{"draft":"draft-ietf-anima-bootstrapping-keyinfra-45","doc_id":"RFC8995","title":"Bootstrapping Remote Secure Key Infrastructure (BRSKI)","authors":["M. Pritikin","M. Richardson","T. Eckert","M. Behringer","K. Watsen"],"format":["HTML","TEXT","PDF","XML"],"page_count":"116","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Autonomic Networking Integrated Model and Approach","abstract":"This document specifies automated bootstrapping of an Autonomic\r\nControl Plane.  To do this, a Secure Key Infrastructure is\r\nbootstrapped.  This is done using manufacturer-installed X.509\r\ncertificates, in combination with a manufacturer's authorizing\r\nservice, both online and offline.  We call this process the\r\nBootstrapping Remote Secure Key Infrastructure (BRSKI) protocol.\r\nBootstrapping a new device can occur when using a routable address\r\nand a cloud service, only link-local connectivity, or\r\nlimited\/disconnected networks. Support for deployment models with\r\nless stringent security requirements is included. Bootstrapping is\r\ncomplete when the cryptographic identity of the new key\r\ninfrastructure is successfully deployed to the device.  The\r\nestablished secure connection can be used to deploy a locally issued\r\ncertificate to the device as well.","pub_date":"May 2021","keywords":["Autonomic Networking","Autonomous Operation","Self-Management","voucher-request","onboarding","zero-touch","voucher","RFC8366 voucher","IoT-onboarding","IoT-zero-touch","network-join"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8995","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc8995"}