Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-richardson-anima-brski-renamed-00

Versions:

Document	Type	Expired Internet-Draft (individual) Expired & archived
	Authors	Max Pritikin , Michael Richardson , Toerless Eckert , Michael H. Behringer , Kent Watsen
	Last updated	2021-02-12 (Latest revision 2020-08-11)
	RFC stream	(None)
	Intended RFC status	(None)
	Formats	txt html xml htmlized pdf bibtex
	Yang Validation	☯ 0 errors, 0 warnings Yang Validation for draft-richardson-anima-brski-renamed-00 on 2021-02-12 draft-richardson-anima-brski-renamed-00.txt: xym 0.4.10: Extracting 'ietf-voucher-request@2018-02-14.yang' Removed 0 empty lines Extracting 'proxygrasp.cddl' Extracting 'jrcgrasp.cddl' Extracting 'auditlog.cddl' Extracting 'enrollstatus.cddl' Extracting 'vendor.key' Extracting 'vendor.cert' Extracting 'masa.key' Extracting 'masa.cert' Extracting 'ownerca_secp384r1.key' Extracting 'ownerca_secp384r1.cert' Extracting 'jrc_prime256v1.key' Extracting 'jrc_prime256v1.cert' Extracting 'idevid_00-D0-E5-F2-00-02.key' Extracting 'idevid_00-D0-E5-F2-00-02.cert' Extracting 'vr_00-D0-E5-F2-00-02.b64' Extracting 'parboiled_vr_00-D0-E5-F2-00-02.b64' Extracting 'voucher_00-D0-E5-F2-00-02.b64' ietf-voucher-request@2018-02-14.yang: pyang 2.4.0: pyang --verbose --ietf -p {libs} {model}: # module search path: a/www/ietf-ftp/yang/rfcmod/:/a/www/ietf-ftp/yang/draftmod/:/a/www/ietf-ftp/yang/ianamod/:/a/www/ietf-ftp/yang/catalogmod/:.:/var/lib/wwwrun/yang/modules:/a/www/ietf-datatracker/7.25.0/env/share/yang/modules # read ietf-voucher-request@2018-02-14.yang (CL) # read /a/www/ietf-ftp/yang/rfcmod/ietf-restconf.yang # read /a/www/ietf-datatracker/7.25.0/env/share/yang/modules/ietf/ietf-restconf.yang # read /a/www/ietf-datatracker/7.25.0/env/share/yang/modules/ietf/ietf-voucher.yang # read /a/www/ietf-ftp/yang/rfcmod/ietf-voucher@2018-05-09.yang # read /a/www/ietf-datatracker/7.25.0/env/share/yang/modules/ietf/ietf-yang-types.yang # read /a/www/ietf-ftp/yang/catalogmod/ietf-yang-types@2020-07-06.yang yanglint SO 1.6.7: yanglint --verbose -p {tmplib} -p {rfclib} -p {draftlib} -p {ianalib} -p {cataloglib} {model} -i: No validation errors
	Additional resources	Yang catalog entry for ietf-voucher-request@2018-02-14.yang Yang impact analysis for draft-richardson-anima-brski-renamed
Stream	Stream state	(No stream defined)
	Consensus boilerplate	Unknown
	RFC Editor Note	(None)
IESG	IESG state	Expired
	Telechat date	(None)
	Responsible AD	(None)
	Send notices to	(None)

Email authors IPR References Referenced by Nits

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

txt html xml htmlized pdf bibtex

Abstract

This document specifies automated bootstrapping of an Autonomic Control Plane. To do this a Secure Key Infrastructure is bootstrapped. This is done using manufacturer-installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. We call this process the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping a new device can occur using a routable address and a cloud service, or using only link-local connectivity, or on limited/ disconnected networks. Support for deployment models with less stringent security requirements is included. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well.

Authors

Max Pritikin
Michael Richardson
Toerless Eckert
Michael H. Behringer
Kent Watsen

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)

Bootstrapping Remote Secure Key Infrastructures (BRSKI) draft-richardson-anima-brski-renamed-00

Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-richardson-anima-brski-renamed-00