Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

> I don't think that the IETF hasn't defined any CA/Registrar protocols, > other than the BRSKI drafts. > I'm curious about what part of RFC8995 makes you think that there is a > CA/Registrar protocol included I should have written "some of the current BRSKI drafts."

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Salz, Rich wrote: > I don't think that the IETF hasn't defined any CA/Registrar protocols, > other than the BRSKI drafts. I'm curious about what part of RFC8995 makes you think that there is a CA/Registrar protocol included... we would have liked to do this, but we haven't. > It

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Thanks, Rich, inline On Wed, Mar 01, 2023 at 12:49:33AM +, Salz, Rich wrote: > >Yepp. I understand the high level point in the meantime. I wonder how > >commonly > available protocol options between registrar and CA allow to support > this. FullCMC seems to support it (hence also EST if CA

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Wouldn't about every public trusted certificate will add additional extension, Signed Certificate Timestamp? CSR wouldn't have it, as most CA handle CT by precertificate 2023-02-28 오전 4:17에 Toerless Eckert 이(가) 쓴 글: Would like to understand lamps experts insight: 1. If a pledge creates

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Resending, sorry. On 2/28/23, 7:49 PM, "Salz, Rich" mailto:rs...@akamai.com>> wrote: >Yepp. I understand the high level point in the meantime. I wonder how commonly available protocol options between registrar and CA allow to support this. FullCMC seems to support it (hence also EST if CA

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

>Yepp. I understand the high level point in the meantime. I wonder how commonly available protocol options between registrar and CA allow to support this. FullCMC seems to support it (hence also EST if CA suports fullCMC over it), ACME does not. What other protocol options are relevant, which

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Thanks, Russ Yepp. I understand the high level point in the meantime. I wonder how commonly available protocol options between registrar and CA allow to support this. FullCMC seems to support it (hence also EST if CA suports fullCMC over it), ACME does not. What other protocol options are

Re: [Anima] [lamps] lamps(/anima): another struggle related to CSR attr, draft-ietf-lamps-rfc7030-csrattrs-01 and draft-ietf-anima-brski-prm

Toerless: The CA is the one that signs the certificate. The CA can accept the proposed values in the CSR or change them. That said, it is up the the certificate policy to nail down the things that the CA needs to do to make sure the issued certificate is correct. Russ > On Feb 27, 2023,