Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-12

The information below is for an old version of the document
Document Type None Internet-Draft (anima WG)
Last updated 2018-03-05
Replaces draft-pritikin-anima-bootstrapping-keyinfra
Stream IETF
Intended RFC status Informational
Formats
Expired & archived
pdf htmlized bibtex
Reviews
Additional URLs
- Mailing list discussion
Stream WG state (None)
Document shepherd Toerless Eckert
IESG IESG state Unknown state
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to "Toerless Eckert" <tte+ietf@cs.fau.de>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-anima-bootstrapping-keyinfra-12.txt

Abstract

This document specifies automated bootstrapping of a remote secure key infrastructure (BRSKI) using manufacturer installed X.509 certificate, in combination with a manufacturer's authorizing service, both online and offline. Bootstrapping a new device can occur using a routable address and a cloud service, or using only link-local connectivity, or on limited/disconnected networks. Support for lower security models, including devices with minimal identity, is described for legacy reasons but not encouraged. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device but the established secure connection can be used to deploy a locally issued certificate to the device as well.

Authors

Max Pritikin (pritikin@cisco.com)
Michael Richardson (mcr+ietf@sandelman.ca)
Michael Behringer (Michael.H.Behringer@gmail.com)
Steinthor Bjarnason (sbjarnason@arbor.net)
Kent Watsen (kwatsen@juniper.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)