Discovery for BRSKI variations

Specification

Abstracted BRSKI discovery and selection In the abstract model of discovery used by this document and intended to apply to all described discovery mechanisms, an entity operating as an initiator of a transport connection for a particular BRSKI protocol role, such as a pledge, discovers one or more responder sockets (IP/IPv6-address, responder-port, IP-protocol) of entities acting as responders for the peer BRSKI role, such as registrar. The initiator uses some discovery mechanism such as , or . In the the initiator looks for a particular combination of a Service Name and an IP-protocol, and in return learns about responder sockets from one or more responders that use this IP-protocol and serve the requested Service Name type service across it. It also learns the BRSKI variation(s) supported on the socket. Service Name is the name of the protocol element used in , unless explicitly specified, it is used as a placeholder for the equivalent protocol elements in other discovery mechanisms. In , it is called objective-name, in it is called Resource Type. Upon discovery of the available sockets, the initiator selects one, whose supported variation(s) best match the expectations of the initiator, including performance, security or other preferences. Selection may also include attempting to establish a connection to the responder socket, and upon connection failure to attempt connecting to the next best responder socket. This is for example necessary when discovery information may not be updated in real-time, and the best responder has gone offline.

Variation Contexts A Variation Context is a set of (Discover Mechanism, Service Names, IP-protocols) across which this document and the registry of variations defines a common set of variations. The initial registry defined in this document defines two variation contexts.

BRSKI context:: context for discovery of BRSKI registrar and proxy variations by proxies, pledges or agents (as defined in ) via the Service Names defined for and via TCP and hence (by default) TLS (version 1.2 or higher according to ).
cBRSKI context (constrained BRSKI):: context for discovery of BRSKI registrar and proxy variations by proxies, pledges via the Service Names defined for , and via UDP, and hence (by default) secure COAP.

Note that the Service Names for cBRSKI include the same Service Names as for the BRSKI context, hence enabling the use of with cBRSKI. This document does not define variations for different end-to-end encryption mechanisms, so only the "(by default)" options exist at the time of writing this document. However, the mechanisms described here can also be used to introduce backward incompatible new secure transport options. For example when responders start to support only TLS 1.3 or higher in the presence of TLS 1.2 only initiators, then new variations can be added, such that those initiators will not select those responders. This document does not introduce variation contexts for discovery of other BRSKI roles, such as discovery of pledges by agents (as defined in ), or discovery of MASA by registrars. However, the registry introduced by this document is defined such that it can be extended by such additional contexts through future documents.

Variation Types and Choices A Variation Type is a variation in one aspect of the BRSKI connection between initiator and responder that ideally orthogonal from variations in other aspects of the BRSKI connection. A Variation Type Choice is one alternative (aka: value) for its Variation Type. This document, and the initial registry documenting the variation types introduces three variation types as follows:

mode:: A variation in the basic sequence of URI endpoints communicated. This document introduces the choices of "rrm" to indicate the endpoints and sequence as defined in and "prm" to indicate the endpoints and sequence as defined in . Note that registrars also act as responders in "prm". "rrm" was chosen because the more logical "pim" (pledge initiator mode) term was feared to cause confusion with other technologies that use that term.
vformat (voucher format):: A variation in the encoding format of the voucher communicated between registrar and pledge. This document introduces the choices "cms" as defined in , "cose" as defined in and "jose" as defined in .
enroll:: A variation in the URI endpoints used for enrollment of the pledge with keying material (trust anchors and certificate (chain)). This document introduces the following :choices "est" as introduced by to indicate the protocol, which is default "cmp" to indicate the CMP protocol according to the Lightweight CMP profile (). The respective adaptations to BRSKI have been introduced by . "scep" to indicate . This is only a reservation, because no specification for the use of with BRSKI exists.

Variations A Variation is the combination of one Choice each for every Variation Type applicable to the Variation Context. In other words, a variation is a possible instance of BRSKI if supported by initiator and responder. In , the default variation is "registrar responder mode" (rrm) and use of the "cms voucher format" (cms).

BRSKI Variations Discovery Registry The IANA "BRSKI Variations Registry" as specified by this document, see specifies the defined parameters for discovery of BRSKI variations.

BRSKI Variation Contexts table This table, , defines the BRSKI Variations Contexts. The "Applicable Variation Types" lists the Variation Types from whose choices a Variation for this context is formed. The "Service Name(s)" column lists the discovery mechanisms and their Service Name(s) that constitute the context.

BRSKI Variation Type Choices table This table, , defines the Variations Type Choices. The "Context" column lists the BRSKI Variation Context(s) to which this line applies. If it is empty, then the same Context(s) apply as that of the last prior line with a non-empty Context column. The "Variation Type" column lists the BRSKI Variation Type to which this line applies. If it is empty, then the same Variation Type applies as that of the last prior line with a non-empty Variation Type column. Variation Types MUST the listed in the order in which the Variation Types are listed in the Applicable Variation Types column of the BRSKI Variation Contexts table. The "Variation Type Choice" column defines a Variation Type Choice term within the Context(s) of the line. To allow the most flexible encodings of variations, all Variation Types and Variation Type Choices MUST be unique strings (across all Variation Types). This allows to encode Variation Type Choices in a discovery mechanism without indicating their Variation Type. Variation Types and Variation Type Choices and MUST be strings from lowercase letters a-z and digits 0-9 and MUST start with a letter. The maximum length of a Variation Type Choice is 12 characters. The "Reference" column specifies the documents which describe the Variation Type Choice. Relevant specification includes those that only specify the semantics without referring to the aspects of discovery and/or those that specify only the Discovery aspects. Current RFCs for BRSKI variations preceding this RFC typically only specify the semantics, and this document adds the discovery aspects. The "Dflt" Flag specifies a Variation Type Choice that is assumed to be the default Choice for the Context, such as "rrm" for the BRSKI context. Such a Variation Type Choice is to be assumed to be supported in discovery if discovery is performed without indication of any or an empty signaling element to carry the Variation or Variation Choices. For example, specifies the empty string "" as the objective-value in discovery. Because "rrm", "est" and "cms" are default in the BRSKI context, this Discovery signaling indicates the support for those Variation Type Choices. The "Dflt" Flag specifies a Variation Type Choice that is only default in a subset of Discovery options in a context. The Note(s) column has then to explain which subset this is. Like for "Dflt", the signaling in this subset of Discovery options can then forego indication of the "Dflt" Variation Type Choice. The "Rsvd" Flag specifies a Variation Type Choice for which no complete specification exist on how to use it within BRSKI (or more specifically the context), but which is known to be of potential interest. "Rsvd" Variation Type Choices MUST NOT be considered for the Discoverable Variations table. They are documented primarily to reserve the Variation Type Choice term. The Note(s) section expands the Variation Type Choice terms and provides additional beneficial specification references beyond the "Reference" column.

BRSKI Discoverable Variations table This table enumerates the Discoverable Variations and categorizes them. The "Context" column lists the BRSKI Variation Context(s) to which this line applies. If it is empty, then the same Context(s) apply as that of the last prior line with a non-empty Context column. The "Spec / Applicability" lists the document(s) that specify the variation, if the variation is explicitly described. If the variation is not described explicitly, but rather a combination of Variation Type Choices from more than one BRSKI related specification, then this column will indicate "-" if by expert opinion it is assumed that this variation should work, or "NA", if by expert opinion, this variation could not work. The "Explanations" column includes references to the relevant documents and as necessary additional explanation. The "Variation" column lists the Variation Type Choices that form the Variation. The Variation Type Choices MUST be listed in the order in which the Variation Types are listed in the Applicable Variation Types column of the BRSKI Variation Contexts table. The "Variation String" column has the string term used to indicate the variation when using the simple encoding of BRSKI Variation Discovery for GRASP as described in . It is formed by concatenating the Choices term from the Variation column with the "-" character, excluding those Choices terms (and "-" concatenator) which are Default for the Context. If this procedure ends up with the empty string, then this is indicated as "" in the column. The "Explanations" column explains the "Spec / Applicability" status of the Variation.

Extending or modifying the registry Unless otherwise specified below, extension or changes to the registry require standards action. Additional Variation Type Choices and Variation Context discovery mechanism Service Names including additional discovery mechanisms require (only) specification and expert review if they refer to non standard action protocols and/or protocol variation aspects. For example, a specification how to use with BRSKI would fall under this clause as it is an informational RFC. Non standards action Variation Type Choices can not be Default(Dflt). They can only be Dflt* for non standards action (sub)Contexts. Reservation of additional Variation Type Choices requires (only) expert review. Additional Contexts MUST be added at the end of the BRSKI Variation Contexts table. Additional Variation Types MUST be added at the end of the Applicable Variation Types column of the BRSKI Variation Contexts table and at the end of existing lines for the Context in the BRSKI Variation Type Choices. Additional Variation Types MUST be introduced with a Default (Dflt) Variation Type Choice. These rules ensures that the rule to create the Variation String for GRASP (and as desired by other discovery mechanism), and it also enables to add new Variation Type and Choices without changing pre-existing Variation Strings: Any Variations String implicitly include the Default Choice for any future Variation Types. When a new Variation Type is added, their Default Choice SHOULD be added to the Variation Column of existing applicable lines in the BRSKI Discoverable Variations table. Variations that include new non-Default Variation Type Choices SHOULD be added at the end of the existing lines for the Context.

BRSKI Join Proxies support for Variations

Permissible Variations Variations according to the terminology of this document are those that do not require changes to BRSKI join proxy operations, but that can transparently pass across existing join proxies without changes to them - as long as they support the rules outlined in this document. Different choices for e.g.: pledge to registrar encryption mechanisms, voucher format (vformat), use of different URI endpoints or enrollment protocol endpoints (mode) are all transparent to join proxies, and hence join proxies can not only support existing, well-defined Choices of these Variation Types, but without changes to the proxies also future ones - and only those are permitted to become Variation Type Choices. Changes to the BRSKI mechanism that do require additional changes to join proxies are not considered Variations according to this document and MUST NOT use the same discovery protocol signaling elements as those defined for variations by this document. Instead, they SHOULD use different combinations of Service Name and Protocol (e.g.: TCP vs. UDP). For example, the stateless join proxy mode defined by is such a mechanism that requires explicit join proxy support. Therefore, registrars sockets that support circuit proxy mode use the GRASP objective "AN_join_registrar", and registrar sockets that support stateless join proxy mode use the GRASP objective "AN_join_registrar_rjp". This enables join proxies to select the registrar and socket according to what the join proxy supports and prefers. By not using the same signaling element(s) for variations, join proxies can support discovery of all variations independent of their support for stateless join proxy operations.

Join Proxy support for Variations Join proxies supporting the mechanisms of this document MUST signal for each socket they announce to initiators via a discovery mechanism the Variation(s) supported on the socket. These Variation(s) MUST all be supported by the registrar that the join proxy then uses for the connection from the initiator (e.g.: pledge). Pledges SHOULD announce sockets to initiators so that all Variations that are supported by registrars that the join proxy can interoperate with are also available to the initiators connecting to the join proxy. To meet these requirements, join proxies can employ different implementation option. In the most simple one, a join proxy allocates a separate responder socket for every Variation for which it discovers one or more registrars supporting this Variation. It then announces that socket with only that one Variation in the discovery mechanism, even if the Registrar(s) are all announcing their socket with multiple Variations. When the join proxy operates in circuit mode, it can then select one of the registrars supporting the variation for every new initiator connection based on policies as specified by BRSKI specifications and/or discovery parameters, such as priority and weight when is used, and redundant registrars include those parameters. TBD: insert example of received Registrar announcement and created proxy announcement ?? Join proxies MAY reduce the number of sockets announced to initiators by using a single socket for all Variations for which they have the same set of registrar sockets supporting those Variations. This primarily helps to reduce the size of the discovery messages to initiators and can save socket resources on the join proxy. Join proxies MAY create multiple sockets in support of other discovery options, even for the same Variation(s). For example, if is used by two registrars, both announcing the same priority but different weights, then the join proxy may create a separate socket for each of these registrars - and their variations, so that the join proxy can equally announce the same priority and weight for both sockets to initiators. This allows to maintain the desired weights of use of registrars, even when the join proxy operates in stateless mode, in which it can not select a separate registrar for every client initiating a connection.

Co-location of Proxy and Registrar In networks using and , registrars must have a co-located proxy, because pledges can only use single-hop discovery (DULL-GRASP) and will only discover proxies, but not registrar. Such a co-located proxy does not constitute additional processing/code on a registrar supporting circuit mode, it simply implies that the registrars BRSKI services(s) are announced with a proxy Service Name, to support pledges, and the registrar service name, to support join proxies. To ease consistency of deployment models in the face of different discovery mechanisms, Variations and non-Variation enhancements to BRSKI, it is RECOMMENDED that all future options to BRSKI do always have a Service Name for proxies and a separate Service Name in support of pledge or other initiators. Pledges and other initiators SHOULD always only look for the proxy Service Name, and only Proxies should look for a registrar Service Name. Registrars therefore SHOULD always include the proxy functionality according to the prior paragraph. This only involves additional code on the registrar beyond the service announcement in case the Registrar would otherwise not implement circuit mode.

BRSKI Pledges support for Variations

BRSKI-PLEDGE context BRSKI-PLEDGE is the context for discovery of pledges by nodes such as registrar-agents. Pledges supporting MUST support it. It may also be used by other variations of BRSKI when supported by pledges. Pledges supporting BRSKI-PLEDGE MUST support DNS-SD for discovery via mDNS, using link-local scope. For DNS-SD discovery beyond link-local scope, pledges SHOULD support DNS-SD via . TBD: Is there sufficient auto-configuration support in , that pledges without any configuration can use it, and if so, do we need to raise specific additional requirements to enable this in pledges ? These DNS-SD requirements are defaults. Specifications for specific deployment contexts such as specific type of radio network solutions may need to specify their own requirements overriding or amending these requirements. Pledges MUST support to be discoverable via their service instance name. They MAY be discoverable via DNS-SD browsing, so that registrar-agents can find even unexpected pledges through DNS-SD browsing. Support for browsing is required to discover over the network pledges supporting only , but not if they have no known serial-number information from which their service instance name can be constructed, so it is a crucial feature for robust enrollment. See for more details about discovery and BRSKI-PLEDGE. When pledges are discoverable vis DNS-SD browsing, they MUST expect that a large number of pledges exist in the network at the same time, such as in the order of 100 or more, and schedule their responses according to the procedures in and to avoid simultaneous reply from all pledges. TBD: What is the best section in mDNS/DNS-SD to point to for this timed reply to scale ? Browsing via DNS-SD for a pledge is circumvented by the pledge not announcing its PTR RR for "brski-registrar". Technically, the remaining RR may not constitute full DNS-SD service, but they do provide the required discovery for the known service instance name of the pledge. counter measures such as limiting the number and rate of PRM connects that they accept, ideally on a per-initiator basis (assuming that DDoS attacks are more harder to mount than single attacker DoS attacks).

Service Instance Name The service instance name chosen by a BRSKI pledge MUST be composed from information which is Easily known by BRSKI operations, such as the operational personnel or software automation, specifically sales integration, Available to the pledges BRSKI software itself, for example by being encoded in some attribute of the IDevID. Typically, a customer will know the serial number of a product from sales information, or even from bar-code/QR-codes on the product itself. If this serial number is used as the service instance name to discover a pledge from a registrar-agent, then this may lead to possible duplicate replies from two or more pledges having the same serial number, such as in the following cases: A manufacturer has different product lines and re-uses serial-numbers across them. Two different manufacturer re-use the same serial-numbers. If pledges enable browsing of their service instance name, they MAY support specified procedures to create unique service instance names when they discover such clashes, by appending a space and serial number, starting with 2 to the service instance name: "<service-instance-name> (2)", as described in Appendix D. Nevertheless, this approach to resolving conflicts is not desirable: If browsing of DNS-SD service instance name is not supported, registrar-agents would have to always (and mostly wrongly) guess that there is a clash and (mostly unnecessarily) search for "<service-instance-name> (2)". If a clash exists between pledges from the same manufacturer, and even if the registrar-agent then attempts to start enrolling all pledges with the same clashing service instance name, it may not have enough information to determine which the correct pledge is. This would happen especially if the IDevID from both devices (of different product type), had the same serial number, and the CA of both was the same (because they come from the same manufacturer). Even if some other IDevID field was used to distinguish their device model, the registrar-agent would not be able to determine that difference without additional vendor specific programming. In result: Vendors MUST document a scheme how their pledges form a service instance name from information available to the customer of the pledge. These service instance names MUST be unique across all IDevID of the manufacturer that share the same CA. The following mechanisms are recommended: Pledges SHOULD encode manufacturer unique product instance information in their subject name serialNumber. calls this the X520SerialNumber. Pledges SHOULD make this serialNumber information consistent with easily accessible product instance information when in physical possession of the pledge, such as product type code and serial number on bar-code/QR-code to enable discovery without additional backend sales integration. Note that discovery alone does not allow for enrollment! Pledges SHOULD construct their service instance name by concatenating their X520SerialNumber with a domain name prefix that is used by the manufacturer and thus allows to disambiguate devices from different manufacturer using the same serialNumber scheme, and hence the likelihood of service instance name clashes.

\\ SN:\.example.com Pledge IDevID certificate information: ; Format as shown by e.g.: openssh Subject: serialNumber = "PID:Model-0815 SN:WLDPC2117A99", O = Example, CN = Model-0815 DNS-SD RR for the pledge: ; PTR RR to support browsing / discovery of service instance name _brski-pledge._tcp.local IN PTR PID:Model-0815\\ SN:WLDPC2117A99\\.example\\.com._brski-pledge._tcp.local ; SRC and TXT RR for the service instance name PID:Model-0815\\ SN:WLDPC2117A99\\.example\\.com._brski-pledge._tcp.local IN SRV 1 1 PID:Model-0815\\ SN:WLDPC2117A99\\.example\\.com.local PID:Model-0815\\ SN:WLDPC2117A99\\.example\\.com._brski-pledge._tcp.local IN TXT "" ; AAAA address resolution for the target host name PID:Model-0815\\ SN:WLDPC2117A99\\.example\\.com.local IN AAAA fda3:79a6:f6ee:0000::0200:0000:6400:00a1 ]]> In , the manufacturer "example" identifies device instances through a product identifier <PID> and a serial number <SN>. Both are printed on labels on the product/packaging and/or communicated during purchase of the product. The service instance name of pledges from this manufacturer are using the string "PID:<PID> SN:<SN>.example.com". "example.com" is assumed to be a domain owned by this manufacturer. <PID> and <SN> are replaced by the actual strings. The IDevID encodes the service instance name without the domain ending (".example.com") in the X520SerialNumber field. Other fields of the IDevID are not used. The resulting DNS-SD RRs that the pledge announces are shown in the example. " " and "." characters are escaped as recommended by . In this example, the same string as constructed for the service instance name is also used as the target host name. This is of course not necessary, but unless the pledge already obtains a host name through other DNS means, re-using the same name allows to avoid coming up with a second method to construct a unique name.

Variation signaling and encoding rules for different discovery mechanisms

DNS-SD

Signaling The following definitions apply to any instantiation of DNS-SD including DNS-SD via mDNS as defined in , but also via unicast DNS, for example by registering the necessary DNS-SD Resource Records (RR) via (SRP). The requirements in this document do not guarantee interoperability when using DNS-SD, instead, they need to be amended with deployment specific specifications / requirements as to which signaling variation, such as mDNS or unicast DNS with SRP is to be supported between initiator and responder. When using unicast DNS (with SRP), additional mechanisms are required to learn the IP / IPv6 address(es) of feasible DNS and SRP servers, and deployment may also need agreements for the (default) domain they want to use in unicast DNS. Hence, a mandatory to implement (MTI) profile is not feasible because of the wide range of variations to deploy DNS-SD. TBD: We could say that mDNS MUST be supported, unless the network context defines an interoperable mode to support DNS-SD without mDNS ???

Encoding Variation Type Choices defined in the IANA registry are encoded as Keys with a value of 1 in the DNS-SD service instances TXT RR. This is possible because all Variation Type Choices are required to be unique across all Variation Types. It also allows to shorten the encoding from "key=1" to just "key" for every Variation Type Choice, so that the TXT-DATA encoding can be more compact. If the TXT Record does not contain a Variation Type Choice for a particular applicable Variation Type, then this indicates support for the Default Choice of this Variation Type in the context of the DNS-SD Service Name. For example, if the TXT Record is "jose", then this indicates support for "rrm" and "est", if the Service Name is brski-registrar or brski-proxy and the protocol is TCP (BRSKI Context), but also when the protocol is UDP (cBRSKI context), because "rrm" and "est" are defaults in both contexts. If multiple Variation Type Choices for the same Variation Type are indicated, then this implies that either of these Variation Type Choices is supported in conjunction with any of the other Variation Type Choices in the same TXT Record. For example, if the TXT Record is "prm" "rrm" "cms" "jose", then this implies support for rrm-cms-est, rrm-jose-est, prm-cms-est and prm-jose-est. This example also shows that if the default Variation Type Choice, such as "rrm" and another Choice of the same Variation Type ("prm") are to be indicated as supported, then both need to be included in the TXT Record. In , a responder does not only indicate a Service Name, but also its Service Instance Name, which needs to be unique across the domain to support initiators selecting a responder. This specification makes no recommendation for choosing the Instance portion of that name. Usually it is the same, or derived from some form of pre-existing system name. Registrars SHOULD support support their configuration without specifying a name to use in the Service Instance Name to minimize the amount of configuration required. Registrars SHOULD support the configuration of such a name. If the responder needs to indicate different sockets for different (set of) Variations, for example, when operating as a proxy, according to , then it needs to signal for each socket a separate Service Instance Name with the appropriate port information in its SRV Record and the supported Variations for that socket in the TXT Record of that Service Instance Name. In this case, it is RECOMMENDED that the Instance Name includes the Variation it supports, such as in the format specified in and used in the Variation String column of the table.

In the above example , a registrar supports BRSKI with "rrm" and "prm" modes across the same TCP socket, port 4555. It uses "cms" voucher format and "est" enrollment, which are not included in the TXT strings because both are default for _brski-registrar._tcp. The registrar also offers cBRSKI with "rrm" mode, "cose" voucher and "est" enrollment on UDP port 5684, the COAP over DTLS default port. The TXT RR for this has only an empty string because "rrm", "cose" and "est" are default for cBRSKI. As the instance name, the registrar uses in this example the MAC address "0200:0000:7400", which is MAC address of the interface on which the registrar has the IPv6 address "fda3:79a6:f6ee:0000::0200:0000:6400:0001". The registrar should know that this MAC address is globally unique (assigned by IEEE). Else it should instead use its IPv6 address as the Instance Name. For example, if the registrar is just a software application not knowing the specifics of the hardware it is running on, the MAC address MUST NOT be used. If only mDNS is used (as in this example), then the IPv6 link-local address would also suffice as the Instance Name. In this example, a single Instance Name suffices, because BRSKI and cBRSKI are two separate service contexts: they are distinguished by different protocols: TCP vs. UDP.

In the second example , a registrar needs to use two different Instance Names, because both share the same service context: BRSKI - TCP with service name brski-registrar. In this example, the registrar offers "rrm" mode with "cms" voucher and "est" enrollment. It also offers "prm" mode with "cms" voucher, but (only) with "cmp" enrollment protocol. Because the registrar does not offer "rrm" with "cmp", or "prm" with "est", it is not possible to coalesce all variations under one Instance Name, so instead, two Instance Names have to be created, and with them the necessary (duplicate) RR. Note that the "-rrm" and "-prm" in the Instance Names are only explanatory and could be any mutually unique strings - as is true for the whole Instance Name. Note too, that because both Instances share the same port number 4555 (and hence TCP socket), they both have to be provided by the same BRSKI application. If two separate applications where to be started on the dame host, one for "rrm", the other for "prm", then they would have separate sockets and hence port numbers.

GRASP

Signaling This document does not specify a mandatory to implement set of signaling options to guarantee interoperability of discovery between initiator and responders when using GRASP. Like for the other discovery mechanisms, these requirements will have to come from other specifications that outline what in is called the "security and transport substrate" to be used for GRASP. specifies one such "security and transport substrate", which is zero-touch deployable. It is mandatory to support for initiators and responders implementing the so-called "Autonomic Network Infrastructure" (ANI). DULL GRASP is used for link-local discovery of proxies, and the ACP is used to automatically and securely build the connectivity for multi-hop discovery of registrars by proxies.

Encoding To announce protocol variations with , the supported Variation is indicated in the objective-value field of the GRASP objective, using the method of forming the Variation string term in , and listed in the Variation String column of the table. If more than one Variation is supported, then multiple objectives have to be announced, each with a different objective-value, but the same location information if the different Variations are supported across the same socket. Different sockets require different objective structures in GRASP anyhow. Compared to DNS-SD, the choice of encoding for GRASP optimizes for minimum parsing effort, whereas the DNS-SD encoding is optimized for most compact encoding given the limit for DNS-SD TXT records.

is an example for a GRASP service announcement for "AN_Proxy" in support of BRSKI with both "rrm" and "prm" supported on the same socket (TCP port number) and for cBRSKI with COAP over DTLS. Note that one or more complete service instances (in the example 3) can be contained within a single GRASP message without the need for any equivalent to the Service Instance Name of the DNS-SD PTR RR or the Target name of the DNS-SD SRV RR. DNS-SD requires them because its encoding is decomposed into different RR, but it also intentionally introduces the Service Instance Name as an element for human interaction with selection (browsing and/or diagnostics of selection), something that the current GRASP objective-value encoding does not support. Because this GRASP encoding does not support service instance name, examples such as

In , A separate application process supports "prm" and hence uses a separate socket, with example TCP port 44000. In this case, there is no need nor significant benefit to merge all service instance announcements into a single GRASP message. Instead, the BRSKI-"rrm"/cBRSKI process would be able to generate and send its own, first, message shown in the example, and the second process would send its own, second message in the example. For a more extensive, DNS-SD compatible encoding of the objective-value that also support Service Instance Names, see .

CORE-LF "Web Linking", defines a format, originally for use with HTTP headers, to link an HTTP document against other URIs. Web linking is not a standalone method for discovery of services for use with HTTP. Based on Web Linking, "Constrained RESTful Environments (CoRE) Link Format", introduces a stand alone method to discover services instances, which are called resources in CORE-LF; primarily for use with but equally for use with, for use with HTTP or any other suitable web transfer protocols. In CORE-LF, an initiator may use (link-local) IPv6 multicast UDP packet to the COAP port (5683) to discover a a possible responder for a specifically requested resource. The responder will reply with unicast UDP. If the IPv6 address of a responder has been configured or is otherwise known to the initiator, it may equally query the parameters of the desired resource via unicast to the default COAP UDP or TCP port (5683). A service such as BRSKI registrar, join proxy or pledge can be considered to be a resource, but it can equally be broken down into a set of component resources resources, in which case the group can be requested. As mentioned above, CORE-LF can equally be used to request and discover resources not using COAP, but any other suitable protocol. defines a "Resource Directory" mechanism for CORE-LF which is abbreviated CORE-RD. Initiators can learn the IPv6 address protocol (TCP or UDP) and port numberaof a CORE-RD server by some other mechanism (such as DNS-SD) and then use a unicast UDP or TCP COAP connection to the CORE-RD server to discover CORE-LF resources available on other systems. Resource providers can likewise register their resources with the resource directory server using CORE-RD registration procedures. In summaery, CORE-LF including CORE-RD is a mechanism for registration and discovery of resources and hence services which may be preferred in deployments over other options and can equally be applicable to register/discover any variation of BRSKI for any type of BRSKI service.

Signaling

Existing definitions specifies the use of CORE-LF as a reference methods for pledges to discover registrars - in the absence of any proxies, to allow deployments of scenarios where no proxies are needed - and hence also where . is not needed. Because BRSKI is designed so that pledges can be agnostic of whether they connect to a registrar directly or via a proxy, the resource/service that the pledge needs to discover is nevertheless called "(brski) join proxy (for pleges)", and encoded in CORE-LF as the value "brski.jp" for the resource type attribute ("rt=resource-type") according to . The following picture, shows the encoding and an example of this discovery. "ff02::fd" is the link-local scope address for "All Coap Nodes" in IPv6, as introduced in , which also defines IPv6 and site-scoped address options.

; rt="brski.jp" Example: REQ: GET coap://[ff02::fd]/.well-known/core?rt=brski.jp RES: 2.05 Content ;rt=brski.jp ]]> introduces the operations of a CoAP based join proxy both as a connection based proxy as in (only using UDP connections for COAPs instead of TCP for TLS as in ), but also as a new, stateless join proxy - to eliminate the need for potentially highly constrained join proxy nodes to keep connection state and avoid the complexity of protecting that state against attacks. The new resource type "brski.rjp" is defined to support stateless join proxies to discover registrars and their UDP port number that support the stateless, so-called JPY protocol. The following picture, shows the encoding and an example of this discovery. introduces the new scheme "coaps+jpy" for the packet header used by the stateless JPY" protocol. The request in the template is assumed to be based on unicast, relying on another method to discover the IP address of the registrar first. It could equally use COAP site-scoped IP multicast, but in general, the assumeption is that registrar will not necessarily be link-local connected to proxies (this may be different in specific deployments). Even though the registrar IP address is hence known, the reply still needs to include this address again because in the link format, and , Section 3.2, the authority attribute can not include a port number unless it also includes the IP address.

;rt=brski.rjp Example: REQ: GET /.well-known/core?rt=brski.rjp RES: 2.05 Content ;rt=brski.rjp ]]>

New variation discovery This document expands the above summarized existing CORE-LF definitions from and as follows. Discovery of stateful sockets on a registrar uses the resource type "brski.rjps" (for "registrar (for) join proxies stateful)" - instead of "brski.rjp" for the previosly defined stateless connection mode. The following picture show template and example of this discovery option. In Example 1, the registrar is running on a separate port 7634 from the COREs UDP port, so this response needs to also include the IP address of the responding registrar (as explained above). In Example 2, the registar functions are provided via the default (potentially shared) COAPS port, so this is not necessary. In both cases, the response include a shorter URL part "/b/s" which allows that the service can be used via that shorter prefix than the default "/.well-known/brksi", hence shortening the required COAPS packet sizes.

;rt=brski.rjps Example 1: REQ: GET /.well-known/core?rt=brski.rjp RES: 2.05 Content ;rt=brski.rjps Example 2: REQ: GET /.well-known/core?rt=brski.rjp RES: 2.05 Content ;rt=brski.rjps ]]> TBD: Question: can we really reply without coaps given how we always want coaps - aka: the query itself may not have been coaps ?? This is question for constrained proxy/voucher - can we rightfully (according to IETF specs) make the expection that even though the resource discovery is done insecure, that it is understood that the actual resource consumption has to use coaps ???? - question for COAP experts. Explanations: The discovery and distinction between a stateless and stateful registrar socket is orthogonal to the concept of a variation of BRSKI as defined in this document. Therefore, the distinction between a stateless and stateless socket on a registrar is provided solely via the CORE-LF resource-type, "brski.rjp" (stateless) and "brski.r" (stateful). In other words, the "rt" attribute in CORE-LF serves as the abstract "Service Name" in this document. If discover of stateless join proxies was required with other discovery mechanisms such as GRASP or DNS-SD, then new "Service Name" equivalents in those discovery mechanisms would need to be defined. For the purpose of this document, it is assumed that stateless proxy operations is well enough supported with CORE-LF. To indicate variations other than the default combination implied by and , this document specifies the new "bv" (brski variation) attribute for CORE-LF records, which is specified relative only to "rt=brski.*" resource targets. The value to the "bv=" attribute is a flattened string of the non-default Variation Type Choices as specified for GRASP, so that CORE-LF does not introduce another registry table to maintain. The only difference is that the absence of the "bv=" attribute is equivalent to the actual defaults established by and , namely "rrm" (registrar response-mode) with "cose" (CBOR with COSE signed voucher) and "est" - enrollment via the 'fitting' variation of EST, in the case of using COAPS it is , e.g.: EST over COAPS. Including or excluding "bv=" (empty value) is hence equivalent to "bs=cose", aka: the default variation over COAPS. When a variation implies use of HTTPS (or in the future any other transport other than COAPS), then the schema, and hence IP-address needs to be included in the CORE-LF response. Likewise, even if the protocol schema is coaps, then the IP address needs to be included if the resource is not served on the standard COAPS UDP port. [ Q: How does the schema indicate UDP versus TCP for COAPS ??? ] The following shows the schema and an example for various BRSKI registar variations, discovered via CORE-LF. "rt=brski-rjp" withough any any "bv" attribute indicates the default combination of "rrm", "cose" and "est" (EST via COAPS) as in . Likewise, "rt=brski.rjps" without any "bv" attribute indicate the default combination of "rrm", "cose" and "est" (EST via COAPS), as introduced above. "rt=brski.rjps;bv=" indicates withe HTTPS, "rrm", "cmp", and "est". It is not possible currently to specify this with "rt=brski.rjp", because there is no HTTPS equivalent to the UDP based transport required for "brski.rjp". "rt=brski.rjp;bv=cose-cmp" and "rt=brski.rjps;bv==cose-cmp" indicate the combination of the constrained defaults of "rrm" and "cose", but combined with "cmp" enrollment protocol instead of "est". [Q: Is this a potential option ? If so, would it require any similar definition like EST-COAP ??? ] Note how in the example, different port numbers are used (7633 vs. 7634) to separate different transpot protocol options, but different URL prefixes ("b2", vs. "b2", vs. "b3") to separate different set of endpoints. The later may not be necessary but may be helpfull.

;rt=brski.rjp*(;brv=brski-variation-string) Example: REQ: GET /.well-known/core?rt=brski.rj* RES: 2.05 Content ;rt=brski.rjp, ;rt=brski.rjp;bv=cose-cmp, ;rt=brski.rjps, ;rt=brski.rjps;bv=, ;rt=brski.rjps;bv=jose-cmp, ;rt=brski.rjps;bv=cose-cmp ]]> [ Q: Can we actually use the * discovery to only discover the two variations of registrar transport variations "rj*" - when we are a registrar ??? we do not want to discover the resource that proxies or registrars provide to pledges!!! ] When pledges need to discover (and select) proxies (or registrars) supporting a specific combination of variations, the encoding of attributes is the same as shown in except that now, "rt=brski.jp" needs to be discovered. It is a responsibility of the proxy to discover registrars and map their discovered "bv=" variations for rt=brski.rjp" and/or "brski.rjps" to the same "bv=" variations to their announced "rt=brski.jp" resources: For provies, there is simply a 1:1 mapping of the "bv" attribute and the connection scheme for the resources discovered from registrars, except for the subset of variations that can rely on COAPS transport, for those both the "rt=brski.rjp" and "rt=brski.rjps" are options how to proxy the resource for the pleges. Note that the port numbers announced by the proxy resources will of course likely be different than those announced by the registarars.

;rt=brski.jp(;brv=brski-variation-string) Example: REQ: GET /.well-known/core?rt=brski.rj* RES: 2.05 Content ;rt=brski.jp, ;rt=brski.jp;bv=, ;rt=brski.jp;bv=jose-cmp, ;rt=brski.jp;bv=cose-cmp ]]>