-
Notifications
You must be signed in to change notification settings - Fork 5
/
dtbootstrap-anima-keyinfra-22.txt
5432 lines (3910 loc) · 226 KB
/
dtbootstrap-anima-keyinfra-22.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ANIMA WG M. Pritikin
Internet-Draft Cisco
Intended status: Standards Track M. Richardson
Expires: December 19, 2019 Sandelman
M. Behringer
S. Bjarnason
Arbor Networks
K. Watsen
Watsen Networks
June 17, 2019
Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-22
Abstract
This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a remote secure key infrastructure (BRSKI)
is created using manufacturer installed X.509 certificate, in
combination with a manufacturer's authorizing service, both online
and offline. Bootstrapping a new device can occur using a routable
address and a cloud service, or using only link-local connectivity,
or on limited/disconnected networks. Support for lower security
models, including devices with minimal identity, is described for
legacy reasons but not encouraged. Bootstrapping is complete when
the cryptographic identity of the new key infrastructure is
successfully deployed to the device but the established secure
connection can be used to deploy a locally issued certificate to the
device as well.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 19, 2019.
Pritikin, et al. Expires December 19, 2019 [Page 1]
Internet-Draft BRSKI June 2019
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Prior Bootstrapping Approaches . . . . . . . . . . . . . 6
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 7
1.3. Scope of solution . . . . . . . . . . . . . . . . . . . . 10
1.3.1. Support environment . . . . . . . . . . . . . . . . . 10
1.3.2. Constrained environments . . . . . . . . . . . . . . 10
1.3.3. Network Access Controls . . . . . . . . . . . . . . . 11
1.3.4. Bootstrapping is not Booting . . . . . . . . . . . . 11
1.4. Leveraging the new key infrastructure / next steps . . . 11
1.5. Requirements for Autonomic Network Infrastructure (ANI)
devices . . . . . . . . . . . . . . . . . . . . . . . . . 12
2. Architectural Overview . . . . . . . . . . . . . . . . . . . 12
2.1. Behavior of a Pledge . . . . . . . . . . . . . . . . . . 14
2.2. Secure Imprinting using Vouchers . . . . . . . . . . . . 15
2.3. Initial Device Identifier . . . . . . . . . . . . . . . . 16
2.3.1. Identification of the Pledge . . . . . . . . . . . . 16
2.3.2. MASA URI extension . . . . . . . . . . . . . . . . . 17
2.4. Protocol Flow . . . . . . . . . . . . . . . . . . . . . . 19
2.5. Architectural Components . . . . . . . . . . . . . . . . 21
2.5.1. Pledge . . . . . . . . . . . . . . . . . . . . . . . 21
2.5.2. Join Proxy . . . . . . . . . . . . . . . . . . . . . 21
2.5.3. Domain Registrar . . . . . . . . . . . . . . . . . . 21
2.5.4. Manufacturer Service . . . . . . . . . . . . . . . . 21
2.5.5. Public Key Infrastructure (PKI) . . . . . . . . . . . 21
2.6. Certificate Time Validation . . . . . . . . . . . . . . . 22
2.6.1. Lack of realtime clock . . . . . . . . . . . . . . . 22
2.6.2. Infinite Lifetime of IDevID . . . . . . . . . . . . . 22
2.7. Cloud Registrar . . . . . . . . . . . . . . . . . . . . . 22
2.8. Determining the MASA to contact . . . . . . . . . . . . . 23
3. Voucher-Request artifact . . . . . . . . . . . . . . . . . . 23
3.1. Nonceless Voucher Requests . . . . . . . . . . . . . . . 24
Pritikin, et al. Expires December 19, 2019 [Page 2]
Internet-Draft BRSKI June 2019
3.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 24
3.3. Examples . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 26
4. Proxying details (Pledge - Proxy - Registrar) . . . . . . . . 29
4.1. Pledge discovery of Proxy . . . . . . . . . . . . . . . . 30
4.1.1. Proxy GRASP announcements . . . . . . . . . . . . . . 32
4.2. CoAP connection to Registrar . . . . . . . . . . . . . . 33
4.3. Proxy discovery and communication of Registrar . . . . . 33
5. Protocol Details (Pledge - Registrar - MASA) . . . . . . . . 34
5.1. BRSKI-EST TLS establishment details . . . . . . . . . . . 36
5.2. Pledge Requests Voucher from the Registrar . . . . . . . 36
5.3. Registrar Authorization of
Pledge . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.4. BRSKI-MASA TLS establishment details . . . . . . . . . . 38
5.5. Registrar Requests Voucher from MASA . . . . . . . . . . 39
5.5.1. MASA renewal of expired vouchers . . . . . . . . . . 40
5.5.2. MASA verification of voucher-request signature
consistency . . . . . . . . . . . . . . . . . . . . . 41
5.5.3. MASA authentication of registrar (certificate) . . . 41
5.5.4. MASA revocation checking of registrar (certificate) . 41
5.5.5. MASA verification of pledge prior-signed-voucher-
request . . . . . . . . . . . . . . . . . . . . . . . 41
5.5.6. MASA pinning of registrar . . . . . . . . . . . . . . 42
5.5.7. MASA nonce handling . . . . . . . . . . . . . . . . . 42
5.6. MASA and Registrar Voucher Response . . . . . . . . . . . 42
5.6.1. Pledge voucher verification . . . . . . . . . . . . . 45
5.6.2. Pledge authentication of provisional TLS connection . 45
5.7. Pledge BRSKI Status Telemetry . . . . . . . . . . . . . . 46
5.8. Registrar audit log request . . . . . . . . . . . . . . . 47
5.8.1. MASA audit log response . . . . . . . . . . . . . . . 48
5.8.2. Registrar audit log verification . . . . . . . . . . 49
5.9. EST Integration for PKI bootstrapping . . . . . . . . . . 50
5.9.1. EST Distribution of CA Certificates . . . . . . . . . 51
5.9.2. EST CSR Attributes . . . . . . . . . . . . . . . . . 51
5.9.3. EST Client Certificate Request . . . . . . . . . . . 52
5.9.4. Enrollment Status Telemetry . . . . . . . . . . . . . 52
5.9.5. Multiple certificates . . . . . . . . . . . . . . . . 53
5.9.6. EST over CoAP . . . . . . . . . . . . . . . . . . . . 53
6. Clarification of transfer-encoding . . . . . . . . . . . . . 54
7. Reduced security operational modes . . . . . . . . . . . . . 54
7.1. Trust Model . . . . . . . . . . . . . . . . . . . . . . . 54
7.2. Pledge security reductions . . . . . . . . . . . . . . . 55
7.3. Registrar security reductions . . . . . . . . . . . . . . 56
7.4. MASA security reductions . . . . . . . . . . . . . . . . 57
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57
8.1. Well-known EST registration . . . . . . . . . . . . . . . 58
8.2. PKIX Registry . . . . . . . . . . . . . . . . . . . . . . 58
8.3. Pledge BRSKI Status Telemetry . . . . . . . . . . . . . . 58
Pritikin, et al. Expires December 19, 2019 [Page 3]
Internet-Draft BRSKI June 2019
8.4. DNS Service Names . . . . . . . . . . . . . . . . . . . . 58
8.5. MUD File Extension for the MASA . . . . . . . . . . . . . 59
9. Applicability to the Autonomic
Control Plane . . . . . . . . . . . . . . . . . . . . . . . . 59
10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 60
10.1. MASA audit log . . . . . . . . . . . . . . . . . . . . . 60
10.2. What BRSKI-MASA reveals to the manufacturer . . . . . . 61
10.3. Manufacturers and Used or Stolen Equipment . . . . . . . 62
10.4. Manufacturers and Grey market equipment . . . . . . . . 63
10.5. Some mitigations for meddling by manufacturers . . . . . 64
11. Security Considerations . . . . . . . . . . . . . . . . . . . 65
11.1. DoS against MASA . . . . . . . . . . . . . . . . . . . . 66
11.2. Freshness in Voucher-Requests . . . . . . . . . . . . . 67
11.3. Trusting manufacturers . . . . . . . . . . . . . . . . . 68
11.4. Manufacturer Maintainance of trust anchors . . . . . . . 69
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 70
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 70
13.1. Normative References . . . . . . . . . . . . . . . . . . 70
13.2. Informative References . . . . . . . . . . . . . . . . . 73
Appendix A. IPv4 and non-ANI operations . . . . . . . . . . . . 76
A.1. IPv4 Link Local addresses . . . . . . . . . . . . . . . . 76
A.2. Use of DHCPv4 . . . . . . . . . . . . . . . . . . . . . . 77
Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 77
Appendix C. MUD Extension . . . . . . . . . . . . . . . . . . . 78
Appendix D. Example Vouchers . . . . . . . . . . . . . . . . . . 80
D.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 80
D.1.1. MASA key pair for voucher signatures . . . . . . . . 80
D.1.2. Manufacturer key pair for IDevID signatures . . . . . 80
D.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 81
D.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 83
D.2. Example process . . . . . . . . . . . . . . . . . . . . . 84
D.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 84
D.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 88
D.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 93
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 97
1. Introduction
BRSKI provides a solution for secure zero-touch (automated) bootstrap
of new (unconfigured) devices that are called pledges in this
document.
This document primarily provides for the needs of the ISP and
Enterprise focused ANIMA Autonomic Control Plane (ACP)
[I-D.ietf-anima-autonomic-control-plane]. Other users of the BRSKI
protocol will need to provide separate applicability statements that
include privacy and security considerations appropriate to that
Pritikin, et al. Expires December 19, 2019 [Page 4]
Internet-Draft BRSKI June 2019
deployment. Section Section 9 explains the details applicability for
this the ACP usage.
This document describes how pledges discover (or be discovered by) an
element of the network domain to which the pledge belongs to perform
the bootstrap. This element (device) is called the registrar.
Before any other operation, pledge and registrar need to establish
mutual trust:
1. Registrar authenticating the pledge: "Who is this device? What
is its identity?"
2. Registrar authorizing the pledge: "Is it mine? Do I want it?
What are the chances it has been compromised?"
3. Pledge authenticating the registrar: "What is this registrar's
identity?"
4. Pledge authorizing the registrar: "Should I join it?"
This document details protocols and messages to answer the above
questions. It uses a TLS connection and an PKIX (X.509v3)
certificate (an IEEE 802.1AR [IDevID] LDevID) of the pledge to answer
points 1 and 2. It uses a new artifact called a "voucher" that the
registrar receives from a "Manufacturer Authorized Signing Authority"
and passes to the pledge to answer points 3 and 4.
A proxy provides very limited connectivity between the pledge and the
registrar.
The syntactic details of vouchers are described in detail in
[RFC8366]. This document details automated protocol mechanisms to
obtain vouchers, including the definition of a 'voucher-request'
message that is a minor extension to the voucher format (see
Section 3) defined by [RFC8366].
BRSKI results in the pledge storing an X.509 root certificate
sufficient for verifying the registrar identity. In the process a
TLS connection is established that can be directly used for
Enrollment over Secure Transport (EST). In effect BRSKI provides an
automated mechanism for the "Bootstrap Distribution of CA
Certificates" described in [RFC7030] Section 4.1.1 wherein the pledge
"MUST [...] engage a human user to authorize the CA certificate using
out-of-band" information". With BRSKI the pledge now can automate
this process using the voucher. Integration with a complete EST
enrollment is optional but trivial.
Pritikin, et al. Expires December 19, 2019 [Page 5]
Internet-Draft BRSKI June 2019
BRSKI is agile enough to support bootstrapping alternative key
infrastructures, such as a symmetric key solutions, but no such
system is described in this document.
1.1. Prior Bootstrapping Approaches
To literally "pull yourself up by the bootstraps" is an impossible
action. Similarly the secure establishment of a key infrastructure
without external help is also an impossibility. Today it is commonly
accepted that the initial connections between nodes are insecure,
until key distribution is complete, or that domain-specific keying
material (often pre-shared keys, including mechanisms like SIM cards)
is pre-provisioned on each new device in a costly and non-scalable
manner. Existing automated mechanisms are known as non-secured
'Trust on First Use' (TOFU) [RFC7435], 'resurrecting duckling'
[Stajano99theresurrecting] or 'pre-staging'.
Another prior approach has been to try and minimize user actions
during bootstrapping, but not eliminate all user-actions. The
original EST protocol [RFC7030] does reduce user actions during
bootstrap but does not provide solutions for how the following
protocol steps can be made autonomic (not involving user actions):
o using the Implicit Trust Anchor [RFC7030] database to authenticate
an owner specific service (not an autonomic solution because the
URL must be securely distributed),
o engaging a human user to authorize the CA certificate using out-
of-band data (not an autonomic solution because the human user is
involved),
o using a configured Explicit TA database (not an autonomic solution
because the distribution of an explicit TA database is not
autonomic),
o and using a Certificate-Less TLS mutual authentication method (not
an autonomic solution because the distribution of symmetric key
material is not autonomic).
These "touch" methods do not meet the requirements for zero-touch.
There are "call home" technologies where the pledge first establishes
a connection to a well known manufacturer service using a common
client-server authentication model. After mutual authentication,
appropriate credentials to authenticate the target domain are
transfered to the pledge. This creates serveral problems and
limitations:
Pritikin, et al. Expires December 19, 2019 [Page 6]
Internet-Draft BRSKI June 2019
o the pledge requires realtime connectivity to the manufacturer
service,
o the domain identity is exposed to the manufacturer service (this
is a privacy concern),
o the manufacturer is responsible for making the authorization
decisions (this is a liability concern),
BRSKI addresses these issues by defining extensions to the EST
protocol for the automated distribution of vouchers.
1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
The following terms are defined for clarity:
domainID: The domain IDentity is the 160-bit SHA-1 hash of the BIT
STRING of the subjectPublicKey of the pinned-domain-cert leaf,
i.e. the Registrars' certificate. This is consistent with the
subject key identifier (Section 4.2.1.2 [RFC5280]).
drop ship: The physical distribution of equipment containing the
"factory default" configuration to a final destination. In zero-
touch scenarios there is no staging or pre-configuration during
drop-ship.
imprint: The process where a device obtains the cryptographic key
material to identify and trust future interactions with a network.
This term is taken from Konrad Lorenz's work in biology with new
ducklings: during a critical period, the duckling would assume
that anything that looks like a mother duck is in fact their
mother. An equivalent for a device is to obtain the fingerprint
of the network's root certification authority certificate. A
device that imprints on an attacker suffers a similar fate to a
duckling that imprints on a hungry wolf. Securely imprinting is a
primary focus of this document [imprinting]. The analogy to
Lorenz's work was first noted in [Stajano99theresurrecting].
enrollment: The process where a device presents key material to a
network and acquires a network specific identity. For example
when a certificate signing request is presented to a certification
authority and a certificate is obtained in response.
Pritikin, et al. Expires December 19, 2019 [Page 7]
Internet-Draft BRSKI June 2019
Pledge: The prospective device, which has an identity installed at
the factory.
Voucher: A signed artifact from the MASA that indicates to a pledge
the cryptographic identity of the registrar it should trust.
There are different types of vouchers depending on how that trust
is asserted. Multiple voucher types are defined in [RFC8366]
Domain: The set of entities that share a common local trust anchor.
This includes the proxy, registrar, Domain Certificate Authority,
Management components and any existing entity that is already a
member of the domain.
Domain CA: The domain Certification Authority (CA) provides
certification functionalities to the domain. At a minimum it
provides certification functionalities to a registrar and manages
the private key that defines the domain. Optionally, it certifies
all elements.
Join Registrar (and Coordinator): A representative of the domain
that is configured, perhaps autonomically, to decide whether a new
device is allowed to join the domain. The administrator of the
domain interfaces with a "join registrar (and coordinator)" to
control this process. Typically a join registrar is "inside" its
domain. For simplicity this document often refers to this as just
"registrar". Within [I-D.ietf-anima-reference-model] this is
refered to as the "join registrar autonomic service agent". Other
communities use the abbreviation "JRC".
(Public) Key Infrastructure: The collection of systems and processes
that sustain the activities of a public key system. The registrar
acts as an [RFC5280] and [RFC5272] (see section 7) "Registration
Authority".
Join Proxy: A domain entity that helps the pledge join the domain.
A join proxy facilitates communication for devices that find
themselves in an environment where they are not provided
connectivity until after they are validated as members of the
domain. For simplicity this document sometimes uses the term of
'proxy' to indicate the join proxy. The pledge is unaware that
they are communicating with a proxy rather than directly with a
registrar.
Circuit Proxy: A stateful implementation of the join proxy. This is
the assumed type of proxy.
IPIP Proxy: A stateless proxy alternative.
Pritikin, et al. Expires December 19, 2019 [Page 8]
Internet-Draft BRSKI June 2019
MASA Service: A third-party Manufacturer Authorized Signing
Authority (MASA) service on the global Internet. The MASA signs
vouchers. It also provides a repository for audit log information
of privacy protected bootstrapping events. It does not track
ownership.
Ownership Tracker: An Ownership Tracker service on the global
internet. The Ownership Tracker uses business processes to
accurately track ownership of all devices shipped against domains
that have purchased them. Although optional, this component
allows vendors to provide additional value in cases where their
sales and distribution channels allow for accurately tracking of
such ownership. Ownership tracking information is indicated in
vouchers as described in [RFC8366]
IDevID: An Initial Device Identity X.509 certificate installed by
the vendor on new equipment.
TOFU: Trust on First Use. Used similarly to [RFC7435]. This is
where a pledge device makes no security decisions but rather
simply trusts the first registrar it is contacted by. This is
also known as the "resurrecting duckling" model.
nonced: a voucher (or request) that contains a nonce (the normal
case).
nonceless: a voucher (or request) that does not contain a nonce,
relying upon accurate clocks for expiration, or which does not
expire.
manufacturer: the term manufacturer is used throughout this document
to be the entity that created the device. This is typically the
"original equipment manufacturer" or OEM, but in more complex
situations it could be a "value added retailer" (VAR), or possibly
even a systems integrator. In general, it a goal of BRSKI to
eliminate small distinctions between different sales channels.
The reason for this is that it permits a single device, with a
uniform firmware load, to be shipped directly to all customers.
This eliminates costs for the manufacturer. This also reduces the
number of products supported in the field increasing the chance
that firmware will be more up to date.
ANI: The Autonomic Network Infrastructure as defined by
[I-D.ietf-anima-reference-model]. This document details specific
requirements for pledges, proxies and registrars when they are
part of an ANI.
Pritikin, et al. Expires December 19, 2019 [Page 9]
Internet-Draft BRSKI June 2019
offline: When an architectural component cannot perform realtime
communications with a peer, either due to network connectivity or
because the peer is turned off, the operation is said to be
occurring offline.
1.3. Scope of solution
1.3.1. Support environment
This solution (BRSKI) can support large router platforms with multi-
gigabit inter-connections, mounted in controlled access data centers.
But this solution is not exclusive to large equipment: it is intended
to scale to thousands of devices located in hostile environments,
such as ISP provided CPE devices which are drop-shipped to the end
user. The situation where an order is fulfilled from distributed
warehouse from a common stock and shipped directly to the target
location at the request of a domain owner is explicitly supported.
That stock ("SKU") could be provided to a number of potential domain
owners, and the eventual domain owner will not know a-priori which
device will go to which location.
The bootstrapping process can take minutes to complete depending on
the network infrastructure and device processing speed. The network
communication itself is not optimized for speed; for privacy reasons,
the discovery process allows for the pledge to avoid announcing its
presence through broadcasting.
Nomadic or mobile devices often need to aquire credentials to access
the network at the new location. An example of this is mobile phone
roaming among network operators, or even between cell towers. This
is usually called handoff. BRSKI does not provide a low-latency
handoff which is usually a requirement in such situations. For these
solutions BRSKI can be used to create a relationship (an LDevID) with
the "home" domain owner. The resulting credentials are then used to
provide credentials more appropriate for a low-latency handoff.
1.3.2. Constrained environments
Questions have been posed as to whether this solution is suitable in
general for Internet of Things (IoT) networks. This depends on the
capabilities of the devices in question. The terminology of
[RFC7228] is best used to describe the boundaries.
The solution described in this document is aimed in general at non-
constrained (i.e., class 2+) devices operating on a non-Challenged
network. The entire solution as described here is not intended to be
useable as-is by constrained devices operating on challenged networks
(such as 802.15.4 LLNs).
Pritikin, et al. Expires December 19, 2019 [Page 10]
Internet-Draft BRSKI June 2019
Specifically, there are protocol aspects described here that might
result in congestion collapse or energy-exhaustion of intermediate
battery powered routers in an LLN. Those types of networks SHOULD
NOT use this solution. These limitations are predominately related
to the large credential and key sizes required for device
authentication. Defining symmetric key techniques that meet the
operational requirements is out-of-scope but the underlying protocol
operations (TLS handshake and signing structures) have sufficient
algorithm agility to support such techniques when defined.
The imprint protocol described here could, however, be used by non-
energy constrained devices joining a non-constrained network (for
instance, smart light bulbs are usually mains powered, and speak
802.11). It could also be used by non-constrained devices across a
non-energy constrained, but challenged network (such as 802.15.4).
The certificate contents, and the process by which the four questions
above are resolved do apply to constrained devices. It is simply the
actual on-the-wire imprint protocol that could be inappropriate.
1.3.3. Network Access Controls
This document presumes that network access control has either already
occurred, is not required, or is integrated by the proxy and
registrar in such a way that the device itself does not need to be
aware of the details. Although the use of an X.509 Initial Device
Identity is consistant with IEEE 802.1AR [IDevID], and allows for
alignment with 802.1X network access control methods, its use here is
for pledge authentication rather than network access control.
Integrating this protocol with network access control, perhaps as an
Extensible Authentication Protocol (EAP) method (see [RFC3748]), is
out-of-scope.
1.3.4. Bootstrapping is not Booting
This document describes "bootstrapping" as the protocol used to
obtain a local trust anchor. It is expected that this trust anchor,
along with any additional configuration information subsequently
installed, is persisted on the device across system restarts
("booting"). Bootstrapping occurs only infrequently such as when a
device is transfered to a new owner or has been reset to factory
default settings.
1.4. Leveraging the new key infrastructure / next steps
As a result of the protocol described herein, the bootstrapped
devices have the Domain CA trust anchor in common. An end entity
certificate has optionally been issued from the Domain CA. This
Pritikin, et al. Expires December 19, 2019 [Page 11]
Internet-Draft BRSKI June 2019
makes it possible to securely deploy functionalities across the
domain, e.g:
o Device management.
o Routing authentication.
o Service discovery.
The major beneficiary is that it possible to use the credentials
deployed by this protocol to secure the Autonomic Control Plane (ACP)
([I-D.ietf-anima-autonomic-control-plane]).
1.5. Requirements for Autonomic Network Infrastructure (ANI) devices
The BRSKI protocol can be used in a number of environments. Some of
the options in this document is the result of requirements that are
out of the ANI scope. This section defines the base requirements for
ANI devices.
For devices that intend to become part of an Autonomic Network
Infrastructure (ANI) ([I-D.ietf-anima-reference-model]) that includes
an Autonomic Control Plane
([I-D.ietf-anima-autonomic-control-plane]), the BRSKI protocol MUST
be implemented.
The pledge must perform discovery of the proxy as described in
Section 4.1 using GRASP M_FLOOD announcements.
Upon successfully validating a voucher artiface, a status telemetry
MUST be returned. See Section 5.7.
An ANIMA ANI pledge MUST implement the EST automation extensions
described in Section 5.9. They supplement the [RFC7030] EST to
better support automated devices that do not have an end user.
The ANI Join Registrar ASA MUST support all the BRSKI and above
listed EST operations.
All ANI devices SHOULD support the BRSKI proxy function, using
circuit proxies over the ACP. (See Section 4.3)
2. Architectural Overview
The logical elements of the bootstrapping framework are described in
this section. Figure 1 provides a simplified overview of the
components.
Pritikin, et al. Expires December 19, 2019 [Page 12]
Internet-Draft BRSKI June 2019
+------------------------+
+--------------Drop Ship--------------->| Vendor Service |
| +------------------------+
| | M anufacturer| |
| | A uthorized |Ownership|
| | S igning |Tracker |
| | A uthority | |
| +--------------+---------+
| ^
| | BRSKI-
V | MASA
+-------+ ............................................|...
| | . | .
| | . +------------+ +-----------+ | .
| | . | | | | | .
|Pledge | . | Join | | Domain <-------+ .
| | . | Proxy | | Registrar | .
| <-------->............<-------> (PKI RA) | .
| | | BRSKI-EST | | .
| | . | | +-----+-----+ .
|IDevID | . +------------+ | e.g. RFC7030 .
| | . +-----------------+----------+ .
| | . | Key Infrastructure | .
| | . | (e.g., PKI Certificate | .
+-------+ . | Authority) | .
. +----------------------------+ .
. .
................................................
"Domain" components
Figure 1
We assume a multi-vendor network. In such an environment there could
be a Manufacturer Service for each manufacturer that supports devices
following this document's specification, or an integrator could
provide a generic service authorized by multiple manufacturers. It
is unlikely that an integrator could provide Ownership Tracking
services for multiple manufacturers due to the required sales channel
integrations necessary to track ownership.
The domain is the managed network infrastructure with a Key
Infrastructure the pledge is joining. The domain provides initial
device connectivity sufficient for bootstrapping through a proxy.
The domain registrar authenticates the pledge, makes authorization
decisions, and distributes vouchers obtained from the Manufacturer
Service. Optionally the registrar also acts as a PKI Registration
Authority.
Pritikin, et al. Expires December 19, 2019 [Page 13]
Internet-Draft BRSKI June 2019
2.1. Behavior of a Pledge
The pledge goes through a series of steps, which are outlined here at
a high level.
------------
/ Factory \
\ default /
-----+------
|
+------v-------+
| (1) Discover |
+------------> |
| +------+-------+
| |
| +------v-------+
| | (2) Identity |
^------------+ |
| rejected +------+-------+
| |
| +------v-------+
| | (3) Request |
| | Join |
| +------+-------+
| |
| +------v-------+
| | (4) Imprint |
^------------+ |
| Bad MASA +------+-------+
| response | send Voucher Status Telemetry
| +------v-------+
| | (5) Enroll |<---+ (non-error HTTP codes )
^------------+ |\___/ (e.g. 201 'Retry-After')
| Enroll +------+-------+
| Failure |
| -----v------
| / Enrolled \
^------------+ |
Factory \------------/
reset
Figure 2: pledge state diagram
State descriptions for the pledge are as follows:
1. Discover a communication channel to a registrar.
Pritikin, et al. Expires December 19, 2019 [Page 14]
Internet-Draft BRSKI June 2019
2. Identify itself. This is done by presenting an X.509 IDevID
credential to the discovered registrar (via the proxy) in a TLS
handshake. (The registrar credentials are only provisionally
accepted at this time).
3. Request to join the discovered registrar. A unique nonce is
included ensuring that any responses can be associated with this
particular bootstrapping attempt.
4. Imprint on the registrar. This requires verification of the
manufacturer service provided voucher. A voucher contains
sufficient information for the pledge to complete authentication
of a registrar. This document details this step in depth.
5. Enroll. After imprint an authenticated TLS (HTTPS) connection
exists between pledge and registrar. Enrollment over Secure
Transport (EST) [RFC7030] is then used to obtain a domain
certificate from a registrar.
The pledge is now a member of, and can be managed by, the domain and
will only repeat the discovery aspects of bootstrapping if it is
returned to factory default settings.
This specification details integration with EST enrollment so that
pledges can optionally obtain a locally issued certificate, although
any REST interface could be integrated in future work.
2.2. Secure Imprinting using Vouchers
A voucher is a cryptographically protected artifact (a digital
signature) to the pledge device authorizing a zero-touch imprint on
the registrar domain.
The format and cryptographic mechanism of vouchers is described in
detail in [RFC8366].
Vouchers provide a flexible mechanism to secure imprinting: the
pledge device only imprints when a voucher can be validated. At the
lowest security levels the MASA can indiscriminately issue vouchers
and log claims of ownership by domains. At the highest security
levels issuance of vouchers can be integrated with complex sales
channel integrations that are beyond the scope of this document. The
sales channel integration would verify actual (legal) ownership of
the pledge by the domain. This provides the flexibility for a number
of use cases via a single common protocol mechanism on the pledge and
registrar devices that are to be widely deployed in the field. The
MASA services have the flexibility to leverage either the currently
Pritikin, et al. Expires December 19, 2019 [Page 15]
Internet-Draft BRSKI June 2019
defined claim mechanisms or to experiment with higher or lower
security levels.
Vouchers provide a signed but non-encrypted communication channel
among the pledge, the MASA, and the registrar. The registrar
maintains control over the transport and policy decisions allowing
the local security policy of the domain network to be enforced.
2.3. Initial Device Identifier
Pledge authentication and pledge voucher-request signing is via a
PKIX certificate installed during the manufacturing process. This is
the 802.1AR Initial Device Identifier (IDevID), and it provides a
basis for authenticating the pledge during the protocol exchanges
described here. There is no requirement for a common root PKI
hierarchy. Each device manufacturer can generate its own root
certificate. Specifically, the IDevID enables:
1. Uniquely identifying the pledge by the Distinguished Name (DN)
and subjectAltName (SAN) parameters in the IDevID. The unique
identification of a pledge in the voucher objects are derived
from those parameters as described below.
2. Provides a cryptographic authentication of the pledge to the
Registrar (see Section 5.3).
3. Secure auto-discovery of the pledge's MASA by the registrar (see
Section 2.8).
4. Signing of voucher-request by the pledge's IDevID (see
Section 3).
5. Provides a cryptographic authentication of the pledge to the MASA
(see Section 5.5.5).
Section 7.2.13 of [IDevID] discusses keyUsage and extendedKeyUsage
extensions in the IDevID certificate. Any restrictions included
reduce the utility of the IDevID and so this specification RECOMMENDS
that no key usage restrictions be included. Additionally, [RFC5280]
section 4.2.1.3 does not require key usage restrictions for end
entity certificates.
2.3.1. Identification of the Pledge
In the context of BRSKI, pledges are uniquely identified by a
"serial-number". This serial-number is used both in the "serial-
number" field of voucher or voucher-requests (see Section 3) and in
local policies on registrar or MASA (see Section 5).
Pritikin, et al. Expires December 19, 2019 [Page 16]
Internet-Draft BRSKI June 2019
The following fields are defined in [IDevID] and [RFC5280]:
o The subject field's DN encoding MUST include the "serialNumber"
attribute with the device's unique serial number. (from [IDevID]
section 7.2.8, and [RFC5280] section 4.1.2.4's list of standard
attributes)
o The subject-alt field's encoding MAY include a non-critical
version of the RFC4108 defined HardwareModuleName. (from [IDevID]
section 7.2.9) If the IDevID is stored in a Trusted Platform
Module (TPM), then this field MAY contain the TPM identification
rather than the device's serial number. If both fields are
present, then the subject field takes precedence.
and they are used as follows by the pledge to build the "serial-
number" that is placed in the voucher-request. In order to build it,
the fields need to be converted into a serial-number of "type
string". The following methods are used depending on the first
available IDevID certificate field (attempted in this order):
1. [RFC4519] section 2.31 provides an example ("WI-3005") of the
Distinguished Name "serialNumber" attribute. [RFC4514] indicates
this is a printable string so no encoding is necessary.
2. The HardwareModuleName hwSerialNum OCTET STRING. This value is
base64 encoded to convert it to a printable string format.
The above process to locate the serial-number MUST be performed by
the pledge when filling out the voucher-request. Signed voucher-
requests are always passed up to the MASA.
As explained in Section 5.5 the Registrar MUST extract the serial-
number again itself from the pledge's TLS certificate. It can
consult the serial-number in the pledge-request if there are any
possible confusion about the source of the serial-number (hwSerialNum
vs serialNumber).
2.3.2. MASA URI extension
This docucment defines a new PKIX non-critical certificate extension
to carry the MASA URI. This extension is intended to be used in the
IDevID certificate. The URI is represented as described in
Section 7.4 of [RFC5280].
Any Internationalized Resource Identifiers (IRIs) MUST be mapped to
URIs as specified in Section 3.1 of [RFC3987] before they are placed
in the certificate extension. The IRI provides the authority
Pritikin, et al. Expires December 19, 2019 [Page 17]
Internet-Draft BRSKI June 2019
information. The BRSKI "/.well-known" tree ([RFC5785]) is described
in Section 5.
As explained in [RFC5280] section 7.4, a complete IRI SHOULD be in
this extension, including the scheme, iauthority, and ipath. As a
consideration to constrained systems, this MAY be reduced to only the
iauthority, in which case a scheme of "https://" and ipath of
"/.well-known/est" is to be assumed, as explained in section
Section 5.
The registrary can assume that only the iauthority is present in the
extension, if there are no slash ("/") characters in the extension.
Section 7.4 of [RFC5280] calls out various schemes that MUST be
supported, including ldap, http and ftp. However, the registrar MUST
use https for the BRSKI-MASA connection.
The new extension is identified as follows: