RFC8995: Bootstrapping Remote Secure Key Infrastructure

The document RFC8995 was published by the RFC-editor on May 28, 2021. It is the result of numerous reviews from 2016 to 2020. It was approved by the IETF’s IESG in April 2020, but it had to wait in the RFC-editor Q due to normative references to other documents, such as RFC8994.

More information about this and other implementations of BRSKI can be found at brski.org (or rfc8995.org)

There are currently five extension documents:

BRSKI Cloud Registrar

BRSKI Cloud Registrar deals with cases where a device is being deployed into an environment where there is no local bootstrapping support. It deals primarily with application onboarding where physical connectivity is provided by a wire, or perhaps via another wifi onboarding protocol.

BRSKI Asynchronous Enrollment

Support of asynchronous Enrollment in BRSKI (BRSKI-AE) deals with disconnected uses of BRSKI, such as when the device to be enrolled has no network at all. This also describes use of CMP rather than EST for enrollment.

Constrained Voucher and Constrained BRSKI

Constrained Voucher Artifacts for Bootstrapping Protocols deals with BRSKI on constrained devices and using challenged networks. It uses COAPS (CoAP over DTLS) for transport, and COSE signed CBOR for voucher formats.

Constrained Join Proxy for Bootstrapping Protocols

Constrained Join Proxy for Bootstrapping Protocols supports Constrained-Voucher for the DTLS case.

JOSE signed Voucher Artifacts for Bootstrapping Protocols

JOSE signed Voucher Artifacts for Bootstrapping Protocols proposes a new voucher format that uses only JOSE rather than CMS.

Autonomic Control Plane challenges for Layer-Two Switched Networks

Autonomic Control Plane challenges for Layer-Two Switched Networks deals with the problem of how to best do ACP discovery and transport in L2 networks.