Dear all,
We just posted a new version of BRSKI-PRM addressing almost all of the
DISCUSS/COMMET/NITS items we got during the telechat preparation from Deb,
Mike, Roman, Gorry, Mohamed, Gunter, and Ori to have an up to date version
available for the telechat on April 17.
Thank you for the comments, they resulted in the following main changes
(related to the issues on https://github.com/anima-wg/anima-brski-prm/issues):
* addressed DISCUSS received during telechat preparation:
- issue 136: included hint for reaction on HTTP requests to avoid DoS
(rate limiting) in Section 6.2
- issue 137: HTTP error handling BCP RFC 9205: removed normative
language for HTTP status codes
- issue 139: usage of TLS 1.3 emphasized by also referencing UTA draft
in Section 7.3
- issue 140: provided hint for time synchronization of registrar-agent
in Section 6.1
- issue 145: clarified language tagging in status information in Section
7.6.2.1
* addressed COMMENT, NITS, received during telechat preparation,
specifically
- issue 140: synchronized time
- issue 141: config options for discovery and nonceless vouchers in
Section 7.6 and Section 6.1
- issue 142: addressed TTL of provisional accept state by utilizing the
last received tPVR for the binding in Section 7.1
- issue 144: clarified usage of "MUST ...unless" in Section 6.2
- issue 146: added MTI algorithm for JWS signatures
- issue 147: definitions of reason-context in status objects
* updated reference of BRSKI-AE (now RFC 9733).
* removed unused references
If there is further clarification needed in the document, we will update it
accordingly.
Best regards
Steffen
-----Original Message-----
From: internet-dra...@ietf.org <internet-dra...@ietf.org>
Sent: Wednesday, April 16, 2025 6:45 PM
To: Michael C. Richardson <mcr+i...@sandelman.ca>; Eliot Lear <l...@cisco.com>;
Michael Richardson <mcr+i...@sandelman.ca>; Fries, Steffen (FT RPD CST)
<steffen.fr...@siemens.com>; Werner, Thomas (FT RPD CST SEA-DE)
<thomas-wer...@siemens.com>
Subject: New Version Notification for draft-ietf-anima-brski-prm-19.txt
A new version of Internet-Draft draft-ietf-anima-brski-prm-19.txt has been
successfully submitted by Steffen Fries and posted to the IETF repository.
Name: draft-ietf-anima-brski-prm
Revision: 19
Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Date: 2025-04-16
Group: anima
Pages: 119
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-19.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-19
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
Abstract:
This document defines enhancements to Bootstrapping Remote Secure Key
Infrastructure (BRSKI, RFC8995) as BRSKI with Pledge in Responder
Mode (BRSKI-PRM).
BRSKI-PRM supports the secure bootstrapping of devices, referred to
as pledges, into a domain where direct communication with the
registrar is either limited or not possible at all. To facilitate
interaction between a pledge and a domain registrar the registrar-
agent is introduced as new component. The registrar-agent supports
the reversal of the interaction model from a pledge-initiated mode,
to a pledge-responding mode, where the pledge is in a server role.
To establish the trust relation between pledge and registrar, BRSKI-
PRM relies on object security rather than transport security. This
approach is agnostic to enrollment protocols that connect a domain
registrar to a key infrastructure (e.g., domain Certification
Authority).
The IETF Secretariat
_______________________________________________
Anima mailing list -- anima@ietf.org
To unsubscribe send an email to anima-le...@ietf.org
