IETF Logo Mail Archive

[Anima] Device Certificate Deployment Automation with ACME using BRSKI

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 02 August 2019 18:09 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB811207BB; Fri, 2 Aug 2019 11:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fg32Qi7srGvr; Fri, 2 Aug 2019 11:09:40 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B2E1207BF; Fri, 2 Aug 2019 11:09:39 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id k8so154137616iot.1; Fri, 02 Aug 2019 11:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=x9TJOy1J/7OPrnppbDwqr5cEa1thV2lb1btdX4Gpdck=; b=qiste6FYq5FKNSjXLMPNN1KOvvpDt9k5DnIViQdABkK8BexHDhnoTUflZ5MqLu7GT4 fXxHJ5Q4DsVh7lYoxaLKCfZSQCQodEMm7pei5EX4afL1KKj5C+Waw0zfXkX07rvvVU42 fKdY+SFI1zuT012MK59wqQXCHUc+Boo6A7v9/oo6DevEmseSYI0Cdk1exjXCBjJ9TTh7 dOH1fUZRKnhR/BUXam7j3vhFrMDrb+9pFd1/y6/X36DuvdT4y56LTf9I5z2YZJMY+TLc nlDpNQAb5xHYSRHfa1W/Fgy8i/SlbwpFZaxHQjR452aNN2fqHFBVRG99SEeIyZ/8SWnD UwUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=x9TJOy1J/7OPrnppbDwqr5cEa1thV2lb1btdX4Gpdck=; b=WE+mfU5FWCKzpHpzM0pQHnl/RcCDl85JNWNE3g1nAb7IVKDcMa3KkNhQGi4/3jqNWJ iqYW12MG7qtNYgw7YllCEDig2FWdm//rQnka6jGzvuRBULslpe3VbqdDFTQfAPThj29U rQ3lJ48ap+c2AQ+Nx1PO2NFqNgpRqDIoqUjlk7hq49vg2o+D6Tcw9WWCSEXsO8hziQCt vuvt36yYU8+LSt7DjIWBNR0+qohG2KO1QTY27nbdx032JMTuYuU6wXdpzR7KNEtwWQSf SI+K31nezeKUgX1URolz7fdHwWrIcpvMTaFBDa2j2NZkEBIoEl72ffl1mgQZjuCBE7pf yvkg==
X-Gm-Message-State: APjAAAX9ZftR6OnJzT96SMCMFZqflrvEwcXub27hg5sCHN1uhbxjN5Du ExUMzwVwQKgpN2lc3Si3u728d0LurAA4s1yhTMClLDUWxEE=
X-Google-Smtp-Source: APXvYqynr9Rc51Wquxr0HGj0I1kH0UPOD0W+05SlAd6YFncFe2X76DhLDldpp7/SHaXHd2LnqyN72LcBuI4dbrIBTHg=
X-Received: by 2002:a05:6638:3d2:: with SMTP id r18mr666750jaq.13.1564769378301; Fri, 02 Aug 2019 11:09:38 -0700 (PDT)
MIME-Version: 1.0
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 02 Aug 2019 14:09:29 -0400
Message-ID: <CAGL6epJRmAvDB4=M6RiQaC93wvy1XDgcbhOmuKUtqmEhBWC72w@mail.gmail.com>
To: anima@ietf.org, iot-onboarding@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f2fad2058f2642da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/ykI8i-P2CFJsH8tR7NEe3NLIbVI>
Subject: [Anima] Device Certificate Deployment Automation with ACME using BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 18:09:43 -0000

All,

During the last IETF meeting in Montreal we had a side meeting to discuss
the
deployment automation of ACME issued certificates to devices, and the
potential
use of the BRSKI mechanism to help with this. It was clear from the
discussion
that BRSKI can be used to help address this use case, and that further
discussion is
needed to define the needed enhancements to BRSKI.

The current BRSKI mechanism only briefly discusses the Cloud Registrar
option in
section 2.7, which could be used to help address this use case.

Michael Richardson and I had another meeting over lunch yesterday to
further
discuss this and we decided to work on a new draft to describe the issue
and
define a solution.

Because of vacations and other commitments, we will try to publish the
first
version of the draft early October.

Regards,
 Rifaat & Michael

v2.29.0 | Report a Bug | By Email | System Status