{"draft":"draft-ietf-anima-brski-ae-13","doc_id":"RFC9733","title":"BRSKI with Alternative Enrollment (BRSKI-AE)","authors":["D. von Oheimb, Ed.","S. Fries","H. Brockhaus"],"format":["HTML","TEXT","PDF","XML"],"page_count":"27","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Autonomic Networking Integrated Model and Approach","abstract":"This document defines enhancements to the Bootstrapping Remote Secure\r\nKey Infrastructure (BRSKI) protocol, known as BRSKI with Alternative\r\nEnrollment (BRSKI-AE).  BRSKI-AE extends BRSKI to support certificate\r\nenrollment mechanisms instead of the originally specified use of\r\nEnrollment over Secure Transport (EST).  It supports certificate\r\nenrollment protocols such as the Certificate Management Protocol\r\n(CMP) that use authenticated self-contained signed objects for\r\ncertification messages, allowing for flexibility in network device\r\nonboarding scenarios.  The enhancements address use cases where the\r\nexisting enrollment mechanism may not be feasible or optimal,\r\nproviding a framework for integrating suitable alternative enrollment\r\nprotocols. This document also updates the BRSKI reference\r\narchitecture to accommodate these alternative methods, ensuring\r\nsecure and scalable deployment across a range of network\r\nenvironments.","pub_date":"March 2025","keywords":["BRSKI","IoT","zero-touch onboarding","alternative enrollment protocols","CMP","self-contained signed objects","end-to-end proof of origin","auditable source authentication"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9733","errata_url":null}