%% You should probably cite rfc8995 instead of this I-D. @techreport{ietf-anima-bootstrapping-keyinfra-28, number = {draft-ietf-anima-bootstrapping-keyinfra-28}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/28/}, author = {Max Pritikin and Michael Richardson and Toerless Eckert and Michael H. Behringer and Kent Watsen}, title = {{Bootstrapping Remote Secure Key Infrastructures (BRSKI)}}, pagetotal = 113, year = 2019, month = sep, day = 19, abstract = {This document specifies automated bootstrapping of an Autonomic Control Plane. To do this a Remote Secure Key Infrastructure (BRSKI) is created using manufacturer installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. Bootstrapping a new device can occur using a routable address and a cloud service, or using only link-local connectivity, or on limited/disconnected networks. Support for lower security models, including devices with minimal identity, is described for legacy reasons but not encouraged. Bootstrapping to is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well.}, }