Last Call: <draft-ietf-anima-bootstrapping-keyinfra-20.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard

The IESG <> Tue, 21 May 2019 21:21 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 7BAC21200D6; Tue, 21 May 2019 14:21:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: "IETF-Announce" <>
Subject: Last Call: <draft-ietf-anima-bootstrapping-keyinfra-20.txt> (Bootstrapping Remote Secure Key Infrastructures (BRSKI)) to Proposed Standard
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <>
CC:,,, Toerless Eckert <>,,
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <>
Date: Tue, 21 May 2019 14:21:15 -0700
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 May 2019 21:21:16 -0000

The IESG has received a request from the Autonomic Networking Integrated
Model and Approach WG (anima) to consider the following document: -
'Bootstrapping Remote Secure Key Infrastructures (BRSKI)'
  <draft-ietf-anima-bootstrapping-keyinfra-20.txt> as Proposed Standard

This is a second Last Call. IoT Directorate review was done after the ANIMA 
WG Last Call and consensus to request the publication, and that review resulted 
in substantial changes to the document.  

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the mailing lists by 2019-06-04. Exceptionally, comments may be
sent to instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.


   This document specifies automated bootstrapping of an Autonomic
   Control Plane.  To do this a remote secure key infrastructure (BRSKI)
   is created using manufacturer installed X.509 certificate, in
   combination with a manufacturer's authorizing service, both online
   and offline.  Bootstrapping a new device can occur using a routable
   address and a cloud service, or using only link-local connectivity,
   or on limited/disconnected networks.  Support for lower security
   models, including devices with minimal identity, is described for
   legacy reasons but not encouraged.  Bootstrapping is complete when
   the cryptographic identity of the new key infrastructure is
   successfully deployed to the device but the established secure
   connection can be used to deploy a locally issued certificate to the
   device as well.

The file can be obtained via

IESG discussion can be tracked via

The following IPR Declarations may be related to this I-D:

The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc8368: Using an Autonomic Control Plane for Stable Connectivity of Network Operations, Administration, and Maintenance (OAM) (Informational - IETF stream)