Hi Michael, > > As far as I can tell, in the PULL case, when CMP (or another > > mechanism) will be used, there is still a voucher exchange first. The > > Registrar can express it's preference in the (parboiled) voucher-request > from Registrar to MASA. > PULL was meant to describe the behavior of the pledge to start the > onboarding while PUSH was more the trigger from the pledge-agent. > As the enrollment is between the pledge, the registrar, and the CA, I would > not see a need to include this information in the voucher. This should be > done as outlined in BRSKI. > > > > The MASA, if the pledge supports the desired enrollment protocol, > > could include the hint. In fact, the MASA could include an entire URL > > with meta- data about the protocol to use. > > > > This would jive very nicely with the brski-cloud mechanism!!! > Hm, haven't though about this. In case of standard BRSKI I would not see a > need, as it would be handled by the domain registrar, but in case of the cloud > registrar, it would provide the option to point to the right domain registrar > supporting the enrollment. I had some further thought on this. I think it would fit to the cloud registrar to the described option 3 in the current draft. If the voucher definition is enhanced with the local RA info, the enrollment options could be provided as well, allowing the pledge to pick the supported one and perform the enrollment.
If the hint about the protocol support would be included by the MASA to inform the registrar, it may be limited to the MASA as defined in BRSKI. I'm not sure how this would work with the delegated voucher approach, as the DASA may not know the device capabilities. If the voucher definition would be enhanced in case of the cloud registrar, it may also be possible to enhance the voucher request definition, to allow the registrar to populate the information from the domain registrar to the MASA and repeat all options or suitable enrollment options in the voucher (response) provided to the pledge. Best regards Steffen _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
