On Jul 02, 2014, at 10:00, Stephen Kent <[email protected]> wrote: > Rob, > >> At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote: >>> I did suggest we might use other cert request mechanisms. EST is the >>> obvious, current, standards-based option for this, if folks want to >>> consider alternatives to PKCS#10. Since it was authored by a Cisco >>> guy, there is some chance it might become available in their >>> routers. I would suggest this path only for router certs, not for >>> the RPKI certs. That might make it unpalatable, as a CA operated by >>> an ISP would have to deal with two cert request formats: PKCS#1- for >>> child CA certs (if the ISP is not a stub in the RPKI tree) and EST >>> for router certs. >> Is there any real benefit to EST, given that we already have to >> support PKCS #10 and given that PKCS #10 implementations are almost >> certainly easier to find than EST implementations? > As I noted, I am aware of only a Cisco implementation, but we could check with > Max Pritikin to see if he is aware of others. >> Absent some serious advantage that I'm not seeing, this doesn't seem >> particularly attractive. >> >>> I'm just pointing out options. >> Understood. >
Dan’s got an implementation on github: https://github.com/danharkins/est spt _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
