1 Trusted Transitive Introduction Max Pritikin (Presentation by Cullen Jennings) Revision A

222 Introduction Enrollment protocols already exist CMC, CMP, others All of these depend on undefined Out-of-Band steps “problem” Trusted Transitive Introduction (TTI) is a proposed model for this Out-of-Band exchange

333 What is exchanged out-of-band? The ‘entity label’ for the service consumer Generalized: some configuration information A piece of keying information to be used Raw symmetric key Raw public key Fingerprints of public key A set of permissions for operations for the service consumer Authorization for the impending enrollment (from the charter)

444 Out-of-Band Introduction Petitioner The device joining a secure domain. “client” Registrar The authentication & authorization infrastructure of the secure domain. “server” Post Introduction Secure Communication The introduction via a phone call, , floppy disk, in house provisioning system, smartcard, etc Existing authentication and authorization infrastructure between user/ administrator and Petitioner device Existing authentication and authorization infrastructure between user/ administrator and Registrar device

555 Transitive Trusted Introduction (TTI) Introducer Performs the introduction. “user” Post Introduction Secure Communication Introduction is not a negotiation, order does not matter! Existing authentication and authorization infrastructure between user/ administrator and Petitioner device Existing authentication and authorization infrastructure between user/ administrator and Registrar device Petitioner The device joining a secure domain. “client” Registrar The authentication & authorization infrastructure of the secure domain. “server”

666 EXAMPLE: Joining device to a service Petitioner Registrar Post Introduction Secure Communication 1. Device is purchased. 2. Configuration of device by owner. 3. Device is introduced to a network server. User service provider Introduction Data exchanged: Service Provider Key material collected Configuration information (e.g. enrollment URL) collected Petitioner Introduction Data sent Introduction Data exchanged: Petitioner Key material collected Configuration information collected (e.g. capabilities) Registrar Introduction Data sent Introducer

777 Imprinting New devices IMPRINT on the first infrastructure they meet From a pure model perspective this is entirely true. There is no alternative. Any out-of-band mechanism depends on the admin/user using this imprint for initial configuration anyway

888 Summary— Introduction, Introduction, Introduction Introduction is the hard part of enrollment Introduction can happen in different orders Before any enrollment protocol there is an introduction exchange that takes place. This has been characterized as an "out-of-band" exchange of data and has normally been identified as out-of-scope. It is my argument that it is in scope and can be best solved using the Trusted Transitive Introduction model. This WG should work on an introduction protocol

999 EXTRA SLIDES TO FOLLOW Below is an example of using TTI to introduce a VPN network device to a corporate VPN network. These slides show a Cisco SOHO device instantiation of the TTI model.

10 Browser based TTI of a VPN device Welcome The HTML form(s) displayed by the Petitioner Introduction The HTML form(s) displayed by the Authority Completion The final HTML form(s) displayed by the Petitioner User Interface ‘wizard’ just to show how easy this can be for a user

11 Welcome phase

12 Introduction phase Mfgr Cert Serial Number Enter serial number from the back of the device:

13 Completion phase