Bootstrapping Key Infrastructures

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Max Pritikin  , Michael Behringer  , Steinthor Bjarnason 
Last updated 2014-07-21 (latest revision 2014-01-15)
Replaced by draft-pritikin-anima-bootstrapping-keyinfra
Stream (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies automated bootstrapping of an key infrastructure using vendor installed IEEE 802.1AR manufacturing installed certificates, in combination with a vendor based cloud service. Before being authenticated, a new device has only link- local connectivity, and does not require a routable address. When a vendor cloud service is provided devices can be forced to join only specific domains but for contrained environments we describe a variety of options that allow bootstrapping to proceed.


Max Pritikin (
Michael Behringer (
Steinthor Bjarnason (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)