At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote: > > I did suggest we might use other cert request mechanisms. EST is the > obvious, current, standards-based option for this, if folks want to > consider alternatives to PKCS#10. Since it was authored by a Cisco > guy, there is some chance it might become available in their > routers. I would suggest this path only for router certs, not for > the RPKI certs. That might make it unpalatable, as a CA operated by > an ISP would have to deal with two cert request formats: PKCS#1- for > child CA certs (if the ISP is not a stub in the RPKI tree) and EST > for router certs.
Is there any real benefit to EST, given that we already have to support PKCS #10 and given that PKCS #10 implementations are almost certainly easier to find than EST implementations? Absent some serious advantage that I'm not seeing, this doesn't seem particularly attractive. > I'm just pointing out options. Understood. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
