-
Notifications
You must be signed in to change notification settings - Fork 5
/
dtbootstrap-anima-keyinfra-04.txt
2632 lines (1867 loc) · 111 KB
/
dtbootstrap-anima-keyinfra-04.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ANIMA WG M. Pritikin
Internet-Draft Cisco
Intended status: Informational M. Richardson
Expires: May 4, 2017 SSW
M. Behringer
S. Bjarnason
Cisco
K. Watsen
Juniper Networks
October 31, 2016
Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-04
Abstract
This document specifies automated bootstrapping of a remote secure
key infrastructure (BRSKI) using vendor installed X.509 certificate,
in combination with a vendor authorized service on the Internet.
Bootstrapping a new device can occur using a routable address and a
cloud service, or using only link-local connectivity, or on limited/
disconnected networks. Support for lower security models, including
devices with minimal identity, is described for legacy reasons but
not encouraged. Bootstrapping is complete when the cryptographic
identity of the new key infrastructure is successfully deployed to
the device but the established secure connection can be used to
deploy a locally issued certificate to the device as well.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 4, 2017.
Pritikin, et al. Expires May 4, 2017 [Page 1]
Internet-Draft BRewSKI October 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Scope of solution . . . . . . . . . . . . . . . . . . . . 7
1.3. Trust bootstrap . . . . . . . . . . . . . . . . . . . . . 8
2. Architectural Overview . . . . . . . . . . . . . . . . . . . 8
3. Functional Overview . . . . . . . . . . . . . . . . . . . . . 10
3.1. Behavior of a Pledge . . . . . . . . . . . . . . . . . . 11
3.1.1. Discovery . . . . . . . . . . . . . . . . . . . . . . 13
3.1.2. Identity . . . . . . . . . . . . . . . . . . . . . . 14
3.1.3. Request Join . . . . . . . . . . . . . . . . . . . . 15
3.1.4. Imprint . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.5. Lack of realtime clock . . . . . . . . . . . . . . . 16
3.1.6. Enrollment . . . . . . . . . . . . . . . . . . . . . 17
3.1.7. Being Managed . . . . . . . . . . . . . . . . . . . . 18
3.2. Behavior of a Proxy . . . . . . . . . . . . . . . . . . . 18
3.2.1. CoAP connection to Registrar . . . . . . . . . . . . 19
3.2.2. HTTPS proxy connection to Registrar . . . . . . . . . 19
3.3. Behavior of the Registrar . . . . . . . . . . . . . . . . 20
3.3.1. Pledge Authentication . . . . . . . . . . . . . . . . 21
3.3.2. Pledge Authorization . . . . . . . . . . . . . . . . 22
3.3.3. Claiming the New Entity . . . . . . . . . . . . . . . 23
3.3.4. Log Verification . . . . . . . . . . . . . . . . . . 23
3.4. Behavior of the MASA Service . . . . . . . . . . . . . . 24
3.4.1. Issue Audit Voucher and Log the event . . . . . . . . 24
3.4.2. Retrieve Audit Entries from Log . . . . . . . . . . . 24
3.5. Leveraging the new key infrastructure / next steps . . . 25
3.5.1. Network boundaries . . . . . . . . . . . . . . . . . 25
3.6. Interactions with Network Access Control . . . . . . . . 25
4. Domain Operator Activities . . . . . . . . . . . . . . . . . 25
4.1. Instantiating the Domain Certification Authority . . . . 26
4.2. Instantiating the Registrar . . . . . . . . . . . . . . . 26
Pritikin, et al. Expires May 4, 2017 [Page 2]
Internet-Draft BRewSKI October 2016
4.3. Accepting New Entities . . . . . . . . . . . . . . . . . 26
4.4. Automatic Enrollment of Devices . . . . . . . . . . . . . 27
4.5. Secure Network Operations . . . . . . . . . . . . . . . . 27
5. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 28
5.1. Request Voucher from the Registrar . . . . . . . . . . . 30
5.2. Request Voucher from MASA . . . . . . . . . . . . . . . . 32
5.3. Audit Voucher Response . . . . . . . . . . . . . . . . . 33
5.3.1. Completing authentication of Provisional TLS
connection . . . . . . . . . . . . . . . . . . . . . 34
5.4. Voucher Status Telemetry . . . . . . . . . . . . . . . . 35
5.5. MASA authorization log Request . . . . . . . . . . . . . 36
5.6. MASA authorization log Response . . . . . . . . . . . . . 36
5.7. EST Integration for PKI bootstrapping . . . . . . . . . . 37
5.7.1. EST Distribution of CA Certificates . . . . . . . . . 37
5.7.2. EST CSR Attributes . . . . . . . . . . . . . . . . . 37
5.7.3. EST Client Certificate Request . . . . . . . . . . . 38
5.7.4. Enrollment Status Telemetry . . . . . . . . . . . . . 38
5.7.5. EST over CoAP . . . . . . . . . . . . . . . . . . . . 39
6. Reduced security operational modes . . . . . . . . . . . . . 39
6.1. Trust Model . . . . . . . . . . . . . . . . . . . . . . . 40
6.2. New Entity security reductions . . . . . . . . . . . . . 40
6.3. Registrar security reductions . . . . . . . . . . . . . . 41
6.4. MASA security reductions . . . . . . . . . . . . . . . . 42
7. Security Considerations . . . . . . . . . . . . . . . . . . . 42
7.1. Security concerns with discovery process . . . . . . . . 44
7.1.1. Discovery of Registrar by Proxy . . . . . . . . . . . 44
7.1.2. Discovery of Proxy by New Entity . . . . . . . . . . 44
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 44
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 44
9.1. Normative References . . . . . . . . . . . . . . . . . . 44
9.2. Informative References . . . . . . . . . . . . . . . . . 46
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction
To literally "pull yourself up by the bootstraps" is an impossible
action. Similarly the secure establishment of a key infrastructure
without external help is also an impossibility. Today it is accepted
that the initial connections between nodes are insecure, until key
distribution is complete, or that domain-specific keying material is
pre-provisioned on each new device in a costly and non-scalable
manner. This document describes a zero-touch approach to
bootstrapping an entity by securing the initial distribution of key
material using third-party issued X.509 certificates and
cryptographically signed "vouchers" issued by a new form of cloud
service.
Pritikin, et al. Expires May 4, 2017 [Page 3]
Internet-Draft BRewSKI October 2016
The two sides of an association being bootstrapped authenticate each
other and then determine appropriate authorization. This process is
described as four distinct steps between the existing domain and the
device, or "pledge", being added:
o Pledge authentication: "Who is this? What is its identity?"
o Pledge authorization: "Is it mine? Do I want it? What are the
chances it has been compromised?"
o Domain authentication: "What is this domain's claimed identity?"
o Domain authorization: "Should I join it?"
A precise answer to these questions can not be obtained without
leveraging an established key infrastructure(s). The pledge's
decisions are made according to verified communication with a trusted
third-party. The domain's decisions are made by comparing the
pledge's authenticated identity against domain information such as a
configured list of purchased devices supplimented by information
provided by a trusted third-party. The third-party is not required
to provide sales channel ownership tracking nor is it required to
authenticate the domain.
Optimal security is achieved with X.509 certificates on each Pledge,
accompanied by a third-party (e.g., vendor, manufacturer or
integrator) Internet based service for verification. Bootstrapping
concepts run to completion with less requirements, but are then less
secure. A domain can choose to accept lower levels of security when
a trusted third-party is not available so that bootstrapping proceeds
even at the risk of reduced security. Only the domain can make these
decisions based on administrative input and known behavior of the
pledge.
The result of bootstrapping is that a domain specific key
infrastructure is deployed. Since X.509 PKI certificates are used
for identifying the pledge, and the public key of the domain identity
is leveraged during communications with an Internet based service,
which is itself authenticated using HTTPS, bootstrapping of a domain
specific Public Key Infrastructure (PKI) is described. Sufficient
agility to support bootstrapping alternative key infrastructures
(such as symmetric key solutions) is considered although no such
alternate key infrastructure is described.
Pritikin, et al. Expires May 4, 2017 [Page 4]
Internet-Draft BRewSKI October 2016
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
The following terms are defined for clarity:
DomainID: The domain identity is the 160-bit SHA-1 hash of the BIT
STRING of the subjectPublicKey of the domain trust anchor that is
stored by the Domain CA. This is consistent with the
Certification Authority subject key identifier (Section 4.2.1.2
[RFC5280]) of the Domain CA's self signed root certificate. (A
string value bound to the Domain CA's self signed root certificate
subject and issuer fields is often colloquially used as a
humanized identity value but during protocol discussions the more
exact term as defined here is used).
drop ship: The physical distribution of equipment containing the
"factory default" configuration to a final destination. In zero-
touch scenarios there is no staging or pre-configuration during
drop-ship.
imprint: The process where a device obtains the cryptographic key
material to identify and trust future interactions with a network.
This term is taken from Konrad Lorenz's work in biology with new
ducklings: during a critical period, the duckling would assume
that anything that looks like a mother duck is in fact their
mother. An equivalent for a device is to obtain the fingerprint
of the network's root certification authority certificate. A
device that imprints on an attacker suffers a similar fate to a
duckling that imprints on a hungry wolf. Securely imprinting is a
primary focus of this document.[imprinting]. The analogy to
Lorenz's work was first noted in [Stajano99theresurrecting].
enrollment: The process where a device presents key material to a
network and acquires a network specific identity. For example
when a certificate signing request is presented to a certification
authority and a certificate is obtained in response.
Pledge: The prospective device, which has an identity installed by a
third-party (e.g., vendor, manufacturer or integrator).
Voucher A signed statement from the MASA service that indicates to a
Pledge the cryptographic identity of the Registrar it should
trust. There are different types of vouchers depending on how
that trust verified.
Pritikin, et al. Expires May 4, 2017 [Page 5]
Internet-Draft BRewSKI October 2016
Audit Voucher: A voucher from the MASA service that indicates that
the bootstrapping event has been successfully logged. The
Registrar is primarily responsible for verifying the logs and
ensuring domain network security.
Ownership Voucher: A voucher from the MASA service that indicates
the explicit owner identity. The MASA is primarily responsible
for tracking ownership using out-of-band sales channel integration
(the definition of which is out-of-scope of this document). It is
defined in [I-D.ietf-netconf-zerotouch].
Domain: The set of entities that trust a common key infrastructure
trust anchor. This includes the Proxy, Registrar, Domain
Certificate Authority, Management components and any existing
entity that is already a member of the domain.
Domain CA: The domain Certification Authority (CA) provides
certification functionalities to the domain. At a minimum it
provides certification functionalities to a Registrar and stores
the trust anchor that defines the domain. Optionally, it
certifies all elements.
Registrar: A representative of the domain that is configured,
perhaps autonomically, to decide whether a new device is allowed
to join the domain. The administrator of the domain interfaces
with a Registrar to control this process. Typically a Registrar
is "inside" its domain.
Proxy: A domain entity that helps the pledge join the domain. A
Proxy facilitates communication for devices that find themselves
in an environment where they are not provided connectivity until
after they are validated as members of the domain. The pledge is
unaware that they are communicating with a proxy rather than
directly with a Registrar.
MASA Service: A third-party Manufacturer Authorized Signing
Authority (MASA) service on the global Internet. The MASA
provides a repository for audit log information concerning privacy
protected bootstrapping events. It does not track ownership.
Ownership Tracker An Ownership Tracker service on the global
internet. The Ownership Tracker uses business processes to
accurately track ownership of all devices shipped against domains
that have purchased them. Although optional this component allows
vendors to provide additional value in cases where their sales and
distribution channels allow for accurately tracking of such
ownership.
Pritikin, et al. Expires May 4, 2017 [Page 6]
Internet-Draft BRewSKI October 2016
IDevID An Initial Device Identity X.509 certificate installed by the
vendor on new equipment. The [IDevID] certificate format is the
primary example. In particular the X.509 certificate needs to
contain the device's serial number in a well known location in
order to perform white list operations and in order to extract it
for inclusion in messages to the MASA service. The subject
field's DN encoding MUST include the "serialNumber" attribute with
the device's unique serial number.
1.2. Scope of solution
Questions have been posed as to whether this solution is suitable in
general for Internet of Things (IoT) networks. This depends on the
capabilities of the devices in question. The terminology of
[RFC7228] is best used to describe the boundaries.
The entire solution described in this document is aimed in general at
non-constrained (i.e. class 2+) devices operating on a non-Challenged
network. The entire solution described here is not intended to be
useable as-is by constrained devices operating on challenged networks
(such as 802.15.4 LLNs).
In many target applications, the systems involved are large router
platforms with multi-gigabit inter-connections, mounted in controlled
access data centers. But this solution is not exclusive to the
large, it is intended to scale to thousands of devices located in
hostile environments, such as ISP provided CPE devices which are
drop-shipped to the end user. The situation where an order is
fulfilled from distributed warehouse from a common stock and shipped
directly to the target location at the request of the domain owner is
explicitly supported. That stock ("SKU") could be provided to a
number of potential domain owners, and the eventual domain owner will
not know a-priori which device will go to which location.
The bootstraping process can take minutes to complete depending on
the network infrastructure and device processing speed. The network
communication itself is not optimized for speed; the discovery
process allows for the Pledge to avoid broadcasting for privacy
reasons. This protocol is not intended for low latency handoffs.
Specifically, there are protocol aspects described here which might
result in congestion collapse or energy-exhaustion of intermediate
battery powered routers in an LLN. Those types of networks SHOULD
NOT use this solution. These limitations are predominately related
to the large credential and key sizes required for device
authentication. Defining symmetric key techniques that meet the
operational requirements is out-of-scope but the underlying protocol
Pritikin, et al. Expires May 4, 2017 [Page 7]
Internet-Draft BRewSKI October 2016
operations (TLS handshake and signing structures) have sufficient
algorithm agility to support such techniques when defined.
The imprint protocol described here could, however, be used by non-
energy constrained devices joining a non-constrained network (for
instance, smart light bulbs are usually mains powered, and speak
802.11). It could also be used by non-constrained devices across a
non-energy constrained, but challenged network (such as 802.15.4).
The use of an IDevID that is consistant with [IDevID] allows for
alignment with 802.1X network access control methods which could need
to complete before bootstrapping can be initiated. This document
presumes that network access control has either already occured, is
not required, or is integrated by the proxy and registrar in such a
way that the device itself does not need to be aware of the details.
Further integration is not in scope.
Some aspects are in scope for constrained devices on challenged
networks: the certificate contents, and the process by which the four
questions above are resolved is in scope. It is simply the actual
on-the-wire imprint protocol which is likely inappropriate.
1.3. Trust bootstrap
The imprint protocol results in a secure relationship between a
domain Registrar and the Pledge. If the new device is sufficiently
constrained that the ACE protocol should be leveraged for operation,
(see [I-D.ietf-ace-actors]), and the domain registrar is also the
Client Authorization Server or the Authorization Server, then it may
be appropriate to use this secure channel to exchange ACE tokens.
2. Architectural Overview
The logical elements of the bootstrapping framework are described in
this section. Figure 1 provides a simplified overview of the
components. Each component is logical and may be combined with other
components as necessary.
Pritikin, et al. Expires May 4, 2017 [Page 8]
Internet-Draft BRewSKI October 2016
.
.+------------------------+
+--------------Drop Ship-------------->.| Vendor Service |
| .+------------------------+
| .| M anufacturer| |
| .| A uthorized |Ownership|
| .| S igning |Tracker |
| .| A uthority | |
| .+--------------+---------+
| .............. ^
V |
+-------+ ............................................|...
| | . | .
| | . +------------+ +-----------+ | .
| | . | | | | | .
| | . | | | <-------+ .
| | . | Proxy | | Registrar | .
| <--------> <-------> | .
| New | . | | | | .
| Entity| . +------------+ +-----+-----+ .
| | . | .
| | . +-----------------+----------+ .
| | . | Domain Certification | .
| | . | Authority | .
+-------+ . | Management and etc | .
. +----------------------------+ .
. .
................................................
"Domain" components
Figure 1
We assume a multi-vendor network. In such an environment there could
be a MASA or Ownership Tracker for each vendor that supports devices
following this document's specification, or an integrator could
provide a MASA service for all devices. It is unlikely that an
integrator could provide Ownership Tracking services for multiple
vendors.
This document describes a secure zero-touch approach to bootstrapping
a key infrastructure; if certain devices in a network do not support
this approach, they can still be bootstrapped manually. Although
manual deployment is not scalable and is not a focus of this document
the necessary mechanisms are called out in this document to ensure
such edge conditions are covered by the architectural and protocol
models.
Pritikin, et al. Expires May 4, 2017 [Page 9]
Internet-Draft BRewSKI October 2016
3. Functional Overview
Entities behave in an autonomic fashion. They discover each other
and autonomically bootstrap into a key infrastructure delineating the
autonomic domain. See [RFC7575] for more information.
This section details the state machine and operational flow for each
of the main three entities. The pledge, the domain (primarily a
Registrar) and the MASA service.
A representative flow is shown in Figure 2:
+--------+ +---------+ +------------+ +------------+
| Pledge | | Circuit | | Domain | | Vendor |
| | | Proxy | | Registrar | | Service |
| | | | | | | (Internet |
+--------+ +---------+ +------------+ +------------+
| | | |
|<-RFC3927 IPv4 adr | | |
or|<-RFC4862 IPv6 adr | | |
| | | |
|-------------------->| | |
| optional: mDNS query| | |
| RFC6763/RFC6762 | | |
| | | |
|<--------------------| | |
| mDNS broadcast | | |
| response or periodic| | |
| | | |
|<------------------->C<----------------->| |
| TLS via the Circuit Proxy | |
|<--Registrar TLS server authentication---| |
[PROVISIONAL accept of server cert] | |
P---X.509 client authentication---------->| |
P | | |
P---Request Voucher (include nonce)------>| |
P | | |
P | /---> | |
P | | [accept device?] |
P | | [contact Vendor] |
P | | |--Pledge ID-------->|
P | | |--Domain ID-------->|
P | | |--optional:nonce--->|
P | | | [extract DomainID]
P | | | |
P | optional: | [update audit log]
P | |can | |
P | |occur | |
Pritikin, et al. Expires May 4, 2017 [Page 10]
Internet-Draft BRewSKI October 2016
P | |in | |
P | |advance | |
P | | | |
P | | |<-device audit log--|
P | | |<- voucher ---------|
P | \----> | |
P | | |
P | [verify audit log and voucher] |
P | | |
P<------voucher---------------------------| |
[verify voucher ] | | |
[verify provisional cert ]| | |
| | | |
|---------------------------------------->| |
| Continue with RFC7030 enrollment | |
| using now bidirectionally authenticated | |
| TLS session. | | |
| | | |
| | | |
| | | |
Figure 2
3.1. Behavior of a Pledge
A pledge that has not yet been bootstrapped attempts to find a local
domain and join it. A pledge MUST NOT automatically initiate
bootstrapping if it has already been configured or is in the process
of being configured.
States of a pledge are as follows:
Pritikin, et al. Expires May 4, 2017 [Page 11]
Internet-Draft BRewSKI October 2016
+--------------+
| Start |
| |
+------+-------+
|
+------v-------+
| Discover |
+------------> |
| +------+-------+
| |
| +------v-------+
| | Identity |
^------------+ |
| rejected +------+-------+
| |
| +------v-------+
| | Request |
| | Join |
| +------+-------+
| |
| +------v-------+
| | Imprint | Optional
^------------+ <--+Manual input
| Bad Vendor +------+-------+
| response |
| +------v-------+
| | Enroll |
^------------+ |
| Enroll +------+-------+
| Failure |
| +------v-------+
| | Being |
^------------+ Managed |
Factory +--------------+
reset
Figure 3
State descriptions for the pledge are as follows:
1. Discover a communication channel to a Registrar.
2. Identify itself. This is done by presenting an IDevID X.509
credential to the discovered Registrar (via the Proxy) in a TLS
handshake. (The Registrar credentials are only provisionally
accepted at this time).
Pritikin, et al. Expires May 4, 2017 [Page 12]
Internet-Draft BRewSKI October 2016
3. Requests to Join the discovered Registrar. A unique nonce is
included ensuring that any responses can be associated with this
particular bootstrapping attempt.
4. Imprint on the Registrar. This requires verification of the
vendor service provided "Audit" or "Ownership" Voucher. Either
of these responses contains sufficient information for the pledge
to complete authentication of a Registrar. (The pledge can now
finish authentication of the Registrar TLS server certificate)
5. Enroll by accepting the domain specific information from a
Registrar, and by obtaining a domain certificate from a Registrar
using a standard enrollment protocol, e.g. Enrollment over
Secure Transport (EST) [RFC7030].
6. The Pledge is now a member of, and can be managed by, the domain
and will only repeat the discovery aspects of bootstrapping if it
is returned to factory default settings.
The following sections describe each of these steps in more detail.
3.1.1. Discovery
The result of discovery is a logical communication with a Registrar,
through a Proxy. The Proxy is transparent to the Pledge but is
always assumed to exist.
To discover the Registrar the Pledge performs the following actions:
a. MUST: Obtains a local address using either IPv4 or IPv6 methods
as described in [RFC4862] IPv6 Stateless Address
AutoConfiguration or [RFC3927] Dynamic Configuration of IPv4
Link-Local Addresses. The Plege MAY obtain an IP address via
DHCP [RFC2131]. The DHCP provided parameters for the Domain Name
System can be used to perform step (d) DNS operations if all
local discovery attempts fail (see below).
b. MUST: Performs DNS-based Service Discovery [RFC6763] over
Multicast DNS [RFC6762] searching for the service
"_bootstrapks._tcp.local.". To prevent unaccceptable levels of
network traffic the congestion avoidance mechanisms specified in
[RFC6762] section 7 MUST be followed. The Pledge SHOULD listen
for an unsolicited broadcast response as described in [RFC6762].
This allows devices to avoid announcing their presence via mDNS
broadcasts and instead silently join a network by watching for
periodic unsolicited broadcast responses.
Pritikin, et al. Expires May 4, 2017 [Page 13]
Internet-Draft BRewSKI October 2016
c. MAY: Performs DNS-based Service Discovery [RFC6763] over normal
DNS operations. The service searched for is
"_bootstrapks._tcp.example.com". In this case the domain
"example.com" is discovered as described in [RFC6763] section 11.
d. MAY: If no local bootstrapks service is located using the DNS-
based Service Discovery methods the Pledge contacts a well known
vendor provided bootstrapping server by performing a DNS lookup
using a well known URI such as "bootstrapks.vendor-example.com".
The details of the URI are vendor specific. Vendors that
leverage this method on the Pledge are responsible for providing
the bootstrapks service.
DNS-based service discovery communicates the local proxy IPv4 or IPv6
address and port to the Pledge. Once a proxy is discovered the
Pledge communicates with a Registrar through the proxy using the
bootstrapping protocol defined in Section 5. The current DNS
services returned during each query is maintained until bootstrapping
is completed. If bootstrapping fails and the Pledge returns to the
Discovery state it picks up where it left off and continues
attempting bootstrapping. For example if the first Multicast DNS
_bootstrapks._tcp.local response doesn't work then the second and
third responses are tried. If these fail the Pledge moves on to
normal DNS-based Service Discovery.
Each discovery method attempted SHOULD exponentially back-off
attempts (to a maximum of one hour) to avoid overloading the network
infrastructure with discovery. The back-off timer for each method
MUST be independent of other methods. Methods SHOULD be run in
parallel to avoid head of queue problems. Once a connection to a
Registrar is established (e.g. establishment of a TLS session key)
there are expectations of more timely responses, see Section 5.1.
Once all discovered services are attempted the device SHOULD return
to Multicast DNS. It should periodically retry the vendor specific
mechanisms. The Pledge may prioritize selection order as appropriate
for the anticipated environment.
3.1.2. Identity
The Pledge identifies itself during the communication protocol
handshake. If the client identity is rejected the Pledge repeats the
Discovery process using the next proxy or discovery method available.
The bootstrapping protocol server is not initially authenticated.
Thus the connection is provisional and all data received is untrusted
until sufficiently validated even though it is over a TLS connection.
This is aligned with the existing provisional mode of EST [RFC7030]
Pritikin, et al. Expires May 4, 2017 [Page 14]
Internet-Draft BRewSKI October 2016
during s4.1.1 "Bootstrap Distribution of CA Certificates". See
Section 5.3 for more information about when the TLS connection
authenticated is completed.
All security associations established are between the new device and
the Bootstrapping server regardless of proxy operations.
3.1.3. Request Join
The Pledge POSTs a request to join the domain to the Bootstrapping
server. This request contains a Pledge generated nonce and informs
the Bootstrapping server which imprint methods the Pledge will
accept.
As indicated in EST [RFC7030] the bootstrapping server MAY redirect
the client to an alternate server. This is most useful in the case
where the Pledge has resorted to a well known vendor URI and is
communicating with the vendor's Registrar directly. In this case the
Pledge has authenticated the Registrar using the local Implicit Trust
Anchor database and can therefore treat the redirect URI as a trusted
URI which can also be validated using the Implicit Trust Anchor
database. Since client authentication occurs during the TLS
handshake the bootstrapping server has sufficient information to
apply appropriate policy concerning which server to redirect to.
The nonce ensures the Pledge can verify that responses are specific
to this bootstrapping attempt. This minimizes the use of global time
and provides a substantial benefit for devices without a valid clock.
3.1.4. Imprint
The domain trust anchor is received by the Pledge during the
bootstrapping protocol methods in the form of a voucher. The goal of
the imprint state is to securely obtain a copy of this trust anchor
without involving human interaction.
The enrollment protocol EST [RFC7030] details a set of non-autonomic
bootstrapping methods such as:
o using the Implicit Trust Anchor database (not an autonomic
solution because the URL must be securely distributed),
o engaging a human user to authorize the CA certificate using out-
of-band data (not an autonomic solution because the human user is
involved),
Pritikin, et al. Expires May 4, 2017 [Page 15]
Internet-Draft BRewSKI October 2016
o using a configured Explicit TA database (not an autonomic solution
because the distribution of an explicit TA database is not
autonomic),
o and using a Certificate-Less TLS mutual authentication method (not
an autonomic solution because the distribution of symmetric key
material is not autonomic).
This document describes autonomic methods that MUST be supported by
the Pledge:
Audit Voucher Audit Vouchers are obtained by a Registrar from the
MASA service and presented to the Pledge for validation. These
indicate to the Pledge that joining the domain has been logged by
a logging service.
Ownership Voucher Ownership Vouchers are obtained by a Registrar
from the MASA service and explicitly indicate the owner of the
Pledge. The Ownership Voucher is defined in
[I-D.ietf-netconf-zerotouch].
Since client authentication occurs during the TLS handshake the
bootstrapping server has sufficient information to apply appropriate
policy concerning which method to use.
The Audit Voucher contains the domain's public key material as
provided to the MASA service by a Registrar. This provides
sufficient information to the client to complete automated
bootstrapping with the local key infrastructure. The Ownership
Voucher contains the Owner Certificate which the Pledge uses to
authenticate the TLS connection.
If the autonomic methods fail the Pledge returns to discovery state
and attempts bootstrapping with the next available discovered
Registrar.
3.1.5. Lack of realtime clock
Many devices when bootstrapping do not have knowledge of the current
time. Mechanisms like Network Time Protocols can not be secured
until bootstrapping is complete. Therefore bootstrapping is defined
in a method that does not require knowledge of the current time.
Unfortunately there are moments during bootstrapping when
certificates are verified, such as during the TLS handshake, where
validity periods are confirmed. This paradoxical "catch-22" is
resolved by the Pledge maintaining a concept of the current "window"
Pritikin, et al. Expires May 4, 2017 [Page 16]
Internet-Draft BRewSKI October 2016
of presumed time validity that is continually refined throughout the
bootstrapping process as follows:
o Initially the Pledge does not know the current time.
o During Pledge authentiation by the Registrar a realtime clock can
be used by the Registrar. This bullet expands on a closely
related issue regarding Pledge lifetimes. RFC5280 indicates that
long lived Pledge certifiates "SHOULD be assigned the
GeneralizedTime value of 99991231235959Z" [RFC5280] so the
Registrar MUST support such lifetimes and SHOULD support ignoring
Pledge lifetimes if they did not follow the RFC5280
recommendations.
o Once the Audit Voucher is accepted the validity period of the
domainCAcert in the voucher (see Section 5.3) now describes a
valid time window. Any subsequent certificate validity periods
checked during RFC5280 path validation MUST occur within this
window.
o When accepting an enrollment certificate the validity period
within the new certificate is assumed to be valid by the Pledge.
The Pledge is now willing to use this credential for client
authentication.
Once in this state the Pledge has a valid trust anchor with the local
domain and has a locally issued credential. These MAY be used to
secure distribution of more accurate time information although
specification of such a protocol is out-of-scope of this document.
The nonce included in join attempts provides an alternate mechanism
for the Pledge to ensure Audit Voucher responses are associated with
a particular bootstrapping attempt. Nonceless Audit Vouchers from
the MASA server are always valid and thus time is not needed.
Ownership Vouchers include time information and MUST be validated
using a realtime clock.
3.1.6. Enrollment
As the final step of bootstrapping a Registrar helps to issue a
domain specific credential to the Pledge. For simplicity in this
document, a Registrar primarily facilitates issuing a credential by
acting as an RFC5280 Registration Authority for the Domain
Certification Authority.
Pritikin, et al. Expires May 4, 2017 [Page 17]
Internet-Draft BRewSKI October 2016
Enrollment proceeds as described in [RFC7030]. Authentication of the
EST server is done using the Voucher rather than the methods defined
in EST.
Once the Audit or Ownership Voucher is received, as specified in this
document, the client has sufficient information to leverage the
existing communication channel with a Registrar to continue an EST
RFC7030 enrollment. Enrollment picks up at RFC7030 section 4.1.1.
bootstrapping where the Audit Voucher provides the "out-of-band" CA
certificate fingerprint (in this case the full CA certificate) such
that the client can now complete the TLS server authentication. At
this point the client continues with EST enrollment operations
including "CA Certificates Request", "CSR Attributes" and "Client
Certificate Request" or "Server-Side Key Generation".
3.1.7. Being Managed
Functionality to provide generic "configuration" information is
supported. The parsing of this data and any subsequent use of the
data, for example communications with a Network Management System is
out of scope but is expected to occur after bootstrapping enrollment
is complete. This ensures that all communications with management
systems which can divulge local security information (e.g. network
topology or raw key material) is secured using the local credentials
issued during enrollment.
The Pledge uses bootstrapping to join only one domain. Management by
multiple domains is out-of-scope of bootstrapping. After the device
has successfully joined a domain and is being managed it is plausible
that the domain can insert credentials for other domains depending on
the device capabilities.
See Section 3.5.
3.2. Behavior of a Proxy
The role of the Proxy is to facilitate communications. The Proxy
forwards packets between the Pledge and a Registrar that has been
configured on the Proxy. The Proxy does not terminate the TLS
handshake. A Proxy is always assumed even if directly integrated
into a Registrar.
As a result of the Proxy Discovery process in section Section 3.1.1,
the port number exposed by the proxy does not need to be well known,