BRSKI Cloud Registrar
draft-friel-anima-brski-cloud-03

Document Type Active Internet-Draft (individual)
Authors Owen Friel  , Rifaat Shekh-Yusef  , Michael Richardson 
Last updated 2020-09-24
Stream (None)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Yang Validation 0 errors, 2 warnings.
Additional Resources
- Yang catalog entry for ietf-redirected-voucher@2020-09-23.yang
- Yang impact analysis for draft-friel-anima-brski-cloud
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           O. Friel
Internet-Draft                                                     Cisco
Intended status: Standards Track                          R. Shekh-Yusef
Expires: 28 March 2021                                             Auth0
                                                           M. Richardson
                                                Sandelman Software Works
                                                       24 September 2020

                         BRSKI Cloud Registrar
                    draft-friel-anima-brski-cloud-03

Abstract

   This document specifies the behaviour of a BRSKI Cloud Registrar, and
   how a pledge can interact with a BRSKI Cloud Registrar when
   bootstrapping.

   RFCED REMOVE: It is being actively worked on at https://github.com/
   anima-wg/brski-cloud

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 28 March 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components

Friel, et al.             Expires 28 March 2021                 [Page 1]
Internet-Draft                 BRSKI-CLOUD                September 2020

   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Target Use Cases  . . . . . . . . . . . . . . . . . . . .   3
       1.2.1.  Owner Registrar Discovery . . . . . . . . . . . . . .   4
       1.2.2.  Bootstrapping with no Owner Registrar . . . . . . . .   4
   2.  Architecture  . . . . . . . . . . . . . . . . . . . . . . . .   4
     2.1.  Interested Parties  . . . . . . . . . . . . . . . . . . .   5
     2.2.  Network Connectivity  . . . . . . . . . . . . . . . . . .   6
     2.3.  Pledge Certificate Identity Considerations  . . . . . . .   6
   3.  Protocol Operation  . . . . . . . . . . . . . . . . . . . . .   6
     3.1.  Pledge Requests Voucher from Cloud Registrar  . . . . . .   6
       3.1.1.  Cloud Registrar Discovery . . . . . . . . . . . . . .   6
       3.1.2.  Pledge - Cloud Registrar TLS Establishment Details  .   7
       3.1.3.  Pledge Issues Voucher Request . . . . . . . . . . . .   7
     3.2.  Cloud Registrar Handles Voucher Request . . . . . . . . .   7
       3.2.1.  Pledge Ownership Lookup . . . . . . . . . . . . . . .   8
       3.2.2.  Cloud Registrar Redirects to Owner Registrar  . . . .   8
       3.2.3.  Cloud Registrar Issues Voucher  . . . . . . . . . . .   8
     3.3.  Pledge Handles Cloud Registrar Response . . . . . . . . .   9
       3.3.1.  Redirect Response . . . . . . . . . . . . . . . . . .   9
       3.3.2.  Voucher Response  . . . . . . . . . . . . . . . . . .   9
   4.  Protocol Details  . . . . . . . . . . . . . . . . . . . . . .   9
     4.1.  Voucher Request Redirected to Local Domain Registrar  . .   9
     4.2.  Voucher Request Handled by Cloud Registrar  . . . . . . .  11
   5.  YANG extension for Voucher based redirect . . . . . . . . . .  13
     5.1.  YANG Tree . . . . . . . . . . . . . . . . . . . . . . . .  13
     5.2.  YANG Voucher  . . . . . . . . . . . . . . . . . . . . . .  14
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  16
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  16
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  17
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  17

1.  Introduction

   Bootstrapping Remote Secure Key Infrastructures (BRSKI)
   [I-D.ietf-anima-bootstrapping-keyinfra] specifies automated
Show full document text