Hi Kent, There is a further YANG related question in the context of BRSKI-AE.
In one use case, the pledge has no direct connection to the registrar and a registrar-agent communicates with the pledge. In that specific case we do not have a TLS connection between the pledge and the registrar-agent and protect the exchanged objects by an additional signature. This is done by embedding the necessary information into a JOSE object. For the enrollment Michael was pointing to the YANG module in https://datatracker.ietf.org/doc/html/draft-ietf-netconf-sztp-csr to avoid a double definition to transport a certification request. In BRSKI-AE we currently use a PKCS#10 request, but using the defined ietf-sztp-csr would also allow to use other formats. For the enrollment request created by the pledge we have defined the following JOSE object: { "alg": "ES256", "x5c": ["MIIB2jCC...dA=="] } { "ietf-sztp-csr:csr": { "p10": "base64encodedvalue==" } } { SIGNATURE } The question (https://github.com/anima-wg/anima-brski-async-enroll/issues/10) now is, if this construct is possible, as we are just using a subset (sztp-csr:csr) of the YANG module " ietf-sztp-bootstrap-server" from draft-ietf-netconf-sztp-csr? The alternative would be to define an own module modeled in a similar. Best regards Steffen _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
