Secure Zero Touch Provisioning
RFC 8572, “Secure Zero Touch Provisioning”, is a Proposed Standard document published in April 2019 by K. Watsen, I. Farrer, M. Abrahamsson. It has since been updated by RFC 9646. The canonical text is published by the RFC Editor.
Abstract
This document presents a technique to securely provision a networking device when it is booting in a factory-default state. Variations in the solution enable it to be used on both public and private networks. The provisioning steps are able to update the boot image, commit an initial configuration, and execute arbitrary scripts to address auxiliary needs. The updated device is subsequently able to establish secure connections with other systems. For instance, a device may establish NETCONF (RFC 6241) and/or RESTCONF (RFC 8040) connections with deployment-specific network management systems.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8572 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8571 BGP - Link State Advertisement of IGP Traffic Engineering Performance Metric Extensions
- RFC 8573 Message Authentication Code for the Network Time Protocol
- RFC 8570 IS-IS Traffic Engineering Metric Extensions
- RFC 8574 cite-as: A Link Relation to Convey a Preferred URI for Referencing
- RFC 8569 Content-Centric Networking Semantics
- RFC 8575 YANG Data Model for the Precision Time Protocol
- RFC 8568 Network Virtualization Research Challenges
- RFC 8576 Internet of Things Security: State of the Art and Challenges