[Anima] Protocol Action: 'Bootstrapping Remote Secure Key Infrastructures (BRSKI)' to Proposed Standard (draft-ietf-anima-bootstrapping-keyinfra-41.txt)

The IESG <iesg-secretary@ietf.org> Thu, 09 April 2020 15:43 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: anima@ietf.org
Delivered-To: anima@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C12E3A0A9A; Thu, 9 Apr 2020 08:43:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.125.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Toerless Eckert <tte+ietf@cs.fau.de>, rfc-editor@rfc-editor.org, warren@kumari.net, The IESG <iesg@ietf.org>, anima-chairs@ietf.org, anima@ietf.org, tte+ietf@cs.fau.de, draft-ietf-anima-bootstrapping-keyinfra@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <158644701361.28640.14183261400303717533@ietfa.amsl.com>
Date: Thu, 09 Apr 2020 08:43:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/op7h_0XZgzFJ20YehaYBdXSTiGc>
Subject: [Anima] Protocol Action: 'Bootstrapping Remote Secure Key Infrastructures (BRSKI)' to Proposed Standard (draft-ietf-anima-bootstrapping-keyinfra-41.txt)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 15:43:34 -0000

The IESG has approved the following document:
- 'Bootstrapping Remote Secure Key Infrastructures (BRSKI)'
  (draft-ietf-anima-bootstrapping-keyinfra-41.txt) as Proposed Standard

This document is the product of the Autonomic Networking Integrated Model and
Approach Working Group.

The IESG contact persons are Warren Kumari and Robert Wilton.

A URL of this Internet Draft is:

Technical Summary

This document specifies a mechanism for automated bootstrapping of an Autonomic Control Plane. To do this, a remote secure key infrastructure (BRSKI) is created using manufacturer installed X.509 certificate, in combination with a manufacturer's authorizing service, both online and offline. Support for lower security models, including devices with minimal identity, is described for legacy reasons but not encouraged Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device but the established secure connection can be used to deploy a locally issued certificate to the
device as well.

Working Group Summary

The document has been through two IETF Last Calls as the first one resulted in significant and substantial changes to the proposed mechanisms. Working Group had sufficient interest from the community on evolving the document since 2016. One topic that raised controversy was the reliance of the proposed mechanism on the manufacturer’s identity management systems. The consensus was eventually reached on this topic. 

Document Quality

There are indications of multiple independent implementations available and in progress, both open and closed source. The document went through multiple iterations of WG LCs by the core interest group, has received several directorate and Doctors’ reviews, and went through two IETF wide last calls. 


Document Shepherd is Toerless Eckert. Responsible Area Director is Ignas Bagdonas. Suggested IANA Designated Experts for newly created registries are Michael Richardson and Max Pritikin. 


This document requests to add new entries to existing Well-known EST, PKIX, DNS Service Names, and MUD Extensions registries, as well as creating new registry for BRSKI Parameters.