upros
commented
2 years ago Going to hold on this one for now and not change the draft text. we are assuming that richardson-lamps-rfc7030-csrattrs will get fixedup soon to have accurate text, and then MUST in this draft will be appropriate.
Section 7.2 says:
EST [RFC7030] is not clear on how the CSR Attributes response should be structured, and in particular is not clear on how a server can instruct a client to include specific attribute values in its CSR. [I-D.richardson-lamps-rfc7030-csrattrs] clarifies how a server can use CSR Attributes response to specify specific values for attributes that the client should include in its CSR.
Servers MUST use this mechanism to tell the client what identifiers to include in CSR request. ...
This is a MUST, but is is not really nailed down. Can we get to a simple MUST statement here? If not, can we at least narrow the possibilities?