Closed DDvO closed 1 year ago
You are right, this is confusing. PKI entity and PKI management entity refer to the parties involved in the PKI management operation. We use these terms in the Lightweight CMP Profile. RFC4210 uses the terms end entity and PKI, CA, or RA. Client and server refer to the role in a single exchange where one has the client and one the server role. Client and server is also used in RFC 4210, but less often that end entity and PKI/CA/RA. Therefore, I tend to use end entity and PKI if the roles in the PKI management operation are meant.
I just found that at least according to RFC 4210, "PKI entity" can mean any PKI component: CA, RA, or EE. So certainly better to use "end entity" and "PKI" than "PKI entity".
Yet regarding the HPKE-baesd message flow described in 5.1.3.4, this is not actually confined to EE - PKI communication: it can be used also, e.g., between (L)RA and RA, or RA and CA. So also for this generality I propose to use "client" and "server" here and to mention that the client usually is an EE and the server a PKI management entity.
this is not actually confined to EE - PKI communication: it can be used also, e.g., between (L)RA and RA, or RA and CA.
This is why I used PKI entity here instead of end entity, as it can be the EE, RA, or CA, as you stated above.
I could add (client) and (server) in Figure 2 like
Step# PKI entity (client) PKI management entity (server)
for clarification.
Design team meeting minutes: I will add a note right after Figure 2 to state that the PKI entity has kemCertC and the PKI management entity has kemCertS. I will also add PKI entity after the first occurrence of clinet with kemCertC and the same for PKI management entity.
Design team meeting minutes: I will add a note right after Figure 2 to state that the PKI entity has kemCertC and the PKI management entity has kemCertS. I will also add PKI entity after the first occurrence of clinet with kemCertC and the same for PKI management entity.
Implemented
Section 5.1.3.4. Key Encapsulation uses both pairs of terms interchangeably.
For consistency, better stick to one of them. My preference, for simplicity, would be: client - server. The terms "client" and "server" are those used also in, e.g., section 5.1.1, and various other places.