> I don't think that the IETF hasn't defined any CA/Registrar protocols,
> other than the BRSKI drafts.
> I'm curious about what part of RFC8995 makes you think that there is a
> CA/Registrar protocol included
I should have written "some of the current BRSKI drafts."
Salz, Rich wrote:
> I don't think that the IETF hasn't defined any CA/Registrar protocols,
> other than the BRSKI drafts.
I'm curious about what part of RFC8995 makes you think that there is a
CA/Registrar protocol included... we would have liked to do this, but we
haven't.
> It
Thanks, Rich, inline
On Wed, Mar 01, 2023 at 12:49:33AM +, Salz, Rich wrote:
> >Yepp. I understand the high level point in the meantime. I wonder how
> >commonly
> available protocol options between registrar and CA allow to support
> this. FullCMC seems to support it (hence also EST if CA
Wouldn't about every public trusted certificate will add additional
extension, Signed Certificate Timestamp?
CSR wouldn't have it, as most CA handle CT by precertificate
2023-02-28 오전 4:17에 Toerless Eckert 이(가) 쓴 글:
Would like to understand lamps experts insight:
1. If a pledge creates
Resending, sorry.
On 2/28/23, 7:49 PM, "Salz, Rich" mailto:rs...@akamai.com>>
wrote:
>Yepp. I understand the high level point in the meantime. I wonder how commonly
available protocol options between registrar and CA allow to support
this. FullCMC seems to support it (hence also EST if CA
>Yepp. I understand the high level point in the meantime. I wonder how commonly
available protocol options between registrar and CA allow to support
this. FullCMC seems to support it (hence also EST if CA suports fullCMC over
it),
ACME does not. What other protocol options are relevant, which
Thanks, Russ
Yepp. I understand the high level point in the meantime. I wonder how commonly
available protocol options between registrar and CA allow to support
this. FullCMC seems to support it (hence also EST if CA suports fullCMC over
it),
ACME does not. What other protocol options are
Toerless:
The CA is the one that signs the certificate. The CA can accept the proposed
values in the CSR or change them. That said, it is up the the certificate
policy to nail down the things that the CA needs to do to make sure the issued
certificate is correct.
Russ
> On Feb 27, 2023,