upros
commented
10 months ago Actually, BRSKI 5.9.2 specifies to send CSR Attrs to EST Server, not the Registrar.
Closed mcr closed 10 months ago
upros
commented
10 months ago Actually, BRSKI 5.9.2 specifies to send CSR Attrs to EST Server, not the Registrar.
mcr
commented
10 months ago EST Server IS an RFC7030 Registrar, I thought.
upros
commented
10 months ago Well, RFC7030 refers to a Registration Authority, and points to RFC5272 for a definition of that.
RFC8995 defines a Registrar which does more than a basic RFC7030/RFC5272 RA.
I read it as: the RA only does PKI functions. The Registrar does PKI + BRSKI functions.
262 2.3. Pledge Certificate Identity Considerations
264 BRSKI section 5.9.2 specifies that the pledge MUST send an EST 265 [RFC7030] CSR Attributes request to the registrar. The registrar MAY
which registrar - cloud or owner ?