Delegated Authority for Bootstrap Voucher Artifacts
draft-richardson-anima-voucher-delegation-02
|
Document |
Type |
|
Active Internet-Draft (individual)
|
|
Authors |
|
Michael Richardson
,
Jie Yang
|
|
Last updated |
|
2020-09-18
|
|
Stream |
|
(None)
|
|
Intended RFC status |
|
(None)
|
|
Formats |
|
plain text
xml
pdf
htmlized (tools)
htmlized
bibtex
|
|
Yang Validation |
|
☯
0 errors, 2 warnings.
draft-richardson-anima-voucher-delegation-02.txt:
xym 0.5:
Extracting 'ietf-delegated-voucher@2020-01-06.yang'
Removed 0 empty lines
ietf-delegated-voucher@2020-01-06.yang:
pyang 2.4.0: pyang --verbose --ietf -p {libs} {model}:
# module search path: a/www/ietf-ftp/yang/rfcmod/:/a/www/ietf-ftp/yang/draftmod/:/a/www/ietf-ftp/yang/ianamod/:/a/www/ietf-ftp/yang/catalogmod/:.:/var/lib/wwwrun/yang/modules:/a/www/ietf-datatracker/7.27.0/env/share/yang/modules
# read ietf-delegated-voucher@2020-01-06.yang (CL)
# read /a/www/ietf-ftp/yang/rfcmod/ietf-restconf.yang
# read /a/www/ietf-datatracker/7.27.0/env/share/yang/modules/ietf/ietf-restconf.yang
# read /a/www/ietf-datatracker/7.27.0/env/share/yang/modules/ietf/ietf-voucher.yang
# read /a/www/ietf-ftp/yang/rfcmod/ietf-voucher@2018-05-09.yang
# read /a/www/ietf-datatracker/7.27.0/env/share/yang/modules/ietf/ietf-yang-types.yang
# read /a/www/ietf-ftp/yang/draftmod/ietf-yang-types@2021-02-22.yang
ietf-delegated-voucher@2020-01-06.yang:37: warning: RFC 8407: 3.1: The IETF Trust Copyright statement seems to be missing (see pyang --ietf-help for details).
ietf-delegated-voucher@2020-01-06.yang:37: warning: the module seems to use RFC 2119 keywords, but the required text from RFC 8174 is not found (see pyang --ietf-help for details).
yanglint SO 1.6.7: yanglint --verbose -p {tmplib} -p {rfclib} -p {draftlib} -p {ianalib} -p {cataloglib} {model} -i:
No validation errors
|
|
Additional Resources |
|
|
Stream |
Stream state |
|
(No stream defined) |
|
Consensus Boilerplate |
|
Unknown
|
|
RFC Editor Note |
|
(None)
|
IESG |
IESG state |
|
I-D Exists
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
anima Working Group M. Richardson
Internet-Draft Sandelman Software Works
Intended status: Standards Track J. Yang
Expires: March 22, 2021 Huawei Technologies Co., Ltd.
September 18, 2020
Delegated Authority for Bootstrap Voucher Artifacts
draft-richardson-anima-voucher-delegation-02
Abstract
This document describes an extension of the RFC8366 Voucher Artifact
in order to support delegation of signing authority. The initial
voucher pins a public identity, and that public indentity can then
issue additional vouchers. This chain of authorization can support
permission-less resale of devices, as well as guarding against
business failure of the BRSKI [I-D.ietf-anima-bootstrapping-keyinfra]
Manufacturer Authorized Signing Authority (MASA).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 22, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Richardson & Yang Expires March 22, 2021 [Page 1]
Internet-Draft delegated-voucher September 2020
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements for the Delegation . . . . . . . . . . . . . 3
1.1.1. Device Onboarding with Disconnected or Offline MASA . 3
1.1.2. Resale of Devices . . . . . . . . . . . . . . . . . . 3
1.1.3. Crypto-agility for Registrar . . . . . . . . . . . . 3
1.1.4. Transparent Assemblers/Value-Added-Resellers . . . . 4
1.2. Overview of Proposed Solution . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Delegation Voucher Artifact . . . . . . . . . . . . . . . . . 5
3.1. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Bundling of The Vouchers . . . . . . . . . . . . . . . . 9
3.3. Delegation of Multiple Devices . . . . . . . . . . . . . 9
4. Enhanced Pledge Behavior . . . . . . . . . . . . . . . . . . 9
5. Changes to Registrar Behavior . . . . . . . . . . . . . . . . 10
5.1. Discovering The Most Recent Delegated Authority to Use . 10
6. Applying The Delegation Voucher to Requirements . . . . . . . 11
6.1. Case 1: Resale . . . . . . . . . . . . . . . . . . . . . 11
6.2. Case 2: Assembly . . . . . . . . . . . . . . . . . . . . 12
7. Constraints on Pinning The Delegated Authority . . . . . . . 12
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9.1. YANG Module Security Considerations . . . . . . . . . . . 12
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
10.1. The IETF XML Registry . . . . . . . . . . . . . . . . . 13
10.2. YANG Module Names Registry . . . . . . . . . . . . . . . 13
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 13
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
13.1. Normative References . . . . . . . . . . . . . . . . . . 13
13.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Extra references . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
The [RFC8366] voucher artifact provides a proof from a manufacturer's
authorizing signing authority (MASA) of the intended owner of a
Show full document text