Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)

Published byŌΣίμων Παυλόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)"— Presentation transcript:

1 Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)

2 Updates Since IETF 99 Reverted back to the device always sending its IDevID certificate to bootstrap servers, even if it doesn’t trust the bootstrap server, as it’s better for the device to give its identity to a potentially bad bootstrap server than it is for the bootstrap server to give device-specific config to a potentially spoofed device. Moved data-tree to an RPC (get-bootstrapping-data) Added ”untrusted-connection” parameter to the “get-bootstrapping-data” RPC so as to alert the bootstrap server that either signed data (of any type) or unsigned redirect info is needed. Added the "ietf-zerotouch-device" module Fixed 'must' expressions, by converting 'choice' to a 'list' of 'image-verification', each of which now points to a base identity called "hash-algorithm".

3 Bootstrap server's TLS cert
Last Call Comments (1) Redirect Information needs to support returning a partial certificate chain, rather than just the single root certificate, to support deployments using public CAs. Trust Anchor Proposed Fix: +--:(redirect-information) +--ro redirect-information +--ro bootstrap-server* [address] +--ro address inet:host +--ro port? inet:port-number +--ro trust-anchor? binary +--ro trust-anchor? pkcs7 GoDaddy CA Org CA ZTP CA Ideally the pkcs7 type is defined in a module like ietf-crypto-types (discussed more in the Keystore presentation) Bootstrap server's TLS cert Sent by bootstrap server

4 Last Call Comments (2) The DHCP Option text specifying the allowable URI contents and error handling for the DHCP4&6 options can be improved. Proposal: remove a MUST in the URI description so that there is no implication of a server-side processing requirement add language for how clients handle errors when processing a list of URIs. Full proposal sent to list.

5 Any final questions, comments, or concerns?
Final Stretch All Last Call comments have been addressed on list. It seems that a simple draft-update is all that is needed now before being forwarded to IESG (even if referencing an ietf-crypto-types module). Any final questions, comments, or concerns?

Download ppt "Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)"

Similar presentations

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.

Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-02 NETCONF WG IETF #92 Dallas, TX, USA.
NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.

NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!

Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!
NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
ONF Configuration and Management WG Jürgen Quittek

ONF Configuration and Management WG Jürgen Quittek
draft-kwatsen-netconf-zerotouch-01

draft-kwatsen-netconf-zerotouch-01
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introducing CoMI Aligned with RestCONF (draft-ietf-netconf-restconf-04) Common data modeling language (YANG defined in RFC 6020) Protocol (CoAP instead.

Introducing CoMI Aligned with RestCONF (draft-ietf-netconf-restconf-04) Common data modeling language (YANG defined in RFC 6020) Protocol (CoAP instead.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
draft-ietf-netconf-zerotouch

draft-ietf-netconf-zerotouch

Similar presentations

Ads by Google