Rob,
At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote:
I did suggest we might use other cert request mechanisms. EST is the
obvious, current, standards-based option for this, if folks want to
consider alternatives to PKCS#10. Since it was authored by a Cisco
guy, there is some chance it might become available in their
routers. I would suggest this path only for router certs, not for
the RPKI certs. That might make it unpalatable, as a CA operated by
an ISP would have to deal with two cert request formats: PKCS#1- for
child CA certs (if the ISP is not a stub in the RPKI tree) and EST
for router certs.
Is there any real benefit to EST, given that we already have to
support PKCS #10 and given that PKCS #10 implementations are almost
certainly easier to find than EST implementations?
As I noted, I am aware of only a Cisco implementation, but we could
check with
Max Pritikin to see if he is aware of others.
Absent some serious advantage that I'm not seeing, this doesn't seem
particularly attractive.
I'm just pointing out options.
Understood.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
