-
**Describe the solution you'd like**
Instead of current third-party solutions like HashiCorp Vault or Venafi I would prefer certificate management provided via an Enrollment over Secure Transport (ES…
-
Comment from Toerless to section 6.3
> 2100 The CA certificates are provided as base64 encoded "x5b". The pledge
> 2101 SHALL install the received CA certificates as trust anchor afte…
-
Section 7.2 says:
EST [RFC7030] is not clear on how the CSR Attributes response should
be structured, and in particular is not clear on how a server can
instruct a client to include spec…
upros updated
2 years ago
-
In 6.6.2, particularly step 1, a requirement could be added. Currently Pledge only checks that the EST server is part of the same Domain that it trusts. It should/must also verify that the EST server …
-
````
: MUST reference the protocol being used, which MAY be CMP, CMC, SCEP, EST [[RFC7030](https://github.com/anima-wg/anima-brski-ae/issues/new#RFC7030)] as in BRSKI, or a newly defined approach.
`…
-
Hello,
Using mbedtls, [avs_crypto_parse_pkcs7_certs_only](https://github.com/AVSystem/avs_commons/blob/c2ebe620d16a508e14fabfd9725059e812a8f2eb/include_public/avsystem/commons/avs_crypto_pki.h#L981…
-
I can't seem to get the syntax right to refer to a section within an RFC. Can you give me some guidance? I'm currently authoring the ARC and ARC-Usage I-Ds with kramdown-rfc2629.
-
> As the described solution will rely on additional wrapping signature it will require pre-processing specifically for EST. EST simpleenroll uses PKCS#10 requests only.
This was unclear to me and c…
-
Proposal to split the current BRSKI-AE draft to separate the contained use cases as they have developed differently.
- Use Case 1 targets the definition of requirements for a communication archite…
-
Hello,
I'm trying to implement very ASN.1 schema from [RFC7030](https://datatracker.ietf.org/doc/html/rfc7030#section-4.5.2):
```
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
AttrOrOID…