-
Notifications
You must be signed in to change notification settings - Fork 1
/
draft-ietf-anima-brski-ae-03.txt
2128 lines (1443 loc) · 86.7 KB
/
draft-ietf-anima-brski-ae-03.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ANIMA WG D. von Oheimb, Ed.
Internet-Draft S. Fries
Intended status: Standards Track H. Brockhaus
Expires: 27 April 2023 Siemens
24 October 2022
BRSKI-AE: Alternative Enrollment Protocols in BRSKI
draft-ietf-anima-brski-ae-03
Abstract
This document enhances Bootstrapping Remote Secure Key Infrastructure
(BRSKI, RFC 8995) to allow employing alternative enrollment
protocols, such as CMP.
Using self-contained signed objects, the origin of enrollment
requests and responses can be authenticated independently of message
transfer. This supports end-to-end security and asynchronous
operation of certificate enrollment and provides flexibility where to
authenticate and authorize certification requests.
About This Document
This note is to be removed before publishing as an RFC.
Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-ietf-anima-brski-ae/.
Source for this draft and an issue tracker can be found at
https://github.com/anima-wg/anima-brski-ae.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 April 2023.
von Oheimb, et al. Expires 27 April 2023 [Page 1]
Internet-Draft BRSKI-AE October 2022
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.1. Voucher Exchange for Trust Anchor Establishment . . . 3
1.1.2. Enrollment of LDevID Certificate . . . . . . . . . . 4
1.2. Supported Environments . . . . . . . . . . . . . . . . . 7
1.3. List of Application Examples . . . . . . . . . . . . . . 8
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 8
3. Requirements and Mapping to Solutions . . . . . . . . . . . . 10
3.1. Basic Requirements . . . . . . . . . . . . . . . . . . . 10
3.2. Solution Options for Proof of Possession . . . . . . . . 10
3.3. Solution Options for Proof of Identity . . . . . . . . . 11
4. Adaptations to BRSKI . . . . . . . . . . . . . . . . . . . . 12
4.1. Architecture . . . . . . . . . . . . . . . . . . . . . . 13
4.2. Message Exchange . . . . . . . . . . . . . . . . . . . . 17
4.2.1. Pledge - Registrar Discovery . . . . . . . . . . . . 17
4.2.2. Pledge - Registrar - MASA Voucher Exchange . . . . . 17
4.2.3. Pledge - Registrar - RA/CA Certificate Enrollment . . 17
4.2.4. Pledge - Registrar Enrollment Status Telemetry . . . 20
4.3. Enhancements to the Endpoint Addressing Scheme of
BRSKI . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5. Instantiation to Existing Enrollment Protocols . . . . . . . 22
5.1. BRSKI-CMP: Instantiation to CMP . . . . . . . . . . . . . 22
5.2. Other Instantiations of BRSKI-AE . . . . . . . . . . . . 23
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
7. Security Considerations . . . . . . . . . . . . . . . . . . . 24
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 24
9.1. Normative References . . . . . . . . . . . . . . . . . . 24
9.2. Informative References . . . . . . . . . . . . . . . . . 26
Appendix A. Using EST for Certificate Enrollment . . . . . . . . 28
Appendix B. Application Examples . . . . . . . . . . . . . . . . 29
B.1. Rolling Stock . . . . . . . . . . . . . . . . . . . . . . 29
von Oheimb, et al. Expires 27 April 2023 [Page 2]
Internet-Draft BRSKI-AE October 2022
B.2. Building Automation . . . . . . . . . . . . . . . . . . . 30
B.3. Substation Automation . . . . . . . . . . . . . . . . . . 30
B.4. Electric Vehicle Charging Infrastructure . . . . . . . . 31
B.5. Infrastructure Isolation Policy . . . . . . . . . . . . . 31
B.6. Sites with Insufficient Level of Operational Security . . 31
Appendix C. History of Changes TBD RFC Editor: please delete . . 32
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction
1.1. Motivation
BRSKI, as defined in [RFC8995], specifies a solution for secure
automated zero-touch bootstrapping of new devices, which are given
the name _pledges_, in the domain they should operate with. This
includes the discovery of the registrar representing the target
domain, time synchronization or validation, and the exchange of
security information necessary to establish mutual trust between
pledges and the target domain. As explained in Section 2, the
_target domain_, or _domain_ for short, is defined as the set of
entities that share a common local trust anchor.
1.1.1. Voucher Exchange for Trust Anchor Establishment
Initially, a pledge has a trust anchor only of its manufacturer, not
yet of any target domain. In order for the pledge to automatically
and securely obtain trust in a suitable target domain represented by
its registrar, BRSKI uses vouchers as defined in [RFC8366]. A
voucher is a cryptographic object issued by the Manufacturer
Authorized Signing Authority (MASA) of the pledge manufacturer to the
specific pledge identified by the included device serial number. It
is signed with the credentials of the MASA and can be validated by
the manufacturer trust anchor imprinted with the pledge. So the
pledge can accept the voucher contents, which indicate to the pledge
that it can trust the domain identified by the given certificate.
While RFC 8995 only specifies a single, online set of protocol option
to communicate the voucher between MASA, registrar, and pledge
(BRSKI-EST and BRSKI-MASA, see [RFC8995], Section 2), it also
describes the architecture for how the voucher may be provided in
online mode (synchronously) or offline mode (asynchronously). So for
the voucher exchange offline mode is basically supported because the
vouchers are self-contained signed objects, such that their security
does not rely on protection by the underlying transfer.
von Oheimb, et al. Expires 27 April 2023 [Page 3]
Internet-Draft BRSKI-AE October 2022
SZTP [RFC8572] is an example of another protocol where vouchers may
be delivered asynchronously by tools such as portable USB "thumb"
drives. However, SZTP does not do signed voucher requests, so it
does not allow the domain to verify the identity of the device in the
same way, nor does it deploy LDevIDs to the device in the same way.
1.1.2. Enrollment of LDevID Certificate
Trust in a pledge by other devices in the target domain is enabled by
enrolling the pledge with a domain-specific Locally significant
Device IDentity (LDevID) certificate.
Recall that for certificate enrollment it is crucial to authenticate
the entity requesting the certificate. Checking both the identity
and the authorization of the requester is the job of a registration
authority (RA). With BRSKI-EST, there is only one RA instance, co-
located with the registrar.
The certification request of the pledge is signed using its IDevID
secret. It can be validated by the target domain (e.g., by the
domain registrar) using the trust anchor of the pledge manufacturer,
which needs to pre-installed in the domain.
For enrolling devices with LDevID certificates, BRSKI specifies how
Enrollment over Secure Transport (EST) [RFC7030] can be used. EST
has its specific characteristics, detailed in Appendix A. In
particular, it requires online on-site availability of the RA for
performing the data origin authentication and final authorization
decision on the certification request. This type of enrollment can
be called 'synchronous enrollment'. EST, BRSKI-EST, and BRSKI-MASA
as used in RFC 8995 are tied to a specific transport, TLS, which may
not be suitable for the target use case outlined by the examples in
Section 1.3. Therefore deployments may require different transport,
see Constrained Voucher Artifacts for Bootstrapping Protocols
[I-D.ietf-anima-constrained-voucher] and EST-coaps [RFC9148].
Since EST does not support offline enrollment, it may be preferable
for the reasons given in this section and depending on application
scenarios as outlined in Section 1.3 and Appendix B to use
alternative enrollment protocols such as the Certificate Management
Protocol (CMP) [RFC4210] profiled in
[I-D.ietf-lamps-lightweight-cmp-profile] or Certificate Management
over CMS (CMC) [RFC5272]. These protocols are more flexible, and by
representing the certification request messages as authenticated
self-contained objects, they are designed to be independent of the
transfer mechanism.
von Oheimb, et al. Expires 27 April 2023 [Page 4]
Internet-Draft BRSKI-AE October 2022
Depending on the application scenario, the required components of an
RA may not be part of the BRSKI registrar. They even may not be
available on-site but rather be provided by remote backend systems.
The RA functionality may also be split into an on-site local RA (LRA)
and a central RA component in the backend, referred to as PKI RA.
For certification authorities (CAs) it is common to be located in the
backend. The registrar or its deployment site may not have an online
connection with these RA/CA components or the connectivity may be
intermittent. This may be due to security requirements for operating
the backend systems or due to deployments where on-site or always-
online operation may be not feasible or too costly. In such
scenarios, the authentication and authorization of certification
requests will not or can not be performed on-site.
In this document, enrollment that is not performed over an online
connection is called 'asynchronous enrollment'. Asynchronous
enrollment means that messages need to be forwarded through offline
methods (e.g., Sneakernet/USB sticks) and/or at some point in time
only part of the communication path is available. Messages need to
be stored, along with the information needed for authenticating their
origin, in front of an unavailable segment for potentially long time
(e.g., days) before they can be forwarded. This implies that end-to-
end security between the parties involved can not be provided by an
authenticated (and often confidential) communications channel such as
TLS used in EST/BRSKI-EST/BRSKI-MASA.
Application scenarios may also involve network segmentation, which is
utilized in industrial systems to separate domains with different
security needs -- see also Appendix B.5. Such scenarios lead to
similar requirements if the TLS channel that carries the requester
authentication is terminated before the actual requester
authorization is performed. Thus request messages need to be
forwarded on further channels before the registrar or RA can
authorize the certification request. In order to preserve the
requester authentication, authentication information needs to be
retained and ideally bound directly to the certification request.
There are basically two approaches for forwarding certification
requests along with requester authentication information:
* The component in the target domain that forwards the certification
request, such as a local RA being part of the registrar, combines
the certification request with the validated identity of the
requester (e,g., its IDevID certificate) and an indication of
successful verification of the proof of possession (of the
corresponding private key) in a way preventing changes to the
combined information. This implies that it must be trusted by the
PKI. When connectivity is available, the trusted component
von Oheimb, et al. Expires 27 April 2023 [Page 5]
Internet-Draft BRSKI-AE October 2022
forwards the certification request together with the requester
information (authentication and proof of possession) for further
processing. This approach offers hop-by-hop security, but not
end-to-end security.
In BRSKI, the EST server, being co-located with the registrar in
the domain, is such a component that needs to be trusted by the
backend PKI components. They must rely on the local pledge
authentication result provided by that component when performing
the final authorization of the certification request.
* A trusted intermediate domain component is not needed when
involved components use authenticated self-contained objects for
the enrollment, directly binding the certification request and the
requester authentication in a cryptographic way. This approach
supports end-to-end security, without the need to trust in
intermediate domain components. Manipulation of the request and
the requester identity information can be detected during the
validation of the self-contained signed object.
Note that with this approach the way in which enrollment requests
are forwarded by the registrar to the backend PKI components does
not contribute to their security and therefore does not need to be
addressed here.
Focus of this document is the support of alternative enrollment
protocols that allow the second approach, i.e., using authenticated
self-contained objects for device certificate enrollment. This
enhancement of BRSKI is named BRSKI-AE, where AE stands for
*A*lternative *E*nrollment and for *A*synchronous *E*nrollment. This
specification carries over the main characteristics of BRSKI, namely
that the pledge obtains trust anchor information for authenticating
the domain registrar and other target domain components as well as a
domain-specific X.509 device certificate (the LDevID certificate)
along with the corresponding private key (the LDevID secret) and
certificate chain.
The goals are to provide an enhancement of BRSKI using enrollment
protocols alternatively to EST that
* support end-to-end security for LDevID certificate enrollment and
* make it applicable to scenarios involving asynchronous enrollment.
This is achieved by
von Oheimb, et al. Expires 27 April 2023 [Page 6]
Internet-Draft BRSKI-AE October 2022
* extending the well-known URI approach of BRSKI and EST message
with an additional path element indicating the enrollment protocol
being used, and
* defining a certificate waiting indication and handling, for the
case that the certifying component is (temporarily) not available.
This specification can be applied to both synchronous and
asynchronous enrollment.
As an improvement over BRSKI, this specification supports offering
multiple enrollment protocols which enables pledges and their
developers to pick the preferred one.
1.2. Supported Environments
BRSKI-AE is intended to be used in domains that may have limited
support of on-site PKI services and comprises application scenarios
like the following.
* Scenarios indirectly excluding the use of EST for certificate
enrollment, such as the requirement for end-to-end authentication
of the requester while the RA is not co-located with the
registrar.
* Scenarios having implementation restrictions that speak against
using EST for certificate enrollment, such as the use of a library
that does not support EST but CMP.
* Pledges and/or the target domain already having an established
certificate management approach different from EST that shall be
reused (e.g., in brownfield installations where CMP is used).
* No RA being available on site in the target domain. Connectivity
to an off-site PKI RA is intermittent or entirely offline. A
store-and-forward mechanism is used for communicating with the
off-site services.
* Authoritative actions of a local RA being not sufficient for fully
authorizing certification requests by pledges. Final
authorization then is done by a PKI RA residing in the backend.
von Oheimb, et al. Expires 27 April 2023 [Page 7]
Internet-Draft BRSKI-AE October 2022
1.3. List of Application Examples
Bootstrapping can be handled in various ways, depending on the
application domains. The informative Appendix B provides
illustrative examples from various industrial control system
environments and operational setups. They motivate the support of
alternative enrollment protocols, based on the following examples of
operational environments:
* Rolling stock
* Building automation
* Electrical substation automation
* Electric vehicle charging infrastructures
* Infrastructure isolation policy
* Sites with insufficient level of operational security
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
This document relies on the terminology defined in [RFC8995] and
[IEEE.802.1AR-2018]. The following terms are defined partly in
addition.
asynchronous communication: time-wise interrupted communication
between a pledge and a registrar or PKI component.
authenticated self-contained object: data structure that is
cryptographically bound to the IDevID certificate of a pledge.
The binding is assumed to be provided through a digital signature
of the actual object using the IDevID secret.
backend: same as off-site
BRSKI-AE: Variation of BRSKI [RFC8995] in which BRSKI-EST, the
von Oheimb, et al. Expires 27 April 2023 [Page 8]
Internet-Draft BRSKI-AE October 2022
enrollment protocol between pledge and the registrar including the
RA, is replaced by alternative enrollment protocols such as
Lightweight CMP. To this end a new URI scheme used for performing
the certificate enrollment. BRSKI-AE enables the use of other
enrollment protocols between pledge and registrar and to any
backend RA components with end-to-end security.
CA: Certification Authority, which is the PKI component that issues
certificates and provides certificate status information.
domain: shorthand for target domain
IDevID: Initial Device IDentifier, provided by the manufacturer and
comprising of a private key, an X.509 certificate with chain, and
a related trust anchor.
LDevID: Locally significant Device IDentifier, provided by the
target domain and comprising of a private key, an X.509
certificate with chain, and a related trust anchor.
local RA (LRA): RA that is on site with the registrar and that may
be needed in addition to an off-site RA.
on-site: locality of a component or service or functionality in the
local target deployment site of the registrar.
off-site: locality of component or service or functionality in an
operator site different from the target deployment site. This may
be a central site or a cloud service, to which only a temporary
connection is available.
PKI RA: off-site RA in the backend of the target domain
pledge: device that is to be bootstrapped to the target domain. It
requests an LDevID using an IDevID installed by its manufacturer.
RA: Registration Authority, which is the PKI component to which a CA
typically delegates certificate management functions such as
authenticating requesters and performing authorization checks on
certification requests.
site: the locality where an entity, e.g., pledge, registrar, RA, CA,
is deployed. Different sites can belong to the same target
domain.
synchronous communication: time-wise uninterrupted communication
between a pledge and a registrar or PKI component.
von Oheimb, et al. Expires 27 April 2023 [Page 9]
Internet-Draft BRSKI-AE October 2022
target domain: the set of entities that the pledge should be able to
operate with and that share a common local trust anchor,
independent of where the entities are deployed.
3. Requirements and Mapping to Solutions
3.1. Basic Requirements
There are two main drivers for the definition of BRSKI-AE:
* The solution architecture may already use or require a certificate
management protocol other than EST. Therefore, this other
protocol should be usable for requesting LDevID certificates.
* The domain registrar may not be the (final) point that
authenticates and authorizes certification requests, and the
pledge may not have a direct connection to it. Therefore,
certification requests should be self-contained signed objects.
Based on the intended target environment described in Section 1.2 and
the application examples described in Appendix B, the following
requirements are derived to support authenticated self-contained
objects as containers carrying certification requests.
At least the following properties are required for a certification
request:
* _Proof of possession_: demonstrates access to the private key
corresponding to the public key contained in a certification
request. This is typically achieved by a self-signature using the
corresponding private key.
* _Proof of identity_, also called _proof of origin_: provides data
origin authentication of the certification request. Typically
this is achieved by a signature using the pledge IDevID secret
over some data, which needs to include a sufficiently strong
identifier of the pledge, such as the device serial number
typically included in the subject of the IDevID certificate.
The rest of this section gives an non-exhaustive list of solution
examples, based on existing technology described in IETF documents:
3.2. Solution Options for Proof of Possession
Certification request objects: Certification requests are data
structures protecting only the integrity of the contained data and
providing proof of possession for a (locally generated) private key.
Examples for certification request data structures are:
von Oheimb, et al. Expires 27 April 2023 [Page 10]
Internet-Draft BRSKI-AE October 2022
* PKCS#10 [RFC2986]. This certification request structure is self-
signed to protect its integrity and to prove possession of the
private key that corresponds to the public key included in the
request.
* CRMF [RFC4211]. This certificate request message format also
supports integrity protection and proof of possession, typically
by a self-signature generated over (part of) the structure with
the private key corresponding to the included public key. CRMF
also supports further proof-of-possession methods for types of
keys that do not support any signature algorithm.
The integrity protection of certification request fields includes the
public key because it is part of the data signed by the corresponding
private key. Yet note that for the above examples this is not
sufficient to provide data origin authentication, i.e., proof of
identity. This extra property can be achieved by an additional
binding to the IDevID of the pledge. This binding to the source
authentication supports the authorization decision of the
certification request. The binding of data origin authentication to
the certification request may be delegated to the protocol used for
certificate management.
3.3. Solution Options for Proof of Identity
The certification request should be bound to an existing
authenticated credential (here, the IDevID certificate) to enable a
proof of identity and, based on it, an authorization of the
certification request. The binding may be achieved through security
options in an underlying transport protocol such as TLS if the
authorization of the certification request is (completely) done at
the next communication hop. This binding can also be done in a
transport-independent way by wrapping the certification request with
a signature employing an existing IDevID. In the BRSKI context, this
will be the IDevID. This requirement is addressed by existing
enrollment protocols in various ways, such as:
* EST [RFC7030] utilizes PKCS#10 to encode the certification
request. The Certificate Signing Request (CSR) optionally
provides a binding to the underlying TLS session by including the
tls-unique value in the self-signed PKCS#10 structure. The tls-
unique value results from the TLS handshake. Since the TLS
handshake includes certificate-based client authentication and the
pledge utilizes its IDevID for it, the proof of identity is
provided by such a binding to the TLS session. This can be
supported using the EST /simpleenroll endpoint. Note that the
binding of the TLS handshake to the CSR is optional in EST.
von Oheimb, et al. Expires 27 April 2023 [Page 11]
Internet-Draft BRSKI-AE October 2022
[RFC7030], Section 2.5 sketches wrapping the CSR with a Full PKI
Request message sent to the /fullcmc endpoint. This would allow
for source authentication at message level as an alternative to
indirectly binding to the underlying TLS authentication in the
transport layer.
* SCEP [RFC8894] supports using a shared secret (passphrase) or an
existing certificate to protect CSRs based on SCEP Secure Message
Objects using CMS wrapping ([RFC5652]). Note that the wrapping
using an existing IDevID in SCEP is referred to as _renewal_. This
way SCEP does not rely on the security of the underlying message
transfer.
* CMP [RFC4210] supports using a shared secret (passphrase) or an
existing certificate, which may be an IDevID credential, to
authenticate certification requests via the PKIProtection
structure in a PKIMessage. The certification request is typically
encoded utilizing CRMF, while PKCS#10 is supported as an
alternative. Thus, CMP does not rely on the security of the
underlying message transfer.
* CMC [RFC5272] also supports utilizing a shared secret (passphrase)
or an existing certificate to protect certification requests,
which can be either in CRMF or PKCS#10 structure. The proof of
identity can be provided as part of a FullCMCRequest, based on CMS
[RFC5652] and signed with an existing IDevID secret. Thus also
CMC does not rely on the security of the underlying message
transfer.
4. Adaptations to BRSKI
In order to support alternative certificate enrollment protocols,
asynchronous enrollment, and more general system architectures,
BRSKI-AE provides some generalizations on BRSKI [RFC8995]. This way,
authenticated self-contained objects such as those described in
Section 3 above can be used for certificate enrollment, and RA
functionality can be distributed freely in the target domain.
The enhancements needed are kept to a minimum in order to ensure
reuse of already defined architecture elements and interactions. In
general, the communication follows the BRSKI model and utilizes the
existing BRSKI architecture elements. In particular, the pledge
initiates communication with the domain registrar and interacts with
the MASA as usual for voucher request and response processing.
von Oheimb, et al. Expires 27 April 2023 [Page 12]
Internet-Draft BRSKI-AE October 2022
4.1. Architecture
The key element of BRSKI-AE is that the authorization of a
certification request MUST be performed based on an authenticated
self-contained object. The certification request is bound in a self-
contained way to a proof of origin based on the IDevID.
Consequently, the authentication and authorization of the
certification request MAY be done by the domain registrar and/or by
other domain components. These components may be offline or reside
in some central backend of the domain operator (off-site) as
described in Section 1.2. The registrar and other on-site domain
components may have no or only temporary (intermittent) connectivity
to them. The certification request MAY also be piggybacked on
another protocol.
This leads to generalizations in the placement and enhancements of
the logical elements as shown in Figure 1.
von Oheimb, et al. Expires 27 April 2023 [Page 13]
Internet-Draft BRSKI-AE October 2022
+------------------------+
+--------------Drop-Ship------------->| Vendor Service |
| +------------------------+
| | M anufacturer| |
| | A uthorized |Ownership|
| | S igning |Tracker |
| | A uthority | |
| +--------------+---------+
| ^
| |
V |
+--------+ ......................................... |
| | . . | BRSKI-
| | . +-------+ +--------------+ . | MASA
| Pledge | . | Join | | Domain |<----+
| | . | Proxy | | Registrar w/ | .
| |<------>|.......|<-------->| Enrollment | .
| | . | | | Proxy/LRA/RA | .
| IDevID | . +-------+ +--------------+ .
| | BRSKI-AE (over TLS) ^ .
| | . | .
+--------+ ...............................|.........
on-site (local) domain components |
| e.g., RFC 4210,
| RFC 7030, ...
.............................................|..................
. Public-Key Infrastructure v .
. +---------+ +------------------------------------------+ .
. | |<----+ Registration Authority | .
. | PKI CA +---->| PKI RA (unless part of Domain Registrar) | .
. +---------+ +------------------------------------------+ .
................................................................
off-site (central, backend) domain components
Figure 1: Architecture Overview Using Off-site PKI Components
The architecture overview in Figure 1 has the same logical elements
as BRSKI, but with more flexible placement of the authentication and
authorization checks on certification requests. Depending on the
application scenario, the registrar MAY still do all of these checks
(as is the case in BRSKI), or part of them, or none of them.
The following list describes the on-site components in the target
domain of the pledge shown in Figure 1.
* Join Proxy: same functionality as described in BRSKI [RFC8995],
Section 4
von Oheimb, et al. Expires 27 April 2023 [Page 14]
Internet-Draft BRSKI-AE October 2022
* Domain Registrar including RA, LRA, or Enrollment Proxy: in BRSKI-
AE, the domain registrar has mostly the same functionality as in
BRSKI, namely to facilitate the communication of the pledge with
the MASA and the PKI. Yet there are two generalizations:
1. The registrar MUST support at least one certificate enrollment
protocol that uses for certificate requests authenticated
self-contained objects. To this end, the URI scheme for
addressing the endpoint at the registrar is generalized (see
Section 4.3).
To support the end-to-end proof of identity of the pledge, the
enrollment protocol used by the pledge MUST also be used by
the registrar for its upstream certificate enrollment message
exchange with backend PKI components. Between the pledge and
the registrar the enrollment request messages are tunneled
over the TLS channel already established between these
entities. The registrar optionally checks the requests and
then passes them on to the PKI. On the way back, it forwards
responses by the PKI to the pledge on the existing TLS
channel.
2. The registrar MAY also delegate all or part of its certificate
enrollment support to a separate system. That is,
alternatively to having full RA functionality, the registrar
may act as a local registration authority (LRA) or just as an
enrollment proxy. In such cases, the domain registrar may
forward the certification request to some off-site RA
component, also called PKI RA here, that performs the
remaining parts of the enrollment request validation and
authorization. This also covers the case that the registrar
has only intermittent connection and forwards certification
requests to off-site PKI components upon re-established
connectivity.
Still all certificate enrollment traffic goes via the
registrar, such that from the pledge perspective there is no
difference in connectivity and the registrar is involved in
all steps. The final step of BRSKI, namely the enrollment
status telemetry, is also kept.
The following list describes the components provided by the vendor or
manufacturer outside the target domain.
* MASA: functionality as described in BRSKI [RFC8995]. The voucher
exchange with the MASA via the domain registrar is performed as
described in BRSKI.
von Oheimb, et al. Expires 27 April 2023 [Page 15]
Internet-Draft BRSKI-AE October 2022
Note: From the definition of the interaction with the MASA in
[RFC8995], Section 5 follows that it may be synchronous (voucher
request with nonce) or asynchronous (voucher request without
nonce).
* Ownership tracker: as defined in BRSKI.
The following list describes the target domain components that can
optionally be operated in the off-site backend of the target domain.
* PKI RA: Performs certificate management functions for the domain
as a centralized public-key infrastructure for the domain
operator. As far as not already done by the domain registrar, it
performs the final validation and authorization of certification
requests. Otherwise, the RA co-located with the domain registrar
directly connects to the PKI CA.
* PKI CA: Performs certificate generation by signing the certificate
structure requested in already authenticated and authorized
certification requests.
Based on the diagram in BRSKI [RFC8995], Section 2.1 and the
architectural changes, the original protocol flow is divided into
four phases showing commonalities and differences to the original
approach as follows.
* Discovery phase: same as in BRSKI steps (1) and (2).
* Voucher exchange phase: same as in BRSKI steps (3) and (4).
* Certificate enrollment phase: the use of EST in step (5) is
changed to employing a certificate enrollment protocol that uses
an authenticated self-contained object for requesting the LDevID
certificate.
Still for transporting certificate enrollment request and response
messages between the pledge and the registrar, the TLS channel
established between them via the join proxy is used. So the
enrollment protocol MUST support this. Due to this architecture,
the pledge does not need to establish an additional connection for
certificate enrollment and the registrar retains control over the
certificate enrollment traffic.
* Enrollment status telemetry phase: the final exchange of BRSKI
step (5).
von Oheimb, et al. Expires 27 April 2023 [Page 16]
Internet-Draft BRSKI-AE October 2022
4.2. Message Exchange
The behavior of a pledge described in BRSKI [RFC8995], Section 2.1 is
kept with one exception. After finishing the Imprint step (4), the
Enroll step (5) MUST be performed with an enrollment protocol
utilizing authenticated self-contained objects. Section 5 discusses
selected suitable enrollment protocols and options applicable.
An abstract overview of the BRSKI-AE protocol can be found in
[BRSKI-AE-overview].
4.2.1. Pledge - Registrar Discovery
The discovery is done as specified in [RFC8995].
4.2.2. Pledge - Registrar - MASA Voucher Exchange
The voucher exchange is performed as specified in [RFC8995].
4.2.3. Pledge - Registrar - RA/CA Certificate Enrollment
The certificate enrollment phase may involve several exchanges of
requests and responses. Which of the message exchanges marked
OPTIONAL in the below Figure 2 are potentially used, or are actually
required or prohibited to be used, depends on the application
scenario and on the employed enrollment protocol.
These OPTIONAL exchanges cover all those supported by the use of EST
in BRSKI. The last OPTIONAL one, namely certificate confirmation, is
not supported by EST, but by CMP and other enrollment protocols.
The only generally MANDATORY message exchange is for the actual
certificate request and response. As stated in Section 3, the
certificate request MUST be performed using an authenticated self-
contained object providing not only proof of possession but also
proof of identity (source authentication).
von Oheimb, et al. Expires 27 April 2023 [Page 17]
Internet-Draft BRSKI-AE October 2022
+--------+ +------------+ +------------+
| Pledge | | Domain | | Operator |
| | | Registrar | | RA/CA |
| | | (JRC) | | (PKI) |
+--------+ +------------+ +------------+
/--> | |
| [OPTIONAL request of CA certificates] | |
|---------- CA Certs Request (1)--------->| |
| | [OPTIONAL forwarding] |
| |---CA Certs Request -->|
| |<--CA Certs Response---|
|<--------- CA Certs Response (2)---------| |
|--> | |
| [OPTIONAL request of attributes | |
| to include in Certificate Request] | |
|---------- Attribute Request (3)-------->| |
| | [OPTIONAL forwarding] |
| |--- Attribute Req. --->|
| |<-- Attribute Resp. ---|
|<--------- Attribute Response (4)--------| |
|--> | |
| [MANDATORY certificate request] | |
|---------- Certificate Request (5)------>| |
| | [OPTIONAL forwarding] |
| |--- Certificate Req.-->|
| |<--Certificate Resp.---|
|<--------- Certificate Response (6)------| |
|--> | |
| [OPTIONAL certificate confirmation] | |
|---------- Certificate Confirm (7)------>| |
| | [OPTIONAL forwarding] |
| |---Certificate Conf.-->|
| |<---- PKI Confirm -----|
|<--------- PKI/Registrar Confirm (8)-----| |
Figure 2: Certificate Enrollment
The various connections between the registrar and the PKI components
of the operator (RA/CA) may be intermittent or off-line. Messages
are to be sent as soon as sufficient transfer capacity is available.
The label [OPTIONAL forwarding] means that on receiving from a pledge
a request of the given type, the registrar MAY answer the request
directly itself. Otherwise the registrar MUST forward the request to