-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathdtbootstrap-anima-keyinfra.xml
5277 lines (4822 loc) · 251 KB
/
dtbootstrap-anima-keyinfra.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC7030 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7030.xml">
<!ENTITY RFC5280 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml">
<!ENTITY RFC5652 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml">
<!ENTITY RFC7575 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7575.xml">
<!ENTITY RFC7950 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml">
<!ENTITY RFC7951 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7951.xml">
<!ENTITY RFC3748 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3748.xml">
]>
<rfc category="std" docName="draft-ietf-anima-bootstrapping-keyinfra-45"
ipr="trust200902">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc compact="yes" ?>
<?rfc consensus="true" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<front>
<title abbrev="BRSKI">Bootstrapping Remote Secure Key Infrastructures
(BRSKI)</title>
<author fullname="Max Pritikin" initials="M." surname="Pritikin">
<organization>Cisco</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<author fullname="Michael C. Richardson" initials="M."
surname="Richardson">
<organization abbrev="Sandelman">Sandelman Software Works</organization>
<address>
<email>[email protected]</email>
<uri>http://www.sandelman.ca/</uri>
</address>
</author>
<author fullname="Toerless Eckert" initials="T.T.E." surname="Eckert">
<organization abbrev="Futurewei USA">
Futurewei Technologies Inc. USA</organization>
<address>
<postal>
<street>2330 Central Expy</street>
<city>Santa Clara</city>
<region>CA</region>
<code>95050</code>
<country>USA</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author fullname="Michael H. Behringer" initials="M.H."
surname="Behringer">
<address>
<email>[email protected]</email>
</address>
</author>
<author fullname="Kent Watsen" initials="K.W." surname="Watsen">
<organization>Watsen Networks</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<date year="2021" />
<area>Operations and Management</area>
<workgroup>ANIMA WG</workgroup>
<abstract>
<t>
This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a Secure Key Infrastructure is
bootstrapped. This is done using manufacturer-installed
X.509 certificates, in combination with a manufacturer's authorizing
service, both online and offline. We call this process the
Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol.
Bootstrapping a new device can occur using a routable address and a
cloud service, or using only link-local connectivity, or on
limited/disconnected networks. Support for deployment models
with less stringent security requirements is included.
Bootstrapping is complete when the cryptographic identity of the new
key infrastructure is successfully deployed to the device. The
established secure connection can be used to deploy a locally issued
certificate to the device as well.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol
provides a solution for secure zero-touch (automated) bootstrap of
new (unconfigured) devices that are called pledges in this
document. Pledges have an IDevID installed in them at the factory.
</t>
<t>
"BRSKI" is pronounced like "brewski", a colloquial term for beer in
Canada and parts of the US-midwest. <xref target="brewski" />
</t>
<t>
This document primarily provides for the needs of
the ISP and Enterprise focused ANIMA
<xref target="I-D.ietf-anima-autonomic-control-plane">Autonomic
Control Plane (ACP)</xref>. This bootstrap process satisfies
the <xref target="RFC7575" /> requirements of section 3.3 of making all operations
secure by default. Other users of the BRSKI protocol
will need to provide separate applicability statements that
include privacy and security considerations appropriate to that
deployment. <xref target="acpapplicability" /> explains the detailed
applicability for this the ACP usage.
</t>
<t>
The BRSKI protocol requires a significant amount of communication
between manufacturer and owner: in its default modes it provides a
cryptographic transfer of control to the initial owner. In its
strongest modes, it leverages sales channel information to identify
the owner in advance. Resale of devices is possible, provided that
the manufacturer is willing to authorize the transfer. Mechanisms
to enable transfers of ownership without manufacturer authorization
are not included in this version of the protocol, but could be
designed into future versions.
</t>
<t>
This document describes how pledges discover (or are discovered by) an
element of the network domain to which the pledge belongs that will perform
the bootstrap. This element (device) is called the
registrar. Before any other operation, pledge and registrar need to
establish mutual trust:
</t>
<t><list style="numbers">
<t>Registrar authenticating the pledge: "Who is this device? What is
its identity?"</t>
<t>Registrar authorizing the pledge: "Is it mine? Do I want it?
What are the chances it has been compromised?"</t>
<t>Pledge authenticating the registrar: "What is this
registrar's identity?"</t>
<t>Pledge authorizing the registrar: "Should I join this network?"</t>
</list></t>
<t>
This document details protocols and messages to answer the above questions.
It uses a TLS connection and an PKIX-shaped (X.509v3) certificate (an IEEE
802.1AR <xref target="IDevID" /> IDevID) of the pledge to answer
points 1 and 2.
It uses a new artifact called a "voucher" that the registrar
receives from a "Manufacturer Authorized Signing Authority" (MASA) and
passes to the pledge to answer points 3 and 4.
</t>
<t>
A proxy provides very limited connectivity between the pledge and
the registrar.
</t>
<t>The syntactic details of vouchers are described in detail in <xref
target="RFC8366" />. This document details automated
protocol mechanisms to obtain vouchers, including the definition
of a 'voucher-request' message that is a minor extension
to the voucher format (see <xref target="voucher-request" />) defined
by <xref target="RFC8366" />.</t>
<t>BRSKI results in the pledge storing an X.509 root
certificate sufficient for verifying the registrar identity. In the
process a TLS connection is established that can be directly used for
Enrollment over Secure Transport (EST). In effect BRSKI provides
an automated mechanism for the "Bootstrap Distribution of CA Certificates"
described in <xref target="RFC7030"></xref> Section 4.1.1 wherein
the pledge "MUST [...] engage a human user to authorize the CA certificate using
out-of-band" information. With BRSKI the pledge now can automate
this process using the voucher. Integration with a complete EST
enrollment is optional but trivial.</t>
<t>BRSKI is agile enough to support
bootstrapping alternative key infrastructures, such as a symmetric key
solutions, but no such system is described in this document.</t>
<section title="Prior Bootstrapping Approaches">
<t>To literally "pull yourself up by the bootstraps" is an impossible
action. Similarly the secure establishment of a key infrastructure
without external help is also an impossibility. Today it is commonly
accepted that the initial connections between nodes are insecure, until
key distribution is complete, or that domain-specific keying material
(often pre-shared keys, including mechanisms like SIM cards)
is pre-provisioned on each new device in a costly and non-scalable
manner. Existing automated mechanisms are known as non-secured 'Trust on
First Use' (TOFU) <xref target="RFC7435" />, 'resurrecting duckling'
<xref target="Stajano99theresurrecting" /> or 'pre-staging'.</t>
<t>Another prior approach has been to try and
minimize user actions during bootstrapping, but not eliminate all
user-actions.
The original EST protocol <xref
target="RFC7030"></xref> does reduce user actions during bootstrap
but does not provide solutions for how the following protocol steps
can be made autonomic (not involving user actions):
</t>
<t><list style="symbols">
<t>using the Implicit Trust Anchor <xref target="RFC7030" /> database to authenticate
an owner specific service (not an autonomic solution because
the URL must be securely distributed),</t>
<t>engaging a human user to authorize the CA certificate using
out-of-band data (not an autonomic solution because the human user
is involved),</t>
<t>using a configured Explicit TA database (not an autonomic
solution because the distribution of an explicit TA database is
not autonomic),</t>
<t>and using a Certificate-Less TLS mutual authentication method
(not an autonomic solution because the distribution of symmetric
key material is not autonomic).
</t>
</list>
These "touch" methods do not meet the requirements for
zero-touch.
</t>
<t>There are "call home" technologies where the pledge first
establishes a connection to a well known manufacturer service using a common
client-server authentication model. After mutual authentication,
appropriate credentials to authenticate the target domain are
transferred to the pledge. This creates several problems and
limitations:</t>
<t><list style="symbols">
<t>the pledge requires realtime connectivity to the manufacturer
service,</t>
<t>the domain identity is exposed to the manufacturer service (this is a
privacy concern),</t>
<t>the manufacturer is responsible for making the authorization
decisions (this is a liability concern),</t>
</list></t>
<t>BRSKI addresses these issues by defining extensions to the EST protocol
for the automated distribution of vouchers.
</t>
</section>
<section title="Terminology">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"></xref>
<xref target="RFC8174"></xref> when, and only when, they
appear in all capitals, as shown here.
</t>
<t>The following terms are defined for clarity:</t>
<t><list style="hanging">
<t hangText="ANI:">The Autonomic Network Infrastructure as
defined by <xref target="I-D.ietf-anima-reference-model" />.
<xref target="acpapplicability" /> details specific requirements for pledges,
proxies and registrars when they are part of an ANI.</t>
<t hangText="Circuit Proxy:">A stateful implementation
of the join proxy. This is the assumed type of proxy.</t>
<t hangText="drop-ship:">The physical distribution of equipment
containing the "factory default" configuration to a final
destination. In zero-touch scenarios there is no staging or
pre-configuration during drop-ship.</t>
<t hangText="Domain:">The set of entities that share a common local
trust anchor. This includes the proxy, registrar,
Domain Certificate Authority, Management components and any
existing entity that is already a member of the domain.</t>
<t hangText="domainID:">The domain IDentity is a unique value
based upon the Registrar CA's certificate.
<xref target="domainID" /> specifies how it is calculated.
</t>
<t hangText="Domain CA:">The domain Certification Authority (CA)
provides certification functionalities to the domain. At a minimum
it provides certification functionalities to a registrar and
manages the private key that defines the domain. Optionally, it
certifies all elements.</t>
<t hangText="enrollment:">The process where a device presents key
material to a network and acquires a network-specific identity.
For example when a certificate signing request is presented to a
certification authority and a certificate is obtained in
response.</t>
<t hangText="imprint:">The process where a device obtains the
cryptographic key material to identify and trust future
interactions with a network. This term is taken from Konrad
Lorenz's work in biology with new ducklings: during a critical
period, the duckling would assume that anything that looks like a
mother duck is in fact their mother. An equivalent for a device is
to obtain the fingerprint of the network's root certification
authority certificate. A device that imprints on an attacker
suffers a similar fate to a duckling that imprints on a hungry
wolf. Securely imprinting is a primary focus of this
document <xref target="imprinting"></xref>. The analogy to
Lorenz's work was first noted in <xref
target="Stajano99theresurrecting"></xref>.</t>
<t hangText="IDevID:">An Initial Device Identity X.509 certificate
installed by the vendor on new equipment. This is a term from
802.1AR <xref target="IDevID" /></t>
<t hangText="IPIP Proxy:">A stateless proxy alternative.</t>
<t hangText="Join Proxy:">A domain entity that helps the pledge join
the domain. A join proxy facilitates communication for devices that
find themselves in an environment where they are not provided
connectivity until after they are validated as members of the
domain. For simplicity this document sometimes uses the
term of 'proxy' to indicate the join proxy. The pledge
is unaware that they are communicating with a
proxy rather than directly with a registrar.</t>
<t hangText="Join Registrar (and Coordinator):">A representative of the domain that is
configured, perhaps autonomically, to decide whether a new device
is allowed to join the domain. The administrator of the domain
interfaces with a "join registrar (and coordinator)" to control this process. Typically a
join registrar is "inside" its domain. For simplicity this document
often refers to this as just "registrar". Within <xref target="I-D.ietf-anima-reference-model" /> this is
referred to as the "join registrar autonomic service agent".
Other communities use the abbreviation "JRC".
</t>
<t hangText="LDevID:">A Local Device Identity X.509 certificate
installed by the owner of the equipment. This is a term from
802.1AR <xref target="IDevID" /></t>
<t hangText="manufacturer:">the term manufacturer is used
throughout this document to be the entity that created the
device. This is typically the "original equipment manufacturer"
or OEM, but in more complex situations it could be a "value added
retailer" (VAR), or possibly even a systems integrator. In
general, it a goal of BRSKI to eliminate small distinctions
between different sales channels. The reason for this is
that it permits a single device, with a uniform firmware load, to
be shipped directly to all customers. This eliminates costs
for the manufacturer. This also reduces the number of products
supported in the field increasing the chance that firmware will
be more up to date.
</t>
<t hangText="MASA Audit-Log:">An anonymized list of previous owners
maintained by the MASA on a per device (per pledge)
basis. Described in <xref target="MASAauditlog" />.
</t>
<t hangText="MASA Service:">A third-party Manufacturer Authorized
Signing Authority (MASA) service on the global Internet. The MASA
signs vouchers. It also provides a repository for audit-log
information of privacy protected bootstrapping events. It does
not track ownership. </t>
<t hangText="nonced:">a voucher (or request) that contains a nonce (the normal
case).</t>
<t hangText="nonceless:">a voucher (or request) that does not
contain a nonce, relying upon accurate clocks for expiration, or
which does not expire.</t>
<t hangText="offline:">When an architectural component cannot
perform realtime communications with a peer, either due to
network connectivity or because the peer is turned off, the
operation is said to be occurring offline.</t>
<t hangText="Ownership Tracker:">An Ownership Tracker service on
the global Internet. The Ownership Tracker uses business processes
to accurately track ownership of all devices shipped against
domains that have purchased them. Although optional, this component
allows vendors to provide additional value in cases where their
sales and distribution channels allow for accurate tracking of
such ownership. Ownership tracking information is indicated in
vouchers as described in <xref target="RFC8366"/></t>
<t hangText="Pledge:">The prospective (unconfigured) device, which has an
identity installed at the factory.</t>
<t hangText="(Public) Key Infrastructure:"> The collection of systems and
processes that sustain the activities of a public key system.
The registrar acts as an
<xref target="RFC5280" /> and <xref target="RFC5272" /> (see
section 7) "Registration Authority".</t>
<t hangText="TOFU:">Trust on First Use. Used similarly to <xref
target="RFC7435" />. This is where a pledge
device makes no security decisions but rather simply trusts the
first registrar it is contacted by. This is also known as the
"resurrecting duckling" model.</t>
<t hangText="Voucher:">A signed artifact from the MASA
that indicates to a pledge the cryptographic identity of the
registrar it should trust. There are different types of vouchers
depending on how that trust is asserted. Multiple voucher types are
defined in <xref target="RFC8366" /></t>
</list>
</t>
</section>
<section title="Scope of solution">
<section title="Support environment">
<t>
This solution (BRSKI) can support large router
platforms with multi-gigabit inter-connections, mounted in controlled
access data centers. But this solution is not exclusive to large equipment:
it is intended to scale to thousands of devices located in hostile
environments, such as ISP provided CPE devices which are drop-shipped
to the end user. The situation where an order is fulfilled from
distributed warehouse from a common stock and shipped directly to the
target location at the request of a domain owner is explicitly
supported. That stock ("SKU") could be provided to a number of
potential domain owners, and the eventual domain owner will not know
a-priori which device will go to which location.
</t>
<t>
The bootstrapping process can take minutes to complete depending on
the network infrastructure and device processing speed. The network
communication itself is not optimized for speed; for privacy reasons,
the discovery process allows for the pledge to avoid announcing its
presence through broadcasting.
</t>
<t>
Nomadic or mobile devices often need to acquire credentials to
access the network at the new location. An example of this is
mobile phone roaming among network operators, or even between
cell towers. This is usually called handoff.
BRSKI does not provide a low-latency handoff which is usually a
requirement in such situations.
For these solutions BRSKI can be used to create a relationship
(an LDevID) with the "home" domain owner. The resulting credentials
are then used to provide credentials more appropriate for a
low-latency handoff.
</t>
</section>
<section title="Constrained environments">
<t>Questions have been posed as to whether this solution is suitable
in general for Internet of Things (IoT) networks. This depends on the
capabilities of the devices in question. The terminology of <xref
target="RFC7228"></xref> is best used to describe the boundaries.</t>
<t>The solution described in this document is aimed in general at
non-constrained (i.e., class 2+ <xref target="RFC7228" />) devices operating on a non-Challenged
network. The entire solution as described here is not intended to be
useable as-is by constrained devices operating on challenged networks
(such as 802.15.4 Low-power Lossy Networks (LLN)s).</t>
<t>Specifically, there are protocol aspects described here that might
result in congestion collapse or energy-exhaustion of intermediate
battery powered routers in an LLN. Those types of networks should not
use this solution. These limitations are predominately related to the
large credential and key sizes required for device authentication.
Defining symmetric key techniques that meet the operational
requirements is out-of-scope but the underlying protocol operations
(TLS handshake and signing structures) have sufficient algorithm
agility to support such techniques when defined.</t>
<t>The imprint protocol described here could, however, be used by
non-energy constrained devices joining a non-constrained network (for
instance, smart light bulbs are usually mains powered, and speak
802.11). It could also be used by non-constrained devices across a
non-energy constrained, but challenged network (such as 802.15.4). The
certificate contents, and the process by which the four
questions above are resolved do apply to constrained devices. It is
simply the actual on-the-wire imprint protocol that could be
inappropriate.</t>
</section>
<section title="Network Access Controls">
<t>This document presumes that network access control has either
already occurred, is not required, or is integrated by the proxy
and registrar in such a way that the device itself does not need to
be aware of the details. Although the use of an X.509 Initial
Device Identity is consistent with IEEE 802.1AR <xref
target="IDevID"></xref>, and allows for alignment with 802.1X
network access control methods, its use here is for pledge
authentication rather than network access control. Integrating
this protocol with network access control, perhaps as an
Extensible Authentication Protocol (EAP) method
(see <xref target="RFC3748"></xref>), is out-of-scope.</t>
</section>
<section title="Bootstrapping is not Booting">
<t>This document describes "bootstrapping" as the protocol
used to obtain a local trust anchor. It is expected that this
trust anchor, along with any additional configuration
information subsequently installed, is persisted on the device
across system restarts ("booting"). Bootstrapping occurs only
infrequently such as when a device is transferred to a new
owner or has been reset to factory default settings.</t>
</section>
</section>
<section anchor="PostEnrollment"
title="Leveraging the new key infrastructure / next steps">
<t>
As a result of the protocol described herein, the bootstrapped devices
have the Domain CA trust anchor in common. An end entity certificate has
optionally been issued from the Domain CA. This makes it possible
to securely deploy functionalities across the domain, e.g:<list style="symbols">
<t>Device management.</t>
<t>Routing authentication.</t>
<t>Service discovery.</t>
</list>
</t>
<t>
The major intended benefit is that it possible to use the credentials
deployed by this protocol to secure the Autonomic Control Plane
(ACP) (<xref target="I-D.ietf-anima-autonomic-control-plane" />).
</t>
</section>
<section anchor="ANIrequirements"
title="Requirements for Autonomic Network Infrastructure (ANI) devices">
<t>
The BRSKI protocol can be used in a number of environments. Some of
the options in this document are the result of requirements that
are out of the ANI scope. This section defines the base
requirements for ANI devices.
</t>
<t>
For devices that intend to become part of an Autonomic Network
Infrastructure (ANI)
(<xref target="I-D.ietf-anima-reference-model" />) that includes an
Autonomic Control Plane
(<xref target="I-D.ietf-anima-autonomic-control-plane" />), the
BRSKI protocol MUST be implemented.
</t>
<t>
The pledge must perform discovery of the proxy as described in
<xref target="discovery" /> using Generic Autonomic Signaling
Protocol (GRASP)'s DULL <xref target="I-D.ietf-anima-grasp" />
M_FLOOD announcements.
</t>
<t>
Upon successfully validating a voucher artifact, a status telemetry
MUST be returned. See <xref target="pledgestatus" />.
</t>
<t>
An ANIMA ANI pledge MUST implement the EST automation
extensions described in <xref target="ESTintegration" />.
They supplement the <xref target="RFC7030" /> EST to better
support automated devices that do not have an end user.
</t>
<t>
The ANI Join Registrar Autonomic Service Agent (ASA) MUST support all the BRSKI and above listed
EST operations.
</t>
<t>
All ANI devices SHOULD support the BRSKI proxy function, using
circuit proxies over the ACP. (See <xref target="JRCgrasp" />)
</t>
</section>
</section>
<section title="Architectural Overview">
<t>The logical elements of the bootstrapping framework are described in
this section. <xref target="architecturefigure" /> provides a simplified overview of the components.
</t>
<figure anchor="architecturefigure" title="Architecture Overview">
INSERT_FIG_FROM_FILE component-diagram.txt END
</figure>
<t>We assume a multi-vendor network. In such an environment there could
be a Manufacturer Service for each manufacturer that supports devices following this
document's specification, or an integrator could provide a generic
service authorized by multiple manufacturers. It is unlikely that an
integrator could provide Ownership Tracking services for multiple
manufacturers due to the required sales channel integrations necessary to
track ownership.</t>
<t>The domain is the managed network infrastructure with a Key Infrastructure the pledge is
joining. The domain provides initial device connectivity
sufficient for bootstrapping through a proxy. The domain
registrar authenticates the pledge, makes authorization decisions, and distributes
vouchers obtained from the Manufacturer Service. Optionally the registrar
also acts as a PKI Certification Authority.</t>
<section title="Behavior of a Pledge">
<t>The pledge goes through a series of steps, which are outlined here
at a high level.</t>
<figure anchor="pledgestatusfigure" title="Pledge State Diagram">
<artwork><![CDATA[
------------
/ Factory \
\ default /
-----+------
|
+------v-------+
| (1) Discover |
+------------> |
| +------+-------+
| |
| +------v-------+
| | (2) Identify |
^------------+ |
| rejected +------+-------+
| |
| +------v-------+
| | (3) Request |
| | Join |
| +------+-------+
| |
| +------v-------+
| | (4) Imprint |
^------------+ |
| Bad MASA +------+-------+
| response | send Voucher Status Telemetry
| +------v-------+
| | (5) Enroll |<---+ (non-error HTTP codes )
^------------+ |\___/ (e.g. 202 'Retry-After')
| Enroll +------+-------+
| Failure |
| -----v------
| / Enrolled \
^------------+ |
Factory \------------/
reset
]]></artwork>
</figure>
<t>State descriptions for the pledge are as follows:</t>
<t><list style="numbers">
<t>Discover a communication channel to a registrar.</t>
<t>Identify itself. This is done by presenting an X.509 IDevID
credential to the discovered registrar (via the proxy) in a TLS
handshake. (The registrar credentials are only provisionally
accepted at this time).</t>
<t>Request to join the discovered registrar. A unique nonce is
included ensuring that any responses can be associated with this
particular bootstrapping attempt.</t>
<t>Imprint on the registrar. This requires verification of the
manufacturer-service-provided voucher. A voucher contains sufficient
information for the pledge to complete authentication of a
registrar. This document details this step in depth.
</t>
<t>Enroll. After imprint an authenticated TLS (HTTPS) connection exists
between pledge and registrar.
Enrollment over Secure Transport (EST) <xref
target="RFC7030"></xref> can then be used to obtain a domain
certificate from a registrar.</t>
</list></t>
<t>
The pledge is now a member of, and can be managed by, the
domain and will only repeat the discovery aspects of bootstrapping
if it is returned to factory default settings.
</t>
<t>
This specification details integration with EST enrollment so that pledges can
optionally obtain a locally issued certificate, although any
Representational State Transfer (REST) (see <xref target="REST" />)
interface could be integrated in future work.
</t>
</section>
<section title="Secure Imprinting using Vouchers">
<t>A voucher is a cryptographically protected artifact (using a digital signature) to the pledge
device authorizing a zero-touch imprint on the registrar
domain. </t>
<t>The format and cryptographic mechanism of vouchers is described in
detail in <xref target="RFC8366" />.</t>
<t>Vouchers provide a flexible mechanism to secure imprinting: the
pledge device only imprints when a voucher can be validated.
At the lowest security levels the MASA can indiscriminately issue
vouchers and log claims of ownership by domains. At the highest security
levels issuance of vouchers can be integrated with complex sales channel
integrations that are beyond the scope of this document. The sales
channel integration would verify actual (legal) ownership of the
pledge by the domain.
This
provides the flexibility for a number of use cases via a single
common protocol mechanism on the pledge and registrar devices that
are to be widely deployed in the field. The MASA services have
the flexibility to leverage either the currently defined claim
mechanisms or to experiment with higher or lower security levels.
</t>
<t>
Vouchers provide a signed but non-encrypted communication channel among
the pledge, the MASA, and the registrar. The registrar maintains
control over the transport and policy decisions, allowing the
local security policy of the domain network to be enforced.
</t>
</section>
<section anchor="IDevIDextension" title="Initial Device Identifier">
<t>
Pledge authentication and pledge voucher-request signing is via
a PKIX-shaped certificate installed
during the manufacturing process. This is the 802.1AR Initial
Device Identifier (IDevID), and it
provides a basis for authenticating the pledge during
the protocol exchanges described here.
There is no requirement for a common root PKI hierarchy.
Each device manufacturer can generate its own root certificate.
Specifically, the IDevID enables:
<list style="numbers">
<t>
Uniquely identifying the pledge by the Distinguished Name (DN)
and subjectAltName (SAN) parameters in the IDevID. The
unique identification of a pledge in the voucher objects are derived
from those parameters as described below. <xref
target="idevidprivacy" /> discusses privacy implications of the identifier.
</t>
<t>
Provides a cryptographic authentication of the pledge to the
Registrar (see <xref target="pledgeauthorization" />).
</t>
<t>
Secure auto-discovery of the pledge's MASA by the registrar
(see <xref target="obtainmasaurl" />).
</t>
<t>
Signing of voucher-request by the pledge's IDevID
(see <xref target="voucher-request" />).
</t>
<t>
Provides a cryptographic authentication of the pledge to the
MASA (see <xref target="MASAassertion" />).
</t>
</list>
</t>
<t>
Section 7.2.13 (2009 edition) and section 8.10.3 (2018 edition) of
<xref target="IDevID" /> discusses keyUsage and
extendedKeyUsage extensions in the IDevID certificate.
<xref target="IDevID" /> acknowledges that adding restrictions
in the certificate limits applicability of these long-lived
certificates. This specification emphasizes this point, and
therefore RECOMMENDS that no key usage restrictions be included.
This is consistent with <xref target="RFC5280" /> section 4.2.1.3,
which does not
require key usage restrictions for end entity certificates.
</t>
<section anchor="PledgeIdentification"
title="Identification of the Pledge">
<t>
In the context of BRSKI, pledges have a 1:1 relationship
with a "serial-number".
This serial-number is used both in the "serial-number"
field of voucher or voucher-requests (see <xref target="voucher-request" />)
and in local policies on registrar or MASA
(see <xref target="ProtocolDetails" />).
</t>
<t>
There is a (certificate) serialNumber field is defined in <xref
target="RFC5280" /> section 4.1.2.2. In the ASN.1, this is
referred to as the CertificateSerialNumber. This field is NOT
relevant to this specification. Do not confuse this field with
the "serial-number" defined by this document, or by
<xref target="IDevID" /> and <xref target="RFC4519" /> section
2.31.
</t>
<t>
The device serial number is defined in <xref target="RFC5280" />
section A.1 and A.2 as the X520SerialNumber, with the OID tag
id-at-serialNumber.
</t>
<t>
The device serial number field (X520SerialNumber) is used as
follows by the pledge to build the "serial-number" that is placed
in the voucher-request.
In order to build it, the fields need to be converted into a
serial-number of "type string".
</t>
<t>
An example of a printable form of the "serialNumber" field
is provided in <xref target="RFC4519" /> section 2.31 ("WI-3005").
That section further provides equality and syntax attributes.
</t>
<t>
Due to the reality of existing device identity provisioning
processes, some manufacturers have stored serial-numbers in other
fields. Registrar's SHOULD be configurable, on a per-manufacturer
basis, to look for serial-number equivalents in other fields.
</t>
<t>
As explained in <xref target="RequestVoucherFromMASA" /> the Registrar MUST extract the
serial-number again itself from the pledge's TLS certificate. It
can consult the serial-number in the pledge-request if there are
any possible confusion about the source of the serial-number.
</t>
</section>
<section anchor="MASAURL"
title="MASA URI extension">
<t>
This document defines a new PKIX non-critical certificate
extension to carry the MASA URI.
This extension is intended to be used in the IDevID certificate.
The URI is represented as described in Section 7.4 of <xref target="RFC5280" />.
</t>
<t>
The URI provides the authority information.
The BRSKI "/.well-known" tree (<xref target="RFC5785" />) is
described in <xref target="ProtocolDetails"></xref>.
</t>
<t>
A complete URI MAY be in this extension, including the 'scheme', 'authority', and 'path',
The complete URI will typically be used in diagnostic or
experimental situations.
Typically, (and in consideration to constrained systems), this
SHOULD be reduced to only the 'authority', in which
case a scheme of "https://"
(<xref target="RFC7230" /> section 2.7.3)
and 'path' of "/.well-known/brski" is to be
assumed.
</t>
<t>
The registrar can assume that only the 'authority' is present in
the extension, if there are no slash ("/") characters in the
extension.
</t>
<t>
Section 7.4 of <xref target="RFC5280" /> calls out various
schemes that MUST be supported, including LDAP, HTTP and FTP.
However, the registrar MUST use HTTPS for the BRSKI-MASA connection.
</t>
<t>The new extension is identified as follows:</t>
<figure anchor="masaurlmodule" title="MASAURL ASN.1 Module">
<artwork><![CDATA[
<CODE BEGINS>
MASAURLExtnModule-2016 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-mod-MASAURLExtn2016(TBD) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
-- EXPORTS ALL --
IMPORTS
EXTENSION
FROM PKIX-CommonTypes-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkixCommon-02(57) }
id-pe FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-explicit-02(51) } ;
MASACertExtensions EXTENSION ::= { ext-MASAURL, ... }
ext-MASAURL EXTENSION ::= { SYNTAX MASAURLSyntax
IDENTIFIED BY id-pe-masa-url }
id-pe-masa-url OBJECT IDENTIFIER ::= { id-pe TBD }
MASAURLSyntax ::= IA5String
END
<CODE ENDS>
]]></artwork>
</figure>
<t>The choice of id-pe is based on guidance found in Section 4.2.2 of
[RFC5280], "These extensions may be used to direct applications to on-line
information about the issuer or the subject". The MASA URL is precisely
that: online information about the particular subject. </t>
</section>
</section>
<section anchor="flow" title="Protocol Flow">
<t>A representative flow is shown in
<xref target="protocoltimesequencefigure" /></t>
<figure anchor="protocoltimesequencefigure" title="Protocol Time Sequence Diagram">
INSERT_FIG_FROM_FILE time-sequence-diagram.txt END
</figure>
<t>
On initial bootstrap, a new device (the pledge) uses a local service
autodiscovery (GRASP or mDNS) to locate a join proxy. The
join proxy connects the pledge to a local registrar (the JRC).
</t>
<t>
Having found a candidate registrar, the fledgling pledge sends
some information about itself to the registrar, including its
serial number in the form of a voucher request and its device identity
certificate (IDevID) as part of the TLS session.
</t>
<t>
The registrar can determine whether it expected such a device to
appear, and locates a MASA. The location of the MASA is usually found in
an extension in the IDevID. Having determined that the MASA is
suitable, the entire information from the initial voucher request
(including device serial number) is transmitted over the internet in a
TLS protected channel to the manufacturer, along with information about
the registrar/owner.
</t>
<t>
The manufacturer can then apply policy based on the provided
information, as well as other sources of information (such as sales
records), to decide whether
to approve the claim by the registrar to own the device; if the claim
is accepted, a voucher is issued that directs the device to accept its
new owner.
</t>
<t>
The voucher is returned to the registrar, but not immediately to
the device -- the registrar has an opportunity to examine the
voucher, the MASA's audit-logs, and other sources of information to
determine whether the device has been tampered with, and whether
the bootstrap should be accepted.
</t>
<t>
No filtering of information is possible in the signed voucher, so
this is a binary yes-or-no decision. If the registrar accepts
the voucher as a proper one for its device, the voucher is returned
to the pledge for imprinting.
</t>
<t>
The voucher also includes a trust anchor that the pledge uses as
representing the owner. This is used to successfully bootstrap from an environment
where only the manufacturer has built-in trust by the
device into an environment where the owner now has a PKI footprint on the
device.
</t>
<t>
When BRSKI is followed with EST this single footprint is further
leveraged into the full owner's PKI and a LDevID for the
device. Subsequent reporting steps provide flows of information to
indicate success/failure of the process.
</t>
</section>
<section title="Architectural Components">
<section anchor="pledge-overview" title="Pledge">
<t>
The pledge is the device that is attempting to join.
The pledge is assumed to talk to the Join Proxy using link-local network
connectivity. In most cases, the pledge has no other
connectivity until the pledge completes the enrollment process
and receives some kind of network credential.