15	   This document specifies the behavior of a BRSKI Cloud Registrar, and
16	   how a pledge can interact with a BRSKI Cloud Registrar when
17	   bootstrapping.

If you can, add an explanation what the core aspects of a Cloud Registrar
are for tthe purpose of this document... discovery ? untrusted connection,.... ?

266	   use this mechanism to instruct the pledge about the identities it
267	   should include in the CSR request it sends as part of enrollment.
268	   The registrar may use this mechanism to tell the pledge what Subject
269	   or Subject Alternative Name identity information to include in its
270	   CSR request.  This can be useful if the Subject must have a specific
271	   value in order to complete enrollment with the CA.

So... In case of using an owner EST-Server instead of the Owner BRSKI
Registrar, this paragraph seems to hint at the option that the pledge
does the CSR Attribute request so that the Cloud registrar provides this
information because the EST-Server may not ? That should be said more explicitly.

For the case of Cloud and Owner Registrar it seems that the CSR attr request
could also be sent to the cloud registrar, but also to owner registrar.
Should both be sent ?? Be more explicit please.

154	   might be preloaded with a configuration that changes the Cloud
155	   Registrar URL to point to a VAR.  Such an effort would require
156	   unboxing each device in a controlled environment, but the
157	   provisioning could occur using a regular BRSKI or SZTP [RFC8572]
158	   process.

I think VAR is an unnecessary term and the whole paragraph is somewhat confusing.

If i understand it correctly, the core argument is like this:

The procedures specified in this document are an alternative to mechanisms
possible with just BRSKI to reduce operational cost.

Consider pledges are to be enrolled when being connected solely to the
Internet, but no owner based network. Likewise, the Registar is assumed to be
only connected to the Internet. The challenge in this case is for the pledge to
discover a URI for the Oners Registar. In the absence of the procdures described
in this doument, BRSKI could be used, but the pledge would need to be
pre-staged with that URI. In one instance, the seller of the pledge could
attach to the shipment of the pledge a USB stick pre-populated with a file
containing that Owner Registar URI, and that USB stick would need to be
inserted into the pledge to enavble enrolment. This is but one option,
and compared to similar alternatives, it does not require unpacking/configuration/repackaging
of the pledge at the sellers site, but only configuration of a USB stick

Yada yada... i really don't know how to make this shorter without looking readers
who do not live & breathe this stuff, so it probably is all better suited to be
put later into the document and only put a pointer to such a chapter here into the
Introduction.

131	   *  Local Domain Registrar: The Registrar discovered on the Local
132	      Domain.  There may not be a Local Domain Registrar in all
133	      deployment scenarios.

Isn't one core aspect of interest (which should be discussed in the text),
that the pledge does discover a Registar locally, but its not of its owner ?

339	   registrar and has verified the cloud registrar PKI identity, the

s/and has verified the cloud registrar PKI identity,// ??

242	                     Figure 1: High Level Architecture

This picture does not show the EST-Server option. Gap ?!

What is "Services" ??

The end-to-end lines look like explicit connections. This is confiusing.
Maybe the connections can be repainted in two ways:

1. replace lines with just some "Internet" in the middle with some dotted
lines from each box connecting to it.

Then insert some rough lines, e.g.:

      <--(1) cloud register--->

       between Pledge and Cloud Registar


      <--(2) VR-sign(N)--->

      <--(3) sign(VR-sign(N))-->

Finally, you should add a paragraph with text explaining what the picture shows.
For example saying that all nodes only need to connect over the Internet, and
that it shows the three high-level stages of communication (1) (2), (3)

just roughly so readers understand it.

135	1.2.  Target Use Cases

137	   Two high level use cases are documented here.  There are more details

This document specifies and standardizes procedures for two high level use cases.

(use case documentation is fine, but the beef of standard tracks RFCs is the specification of 
 standardized procedures).

138	   provided in sections Section 4.1 and Section 4.2.  While both use
139	   cases aid with incremental deployment of BRSKI infrastructure, for
140	   many smaller sites (such as teleworkers) no further infrastructure
141	   are expected.

Last sentence is not correct english and reads weird. How about:

Common to both uses cases is that they aid with the use of BRSKI 
in the presence of many small sites (such as teleworkers) with minimum
expectations against their network infrastructure.

143	   The pledge is not expected to know which of these two situations it
144	   is in.  The pledge determines this based upon signals that it
145	   receives from the Cloud Registrar.  The Cloud Registrar is expected

rephrase/explain: "determines this" -> determines what ? which of the two cases ?

146	   to make the determination based upon the identity presented by the
147	   pledge.

rephrase/explain: make determination of what ?

149	   While a Cloud Registrar will typically handle all the devices of a
150	   particular product line from a particular manufacturer there are no
151	   restrictions on how the Cloud Registrar is horizontally (many sites)
152	   or vertically (more equipment at one site) scaled.  It is also

This is very hard to grasp if you did not know in before what the paragraph
means to confer. I hope i get it right. How about:

A Cloud Registrar will receive BRSKI communications from all devices configured
with its URI. This could (for example) all devices of a particular product line from
a particular manufacturer. When this is a significantly large number, a Cloud 
Registrar may need to be scaled with the usual web-service scaling mechansisms.

(btw: This is useful text, i am just not sure if its best positioned here
 upfront. I would prefer if this was a detail explained later because i don't
 feel its so super important or non-obvious).

Insert new paragraph after sentence because you're starting a completely new
piece of information following.

152	   or vertically (more equipment at one site) scaled.  It is also
153	   entirely possible that all devices sold by through a particular VAR
                                                   ^^^^^^^^^^
154	   might be preloaded with a configuration that changes the Cloud
155	   Registrar URL to point to a VAR.  Such an effort would require
156	   unboxing each device in a controlled environment, but the
157	   provisioning could occur using a regular BRSKI or SZTP [RFC8572]
158	   process.

313	   with pre-loaded trust-anchors that are used to validate the TLS
314	   connection.  This can be using a public Web PKI trust anchors using
315	   [RFC6125] DNS-ID mechanisms, a pinned certification authority, or
316	   even a pinned raw public key.  This is a local implementation
317	   decision.

I am mostly worried of this being mis-read such that it could be appropriate
to include the teirrbly long list of WebPKI Trust Anchors and think thats
good security. If we sa WebPKI it would certainlt be good to suggest limiting
WebPKI Trust anchros to only the ones known to be required for the Cloud
Registar.

344	3.2.  Cloud Registrar Handles Voucher Request

346	   The cloud registrar must determine pledge ownership.  Once ownership
347	   is determined, or if no owner can be determined, then the registrar
348	   may:

350	   *  return a suitable 4xx or 5xx error response to the pledge if the
351	      registrar is unwilling or unable to handle the voucher request

call this " * error: " ?

353	   *  redirect the pledge to an owner register via 307 response code
                                                    ^ ra

call this " * redirect to owner registrar:" ?

355	   *  issue a voucher and return a 200 response code

call this " * redirect to owner EST server" ?? Although i don't see
any redirect... Forgot initial text is there no redirect, pledge should assume
to know where to find EST-Server ?

95	1.  Introduction

97	   Bootstrapping Remote Secure Key Infrastructures [BRSKI] specifies
98	   automated bootstrapping of an Autonomic Control Plane.  BRSKI

Suggest to replace after BRSKI with:

  ... BRSKI specifies automated and secure provisioning  of nodes (which are called pledges)
  with cryptographic keying material (trust anchors and certificates) to enable authenticated and
  confidential communication with other similarily enrolled nodes. This is also called enrolment.

No need to mention Autonomic Control Plane here IMHO (just sounds like limiting scope
of BRSKI Cloud).

If you really want folks to understand what is happening here, i suggest to
include explanations such as the following.

In BRSKI, the pledge performs enrolment by communicating with a BRSKI Registrar
belonging to the domain that provides the cryptopgraphic keying material and
usually is or acts upon the owner of the pledge. The pledge does not know 
who its owner is. Insted, in BRSKI it is assumed that the network to which the
pledge connects belongs to the owner of the pledge and therefore network-supported
discovery mechanisms can resolve generic, non-owner specific names to the owners Registrar.
To support enrolment of pledges without such an owner based access network, the mechanisms
of BRSKI Cloud are required which assume that Pledge and Registrar simply connect to the
Internet. The Internet ("Cloud") connected Registrar will then determine ownership of the Pledge
and redirect the Plege to its owners Registar.

298	   Additionally, certain pledge types may never attempt to discover a
299	   local domain registrar and may automatically bootstrap against a
300	   cloud registrar.

302	   The details of the URI are manufacturer specific, with BRSKI giving
303	   the example "brski-registrar.manufacturer.example.com".

Hmm. RFC8995 says:

performing a DNS lookup using a well-known URI such as "brski-registrar.manufacturer.example.com"

but i think thats wrong text because "brski-..." is not a URI given how it has no
scheme. Sentence should have been "DNS lookup using the host of the well-known URI".

I am actually not even sure how a BRSKI URI would look like. E.g.: when the
pledge just has a URI - how does it know that the protocol should be BRSKI - let's say
it does support multiple different enrolment protocols...  ???

https://brski-registrar.manufacturer.example.com/.well-known/brski

Is that a correct URI that fully identifies BRSKI ???
(i think it is...)

99	   Section 2.7 describes how a pledge "MAY contact a well-known URI of a
100	   cloud registrar if a local registrar cannot be discovered or if the
101	   pledge's target use cases do not include a local registrar".

I would remove parenthesis and lowercase the MAY. No need for this formalism to expose
your internal repetition of sentence. This is still introduction, repetition is perfectly fine.

294	3.1.1.  Cloud Registrar Discovery

296	   BRSKI defines how a pledge MAY contact a well-known URI of a cloud
297	   registrar if a local domain registrar cannot be discovered.

Actually, it would really be good if some text in the introduction of brski cloud
would discus/refer to RFC8995 section 2.7 "Cloud Registar", such as:

"RFC8995 2.7 introduces concept of Cloud Registar, but does not define how a Cloud
Registrar should perform BRSKI enrolment for pledges from potentially multiple domain.
This document provides a specification for Cloud Registar in which the Cloud
Registar either only provides a Voucher and then redirects the pledge to its
owners EST server, or where it only redirects the pledge to its owners BRSKI Registar.

This whole scope of this document also makes me wonder if we should amend the title
of the docuemtn to "Redirecting BRSKI Cloud Registar". Because there could still be
perfectly well an "all-in-one" BRSKI Cloud Registar, perfectly well fitting RFC8995
section 2.7 - bit not requiring any of this documents procedures, right ? Aka:
The key identifying property is not that of the Cloud Registrar but the fact that it
is redirecting (i think).

334	   identity certificates or using Raw Public Key [RFC7250] certificates.

I think you're mention this because you have a good business case, such as reduction
in manufacturing cost by doing self enrolment or raw public keys during manufacturing
and capturing those into MASA and manufacturing databases - instead of also having
to bother about a CA. It might be useful to add a paragraph about this benefit, although
it is AFAIK not really BRSKI Cloud specific - but it seems like this could be even
a more common case as peldges with non-self-signed certs.

280	   For example, the pledge may only be aware of its IDevID Subject which
281	   includes a manufacturer serial number, but must include a specific
282	   fully qualified domain name in the CSR in order to complete domain
283	   ownership proofs required by the CA.

puuh... interesting, but bring up security challenge if i understand it
correctly:

So the pledge would learn attributes from the cloud registrar via CSRattr request/reply
and later on uses them in the cert enrolment step with the EST-Server/Owner-Registrar.

Yes ?

Because in this case we would just upgradr the trust requirement against the
Cloud Registrar. Without this step, the Cloud Registrar is just a glorified
traffic guide to redirect the pledge to the Owner and deliver a a voucher to
it. But really doesn't have to be well trusted - just good enough to oppress
the worst of DoS attack opportunities. (I hope i get this right).

But with such aditional attributes, the cloud-registar has to be trusted
much more.

I would suggest that for this case, if feasible, the voucher would also vouch
for the cloud registar - that would upgrade all the information received from
the cloud registrar to the same level of trust that the pledge has against the
owner registrar - by virtue of the voucher.

Alternatively, i think we should explicitly call for authenticartion of the
Cloud Registrar only via explicit TA for the purpose of Cloud Registrar
connections, but not general purpose WebPKI TA (which a lot of pledges
may also have...).
```

322	   The cloud registrar MUST validate the identity of the pledge by
323	   sending a TLS CertificateRequest message to the pledge during TLS
324	   session establishment.  The cloud registrar MAY include a
325	   certificate_authorities field in the message to specify the set of
326	   allowed IDevID issuing CAs that pledges may use when establishing
327	   connections with the cloud registrar.

329	   The cloud registrar MAY only allow connections from pledges that have
330	   an IDevID that is signed by one of a specific set of CAs, e.g.
331	   IDevIDs issued by certain manufacturers.

How about we upgrade this ?

To protect itself against DoS attacks, the cloud registrar SHOULD reject TLS connections
when it can determine during TLS authentication that it can not support the pledge, for example because
the plege can not provide an IDevID signed by a CA recognized/supported
by the cloud registrar.

160	1.2.1.  Owner Registrar Discovery

See also note in 1.2.2 - i would suggest "Bootstrap via Cloud Registrar and Owner Registrar" as better title

162	   A pledge is bootstrapping from a remote location with no local domain

You didn't define remote location.

163	   registrar (specifically: with no local infrastructure to provide for
164	   automated discovery), and needs to discover its owner registrar.  The
165	   cloud registrar is used by the pledge to discover the owner
166	   registrar.  The cloud registrar redirects the pledge to the owner
167	   registrar, and the pledge completes bootstrap against the owner
168	   registrar.

170	   A typical example is an enduser deploying a pledge in a home or small

s/enduser/employee who is/

171	   branch office, where the pledge belongs to the enduser's employer.

s/enduser's employer/employer/

172	   There is no local domain registrar, and the pledge needs to discover
173	   and bootstrap with the employer's registrar which is deployed in
174	   headquarters.  For example, an enduser is deploying an IP phone in a
175	   home office and the phone needs to register to an IP PBX deployed in

...needs the keying material from BRSKI to register..

176	   their employer's office.

178	1.2.2.  Bootstrapping with no Owner Registrar

How about Bootstrapping from via "Cloud Registrar and Owner EST-Server"

180	   A pledge is bootstrapping where the owner organization does not yet
                                                                           ^^^
181	   have an owner registrar deployed.  The cloud registrar issues a
                                           ^
...  but it has an [RFC7030] EST-Server for enrolment of pledges.

(aka: pull up this sentence here, because later in the paagraph it reads weird.

182	   voucher, and the pledge completes trust bootstrap using the cloud
183	   registrar.  The voucher issued by the cloud includes domain
184	   information for the owner's [EST] service the pledge should use for
185	   certificate enrollment.

I should have tried to understand this earlier ;-), but i really like this
case. WOuld love to see the following type of explanation here:

This option can be used to introduce the benefits of BRSKI for an initial
period when BRSKI is not available in existing EST-Servers. But it can also
be used long-term as an security-equivalent solution in which BRSKI and
EST-Server are set up in a modular fashion.

Would also suggest to add:

The use of an EST-Server instead of a BRSKI Registrar may mean that
not all the EST options required by [BRSKI] may be available and hence
this option may not support all BRSKI deployment cases. For example,
certificates to enroll into an ACP [RFC8994] needs to include an
AcpNodeName (see [RFC8994], Section 6.2.2), which non-BRSKI capable EST-Servers
ma not support.



At this point in the doc you need to insert 1.2.3 Summary

319	   The pledge MUST NOT establish a provisional TLS connection (see BRSKI
320	   section 5.1) with the cloud registrar.

Reads confusingly here. Suggest to remove paragraph here and explain after the
following paragraph that compared to BRSKI, the TLS connection is immediately
mutually authenticated and not first a provisional TLS connection as in BRSKI.