Trusted Transitive Introduction

1. Trusted Transitive Introduction Max Pritikin pritikin@cisco.com (Presentation by Cullen Jennings) fluffy@cisco.com Revision A

2. Introduction • Enrollment protocols already exist • CMC, CMP, others • All of these depend on undefined Out-of-Band steps • “problem” • Trusted Transitive Introduction (TTI) is a proposed model for this Out-of-Band exchange

3. What is exchanged out-of-band? (from the charter) • The ‘entity label’ for the service consumer • Generalized: some configuration information • A piece of keying information to be used • Raw symmetric key • Raw public key • Fingerprints of public key • A set of permissions for operations for the service consumer • Authorization for the impending enrollment

4. Post Introduction Secure Communication Out-of-Band Introduction The introduction via a phone call, email, floppy disk, in house provisioning system, smartcard, etc Existing authentication and authorization infrastructure between user/ administrator and Registrar device Existing authentication and authorization infrastructure between user/ administrator and Petitioner device Petitioner The device joining a secure domain. “client” Registrar The authentication & authorization infrastructure of the secure domain. “server”

5. Post Introduction Secure Communication Transitive Trusted Introduction (TTI) Introducer Performs the introduction. “user” Existing authentication and authorization infrastructure between user/ administrator and Petitioner device Existing authentication and authorization infrastructure between user/ administrator and Registrar device Petitioner The device joining a secure domain. “client” Registrar The authentication & authorization infrastructure of the secure domain. “server” Introduction is not a negotiation, order does not matter!

6. EXAMPLE: Joining device to a service 1. Device is purchased. 2. Configuration of device by owner. 3. Device is introduced to a network server. User Introduction Data exchanged: Petitioner Key material collected Configuration information collected (e.g. capabilities) Registrar Introduction Data sent Introduction Data exchanged: Service Provider Key material collected Configuration information (e.g. enrollment URL) collected Petitioner Introduction Data sent Introducer service provider Post Introduction Secure Communication Registrar Petitioner

7. Imprinting • New devices IMPRINT on the first infrastructure they meet • From a pure model perspective this is entirely true. There is no alternative. • Any out-of-band mechanism depends on the admin/user using this imprint for initial configuration anyway

8. Summary—Introduction, Introduction, Introduction • Introduction is the hard part of enrollment • Introduction can happen in different orders • Before any enrollment protocol there is an introduction exchange that takes place. • This has been characterized as an "out-of-band" exchange of data and has normally been identified as out-of-scope. • It is my argument that it is in scope and can be best solved using the Trusted Transitive Introduction model. • This WG should work on an introduction protocol

9. EXTRA SLIDES TO FOLLOW • Below is an example of using TTI to introduce a VPN network device to a corporate VPN network. • These slides show a Cisco SOHO device instantiation of the TTI model.

10. Browser based TTI of a VPN device User Interface ‘wizard’ just to show how easy this can be for a user • Welcome • The HTML form(s) displayed by the Petitioner • Introduction • The HTML form(s) displayed by the Authority • Completion • The final HTML form(s) displayed by the Petitioner

11. Welcome phase

12. Optional Mfgr Cert Serial Number Enter serial number from the back of the device: Introduction phase

13. Completion phase