[netconf] New Version Notification for draft-kwatsen-netconf-sztp-csr-00.txt

Kent Watsen <kent+ietf@watsen.net> Tue, 09 June 2020 18:17 UTC

Return-Path: <010001729a4cffe4-c72daa30-98ec-4371-913c-05cb546b1d0a-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 806303A0CC0; Tue, 9 Jun 2020 11:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hGqztRpTvsPE; Tue, 9 Jun 2020 11:17:21 -0700 (PDT)
Received: from a48-92.smtp-out.amazonses.com (a48-92.smtp-out.amazonses.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 789733A0CBC; Tue, 9 Jun 2020 11:17:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1591726637; h=From:Content-Type:Mime-Version:Subject:Date:References:Cc:To:Message-Id:Feedback-ID; bh=bDO+JPtQMM/KH2FydIb33lkv2Lv7P1ELYySLzwtlvh8=; b=V7DO/xrEtIlgVi9Y2eBi5DmP3l8Q+vlFHa+64gGY+gbREqxvD5uSdLa4h4xWvr/i iqMRbs2LWXMiVHpaDXr7z+E2mojcp+2kUY989XzlGr0UJev3xraf77e7ZYtLZguTREm nFZz38DOLJBYc63w7QgQQr4B6Y0wFbZbR4t9kJS8=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1D54D608-E36E-401D-995C-7D5725C79696"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Date: Tue, 9 Jun 2020 18:17:17 +0000
References: <159172475503.26176.3191268380192615720@ietfa.amsl.com>
Cc: draft-kwatsen-netconf-sztp-csr@ietf.org
To: "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <010001729a4cffe4-c72daa30-98ec-4371-913c-05cb546b1d0a-000000@email.amazonses.com>
X-Mailer: Apple Mail (2.3608.
X-SES-Outgoing: 2020.06.09-
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/oIKeL2vPIfG5UvgdULPuSiqaX7o>
Subject: [netconf] New Version Notification for draft-kwatsen-netconf-sztp-csr-00.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 18:17:24 -0000


Based on popular demand, I collaborated with Security gurus Russ Housley and Sean Turner on this I-D.  I think everyone knows Russ and Sean but, just in case:

    - https://datatracker.ietf.org/person/Russ%20Housley <https://datatracker.ietf.org/person/Russ%20Housley>
    - https://datatracker.ietf.org/person/Sean%20Turner <https://datatracker.ietf.org/person/Sean%20Turner>

This draft has a very narrow scope (and hence a relatively short length) to patch in something that ostensibly should’ve been in RFC 8572 (SZTP).  The Abstract below has the details.  Please review and provide comments.   The authors believe that this I-D is, for all intents and purposes, done.   We do not foresee any scope extensions.

FWIW, I was surprised by the interest/demand to be able to set an LDevID as part of the bootstrapping process.  I had always assumed that it could be something the NMS/Controller app could do after establishing a connection with the bootstrapping device.  It turns out that the Mobile and IoT folks need to have in set inline so as to support routing path decisions and peer-to-peer associations before or, in some cases, in order to, connect to the NMS/Controller app (if there even is one).


> Begin forwarded message:
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-kwatsen-netconf-sztp-csr-00.txt
> Date: June 9, 2020 at 1:45:55 PM EDT
> To: "Kent Watsen" <kent+ietf@watsen.net>et>, "Russ Housley" <housley@vigilsec.com>om>, "Sean Turner" <sean@sn3rd.com>
> A new version of I-D, draft-kwatsen-netconf-sztp-csr-00.txt
> has been successfully submitted by Kent Watsen and posted to the
> IETF repository.
> Name:		draft-kwatsen-netconf-sztp-csr
> Revision:	00
> Title:		Conveying a Certificate Signing Request (CSR) in a Secure Zero Touch Provisioning (SZTP) Bootstrapping Request
> Document date:	2020-06-09
> Group:		Individual Submission
> Pages:		29
> URL:            https://www.ietf.org/internet-drafts/draft-kwatsen-netconf-sztp-csr-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-kwatsen-netconf-sztp-csr/
> Htmlized:       https://tools.ietf.org/html/draft-kwatsen-netconf-sztp-csr-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-kwatsen-netconf-sztp-csr
> Abstract:
>   This draft extends the "get-bootstrapping-data" RPC defined in RFC
>   8572 to include an optional certificate signing request (CSR),
>   enabling a bootstrapping device to additionally obtain an identity
>   certificate (e.g., an LDevID, from IEEE 802.1AR) as part of the
>   "onboarding information" response provided in the RPC-reply.
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat