Dear all,
We have just submitted an updated version of BRSKI-PRM, addressing the
remaining comments from the telechat.
The draft specifically
- includes overview subsections for reason-context definition and usage
in Section 6.2
- updates status detail examples to correctly use the defined types in
the status structure.
- includes clarification regarding TLS 1.2 use in Section 4.1
The updates address the latest DISCUSS issues and have been aligned also with
Gorry and the COMMENTS from Orie.
Best regards
Steffen
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Tuesday, May 20, 2025 6:13 PM
To: Michael C. Richardson <[email protected]>; Eliot Lear <[email protected]>;
Michael Richardson <[email protected]>; Fries, Steffen (FT RPD CST)
<[email protected]>; Werner, Thomas (FT RPD CST SEA-DE)
<[email protected]>
Subject: New Version Notification for draft-ietf-anima-brski-prm-22.txt
A new version of Internet-Draft draft-ietf-anima-brski-prm-22.txt has been
successfully submitted by Steffen Fries and posted to the IETF repository.
Name: draft-ietf-anima-brski-prm
Revision: 22
Title: BRSKI with Pledge in Responder Mode (BRSKI-PRM)
Date: 2025-05-20
Group: anima
Pages: 122
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-anima-brski-prm-22.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-brski-prm-22
Abstract:
This document defines enhancements to Bootstrapping Remote Secure Key
Infrastructure (BRSKI, RFC8995) as BRSKI with Pledge in Responder
Mode (BRSKI-PRM). BRSKI-PRM supports the secure bootstrapping of
devices, referred to as pledges, into a domain where direct
communication with the registrar is either limited or not possible at
all. To facilitate interaction between a pledge and a domain
registrar the registrar-agent is introduced as new component. The
registrar-agent supports the reversal of the interaction model from a
pledge-initiated mode, to a pledge-responding mode, where the pledge
is in a server role. To establish the trust relation between pledge
and registrar, BRSKI-PRM relies on object security rather than
transport security. This approach is agnostic to enrollment
protocols that connect a domain registrar to a key infrastructure
(e.g., domain Certification Authority).
The IETF Secretariat
_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]
