Closed EskoDijk closed 1 year ago
In 6.6.2, particularly step 1, a requirement could be added. Currently Pledge only checks that the EST server is part of the same Domain that it trusts. It should/must also verify that the EST server is an "RA" for that domain, i.e. a Registrar.
Based on email discussion: https://mailarchive.ietf.org/arch/msg/anima/VN8D3T_LBMz6LDCLo7T2mv5NNNc/
maybe already said in RFC9148? RFC7030?
3.6.1. Client Use of Explicit TA Database
Yes, we can just refer to RFC 7030 3.6.1 for details; sentence can be added in step 1.
In 6.6.2, particularly step 1, a requirement could be added. Currently Pledge only checks that the EST server is part of the same Domain that it trusts. It should/must also verify that the EST server is an "RA" for that domain, i.e. a Registrar.
Based on email discussion: https://mailarchive.ietf.org/arch/msg/anima/VN8D3T_LBMz6LDCLo7T2mv5NNNc/