Skip to main content

Bootstrapping Key Infrastructures

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Expired & archived
Authors Max Pritikin , Michael H. Behringer , Steinthor Bjarnason
Last updated 2014-07-21 (Latest revision 2014-01-15)
Replaced by draft-pritikin-anima-bootstrapping-keyinfra
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies automated bootstrapping of an key infrastructure using vendor installed IEEE 802.1AR manufacturing installed certificates, in combination with a vendor based cloud service. Before being authenticated, a new device has only link- local connectivity, and does not require a routable address. When a vendor cloud service is provided devices can be forced to join only specific domains but for contrained environments we describe a variety of options that allow bootstrapping to proceed.


Max Pritikin
Michael H. Behringer
Steinthor Bjarnason

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)