Accept Option in /skg request and content-formats used in the response

[csosto-pk]

The content-format of the response to /skg request can be

• 281 or TBD287 for the cert
• 280 or 284 for the key.

Currently the server responds with content-format 62. But how does he know what formats to include in the CBOR? He can know if the client requests format 280 from the CSR, but he can't know about the cert format. In this case the accept option will tell him. So the client SHOULD use 281 or TBD287 in the Accept option and the server knows what to send.

Explain this rationale in Section 5.2.1 for Server-side key generation and Appendix A.4.

[csosto-pk]

Addressed.

The client needs to communicate to the server the content format of the application/multipart-core. The key Content-Format requested by the client is depicted in the PKCS#10 request. If the request contains SMIMECapabilities the the client is expecting Content-Format 280. Otherwise he expects a PKCS#8 key in Content-Format 284. The client expresses the preferred certificate Content-Format in his /skg request by using an Accept Option. The Accept Option is 281 for PKCS#7 container certificates or TBD287 for X.509 certificates.