[Iot-onboarding] Device Certificate Deployment Automation with ACME using BRSKI
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 02 August 2019 18:09 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB811207BB; Fri, 2 Aug 2019 11:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fg32Qi7srGvr; Fri, 2 Aug 2019 11:09:40 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B2E1207BF; Fri, 2 Aug 2019 11:09:39 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id k8so154137616iot.1; Fri, 02 Aug 2019 11:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=x9TJOy1J/7OPrnppbDwqr5cEa1thV2lb1btdX4Gpdck=; b=qiste6FYq5FKNSjXLMPNN1KOvvpDt9k5DnIViQdABkK8BexHDhnoTUflZ5MqLu7GT4 fXxHJ5Q4DsVh7lYoxaLKCfZSQCQodEMm7pei5EX4afL1KKj5C+Waw0zfXkX07rvvVU42 fKdY+SFI1zuT012MK59wqQXCHUc+Boo6A7v9/oo6DevEmseSYI0Cdk1exjXCBjJ9TTh7 dOH1fUZRKnhR/BUXam7j3vhFrMDrb+9pFd1/y6/X36DuvdT4y56LTf9I5z2YZJMY+TLc nlDpNQAb5xHYSRHfa1W/Fgy8i/SlbwpFZaxHQjR452aNN2fqHFBVRG99SEeIyZ/8SWnD UwUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=x9TJOy1J/7OPrnppbDwqr5cEa1thV2lb1btdX4Gpdck=; b=WE+mfU5FWCKzpHpzM0pQHnl/RcCDl85JNWNE3g1nAb7IVKDcMa3KkNhQGi4/3jqNWJ iqYW12MG7qtNYgw7YllCEDig2FWdm//rQnka6jGzvuRBULslpe3VbqdDFTQfAPThj29U rQ3lJ48ap+c2AQ+Nx1PO2NFqNgpRqDIoqUjlk7hq49vg2o+D6Tcw9WWCSEXsO8hziQCt vuvt36yYU8+LSt7DjIWBNR0+qohG2KO1QTY27nbdx032JMTuYuU6wXdpzR7KNEtwWQSf SI+K31nezeKUgX1URolz7fdHwWrIcpvMTaFBDa2j2NZkEBIoEl72ffl1mgQZjuCBE7pf yvkg==
X-Gm-Message-State: APjAAAX9ZftR6OnJzT96SMCMFZqflrvEwcXub27hg5sCHN1uhbxjN5Du ExUMzwVwQKgpN2lc3Si3u728d0LurAA4s1yhTMClLDUWxEE=
X-Google-Smtp-Source: APXvYqynr9Rc51Wquxr0HGj0I1kH0UPOD0W+05SlAd6YFncFe2X76DhLDldpp7/SHaXHd2LnqyN72LcBuI4dbrIBTHg=
X-Received: by 2002:a05:6638:3d2:: with SMTP id r18mr666750jaq.13.1564769378301; Fri, 02 Aug 2019 11:09:38 -0700 (PDT)
MIME-Version: 1.0
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 02 Aug 2019 14:09:29 -0400
Message-ID: <CAGL6epJRmAvDB4=M6RiQaC93wvy1XDgcbhOmuKUtqmEhBWC72w@mail.gmail.com>
To: anima@ietf.org, iot-onboarding@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f2fad2058f2642da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/_T5Nk3YlKWXruTk_R7XXYudqRf4>
Subject: [Iot-onboarding] Device Certificate Deployment Automation with ACME using BRSKI
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 18:09:43 -0000
All, During the last IETF meeting in Montreal we had a side meeting to discuss the deployment automation of ACME issued certificates to devices, and the potential use of the BRSKI mechanism to help with this. It was clear from the discussion that BRSKI can be used to help address this use case, and that further discussion is needed to define the needed enhancements to BRSKI. The current BRSKI mechanism only briefly discusses the Cloud Registrar option in section 2.7, which could be used to help address this use case. Michael Richardson and I had another meeting over lunch yesterday to further discuss this and we decided to work on a new draft to describe the issue and define a solution. Because of vacations and other commitments, we will try to publish the first version of the draft early October. Regards, Rifaat & Michael
- [Iot-onboarding] Device Certificate Deployment Au… Rifaat Shekh-Yusef
- Re: [Iot-onboarding] Device Certificate Deploymen… Owen Friel (ofriel)
- Re: [Iot-onboarding] Device Certificate Deploymen… Owen Friel (ofriel)
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen
- Re: [Iot-onboarding] [Anima] Device Certificate D… Michael Richardson
- Re: [Iot-onboarding] [Anima] Device Certificate D… Toerless Eckert
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen
- Re: [Iot-onboarding] [Anima] Device Certificate D… Michael Richardson
- Re: [Iot-onboarding] [Anima] Device Certificate D… Michael Richardson
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen
- Re: [Iot-onboarding] [Anima] Device Certificate D… Michael Richardson
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen
- Re: [Iot-onboarding] [Anima] Device Certificate D… Michael Richardson
- Re: [Iot-onboarding] [Anima] Device Certificate D… Kent Watsen