Sandy,
Thanks for continuing to pursue this issue.
If we go with #4 below, I think your proposed revision makes sense.
I've seen Randy's comments on the other 3 options, so #4 seems to be at
the top of that list, now.
I did suggest we might use other cert request mechanisms. EST is the
obvious,
current, standards-based option for this, if folks want to consider
alternatives to
PKCS#10. Since it was authored by a Cisco guy, there is some chance it
might become
available in their routers. I would suggest this path only for router
certs, not for
the RPKI certs. That might make it unpalatable, as a CA operated by an
ISP would have
to deal with two cert request formats: PKCS#1- for child CA certs (if
the ISP is not
a stub in the RPKI tree) and EST for router certs.
I'm just pointing out options.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
