Hello all, We just submitted a smaller updated based on further comments from the telechat before Easter: - RetryAfter response to be always provided in case of 503 Service unavailable response - Clarification on transport layer security in Security Considerations
Best regards Steffen -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Tuesday, April 29, 2025 5:26 PM To: Michael C. Richardson <mcr+i...@sandelman.ca>; Eliot Lear <l...@cisco.com>; Michael Richardson <mcr+i...@sandelman.ca>; Fries, Steffen (FT RPD CST) <steffen.fr...@siemens.com>; Werner, Thomas (FT RPD CST SEA-DE) <thomas-wer...@siemens.com> Subject: New Version Notification for draft-ietf-anima-brski-prm-21.txt A new version of Internet-Draft draft-ietf-anima-brski-prm-21.txt has been successfully submitted by Steffen Fries and posted to the IETF repository. Name: draft-ietf-anima-brski-prm Revision: 21 Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM) Date: 2025-04-29 Group: anima Pages: 120 The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-21.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-21 Abstract: This document defines enhancements to Bootstrapping Remote Secure Key Infrastructure (BRSKI, RFC8995) as BRSKI with Pledge in Responder Mode (BRSKI-PRM). BRSKI-PRM supports the secure bootstrapping of devices, referred to as pledges, into a domain where direct communication with the registrar is either limited or not possible at all. To facilitate interaction between a pledge and a domain registrar the registrar-agent is introduced as new component. The registrar-agent supports the reversal of the interaction model from a pledge-initiated mode, to a pledge-responding mode, where the pledge is in a server role. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. This approach is agnostic to enrollment protocols that connect a domain registrar to a key infrastructure (e.g., domain Certification Authority). The IETF Secretariat _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
