Minerva is built upon the IETF ANIMA WG specifications.
The following documents detail how things work together.
is the primary BRSKI specification. More details at https://brski.org/
Please see Terminology and [Protocol flow from BRSKI)[https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-08#section-2.4] for an explanation of the terms MASA, JRC, and Pledge. (XXX - UPDATE to RFC8995)
The Manufacturer creates new devices and places IDevID certificates into the devices at production time.
IDevID certificates are defined in IEEE 802.1AR.
BRSKI provides a bit more detail as to which IDevID options, and provides for a URL to be included for the MASA service.
The Domain owner runs the Join Registrar/Coordinator (JRC) function.
In the ANIMA context, the Registrar also provides input to the Distinguished name that the Pledge uses.
The pledge is the new device which is attempting to join an existing network.
The operation of the pledge is described in BRSKI.
Once the pledge trusts the registrar and the registrar trusts the pledge, then the pledge enrolls a certificate using EST. This is done within the TLS connection that was used for imprinting.
Once enrolled the Pledge operates as a regular node, and in an ISP context, it will create one or more tunnels to adjacent nodes in the same domain.
This process is described in the Autonomic Control Plane document, which will be