Dear all, We just posted a new version of BRSKI-PRM addressing some DISCUSS/COMMET/NITS items we got during the telechat preparation and after the last version update yesterday. The Update fixes some further points received.
Best regards Steffen -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Thursday, April 17, 2025 2:55 PM To: Michael C. Richardson <mcr+i...@sandelman.ca>; Eliot Lear <l...@cisco.com>; Michael Richardson <mcr+i...@sandelman.ca>; Fries, Steffen (FT RPD CST) <steffen.fr...@siemens.com>; Werner, Thomas (FT RPD CST SEA-DE) <thomas-wer...@siemens.com> Subject: New Version Notification for draft-ietf-anima-brski-prm-20.txt A new version of Internet-Draft draft-ietf-anima-brski-prm-20.txt has been successfully submitted by Steffen Fries and posted to the IETF repository. Name: draft-ietf-anima-brski-prm Revision: 20 Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM) Date: 2025-04-17 Group: anima Pages: 120 The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-20.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-20 Abstract: This document defines enhancements to Bootstrapping Remote Secure Key Infrastructure (BRSKI, RFC8995) as BRSKI with Pledge in Responder Mode (BRSKI-PRM). BRSKI-PRM supports the secure bootstrapping of devices, referred to as pledges, into a domain where direct communication with the registrar is either limited or not possible at all. To facilitate interaction between a pledge and a domain registrar the registrar-agent is introduced as new component. The registrar-agent supports the reversal of the interaction model from a pledge-initiated mode, to a pledge-responding mode, where the pledge is in a server role. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. This approach is agnostic to enrollment protocols that connect a domain registrar to a key infrastructure (e.g., domain Certification Authority). The IETF Secretariat _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
