-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathtime-sequence-diagram.txt
45 lines (45 loc) · 2.95 KB
/
time-sequence-diagram.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
+--------+ +---------+ +------------+ +------------+
| Pledge | | Circuit | | Domain | | Vendor |
| | | Join | | Registrar | | Service |
| | | Proxy | | (JRC) | | (MASA) |
+--------+ +---------+ +------------+ +------------+
| | | Internet |
[discover] | | |
|<-RFC4862 IPv6 addr | | |
|<-RFC3927 IPv4 addr | Appendix A | Legend |
|-++++++++++++++++++->| | C - circuit |
| optional: mDNS query| Appendix B | join proxy |
| RFC6763/RFC6762 (+) | | P - provisional |
|<-++++++++++++++++++-| | TLS connection |
| GRASP M_FLOOD | | |
| periodic broadcast| | |
[identity] | | |
|<------------------->C<----------------->| |
| TLS via the Join Proxy | |
|<--Registrar TLS server authentication---| |
[PROVISIONAL accept of server cert] | |
P---X.509 client authentication---------->| |
[request join] | |
P---Voucher Request(w/nonce for voucher)->| |
P /------------------- | |
P | [accept device?] |
P | [contact Vendor] |
P | |--Pledge ID-------->|
P | |--Domain ID-------->|
P | |--optional:nonce--->|
P optional: | [extract DomainID]
P can occur in advance | [update audit log]
P if nonceleess | |
P | |<- voucher ---------|
P \------------------- | w/nonce if provided|
P<------voucher---------------------------| |
[imprint] | |
|-------voucher status telemetry--------->| |
| |<-device audit log--|
| [verify audit log and voucher] |
|<--------------------------------------->| |
[enroll] | |
| Continue with RFC7030 enrollment | |
| using now bidirectionally authenticated | |
| TLS session. | |
[enrolled] | |