> I don't think that the IETF hasn't defined any CA/Registrar protocols,
> other than the BRSKI drafts.
> I'm curious about what part of RFC8995 makes you think that there is a
> CA/Registrar protocol included
I should have written "some of the current BRSKI drafts."
Resending, sorry.
On 2/28/23, 7:49 PM, "Salz, Rich" mailto:rs...@akamai.com>>
wrote:
>Yepp. I understand the high level point in the meantime. I wonder how commonly
available protocol options between registrar and CA allow to support
this. FullCMC seems to support it (h
>Yepp. I understand the high level point in the meantime. I wonder how commonly
available protocol options between registrar and CA allow to support
this. FullCMC seems to support it (hence also EST if CA suports fullCMC over
it),
ACME does not. What other protocol options are relevant, which
Your responses all seem reasonable to me, thanks!
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
Netmod and anima moved to bcc.
>You'd use shell globs?
I think it might be better to use PCRE.
Horrible idea to use PCRE instead of globs.
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
>As I wrote, I think we’re past it, because this is about domain/IP address
> validation and not client cert validation. Correct?
Ah, right. Thanks. Too many balls in the air :)
___
Anima mailing list
Anima@ietf.org
>There are a VAST number of devices that run off of iDevIDs: they never
> transition off of them. I’m not a fan, but that’s what they do.
Okay, so this draft doesn't apply to them. There doesn't seem to be a problem
with, say, not using TLS 1.3 in cases, or not using ECDH in some cases,
>In summary, I don't see anything in use-san that will affect BRSKI.
That is great to hear, thanks for the careful analysis.
>Some nits:
All look like good things to do, I'll make a PR soonish.
What do you think of just rewriting this to completely replace 6125, rather
than trying to