmjSBi5Oh6orABo747vSxoQgSECffIw+8TEHpISWY1cPQ0CfMqqm22pP6BprfOsmloZbcqKe+P7+NtAA6uSfSDnSVE4qkVAmSyyVAQDeVzrt6Hb/FLvhu/7pFTeh63c1L+8tAkGrB814Dn/dfl5DNE1aNQjTiKkE/MDxlzzPS+rmuj0RsbUwOs6ca6a75WgELlBKj/m66SjP38etDLVhNfSzd2OrIe7j5DO6X+USJ7e2lLhtKfLL5evqSpsEOMXUdIXcSJqVt49r7iUmfMcZwpFnHy/ziTSF78xb6xxF4rXRrILOvM2/R3jyi40rtaqhUPeWv74UTen3bPitjSB+nObOClp6mn6clCCSuYrBdOrlfS8/KSnyPm1BtKj/1IhteCjWsk/x71e9JPiAfz21V5rO3VcOMiXrgIdtFGuFxA6IPo4GAMiwQqOx08tJo2YdbNHlVfZpyjIZl1RPRHfcpCTr3pUquY5f3w1MFsaWh6k4GoJeIPTwTNZcZO5BokwivRyhzYtC+qCBw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 5028668f-8386-4713-90a6-08dc11c06ac4
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2024 09:42:10.2397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WH9Iza+bFSue1i+qpTjhrBW+E+7+CjXBgZdhiwvwRfhP6Pvi7B3JFoljj47Z0jXsMYwVK0vzJ6cGkN19yf6jiMgV5QpUAZWEn3Ug5haawUg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1140
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/i8MPxduW5kUl7fmT03GMjl7mFpM>
Subject: Re: [Anima] I-D Action: draft-ietf-anima-constrained-voucher-23.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2024 09:42:18 -0000

Best wishes for 2024 to all!

This new year's version -23 (pity it's not -24... ) wraps up most of the remaining open issues. Details of changes can be found in the Section 18 Changelog.
Two major changes to highlight are:

* Removal of GRASP-related discovery changes - we now informatively point to draft-eckert-anima-brski-discovery as a possible future document that may address this topic. This follows the IETF 118 discussion outcome.
* Addition of a new content format (application/multipart-core) that can carry multiple CA certificates in a simpler CBOR-based container format. With this also comes support for more elaborate CA/sub-CA structures (e.g. 2-tier, 3-tier) that we expect to get more common in the future for IoT.

Best regards
Esko

-----Original Message-----
From: Anima <anima-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Wednesday, January 10, 2024 10:14
To: i-d-announce@ietf.org
Cc: anima@ietf.org
Subject: [Anima] I-D Action: draft-ietf-anima-constrained-voucher-23.txt

Internet-Draft draft-ietf-anima-constrained-voucher-23.txt is now available.
It is a work item of the Autonomic Networking Integrated Model and Approach
(ANIMA) WG of the IETF.

   Title:   Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI)
   Authors: Michael Richardson
            Peter van der Stok
            Panos Kampanakis
            Esko Dijk
   Name:    draft-ietf-anima-constrained-voucher-23.txt
   Pages:   87
   Dates:   2024-01-10

Abstract:

   This document defines the Constrained Bootstrapping Remote Secure Key
   Infrastructure (cBRSKI) protocol, which provides a solution for
   secure zero-touch onboarding of resource-constrained (IoT) devices
   into the network of a domain owner.  This protocol is designed for
   constrained networks, which may have limited data throughput or may
   experience frequent packet loss. cBRSKI is a variant of the BRSKI
   protocol, which uses an artifact signed by the device manufacturer
   called the "voucher" which enables a new device and the owner's
   network to mutually authenticate.  While the BRSKI voucher data is
   encoded in JSON, cBRSKI uses a compact CBOR-encoded voucher.  The
   BRSKI voucher data definition is extended with new data types that
   allow for smaller voucher sizes.  The Enrollment over Secure
   Transport (EST) protocol, used in BRSKI, is replaced with EST-over-
   CoAPS; and HTTPS used in BRSKI is replaced with DTLS-secured CoAP
   (CoAPS).  This document Updates RFC 8995 and RFC 9148.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-constrained-voucher/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-anima-constrained-voucher-23.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-constrained-voucher-23

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

v2.23.0 | Report a Bug | By Email