Do we need a way to adjust CSR attributes to cancel fields

[mcr]

from #2:

There does not appear to be a way for CA to send a CSR-Attributes instructing the client to not include a specific field. Looking at serialNumber which is: X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) I assume that a X509 parsing stack would complain / not allow a CSR-Attributes response with a NULL value serialNumber.

However, what is stated "the registrar may deem the manufacturer serial number in an IDevID as personally identifiable information, and may want to specify a new random opaque identifier that the pledge should use in its CSR" should be fine. The CA sends a random string as the serialNumber value.

[mcr]

The "usual" way to deal with this problem is for the Registrar, using it's privileged relationship with the CA to rewrite/change/override the CSR attributes. The CSR itself is signed by the pledge, so the CSR itself is immutable. This issue isn't exactly a brski-cloud issues, except as much that a) the pledge may be redirected to an RFC7030 EST Registrar that does not know what's going on, b) the cloud registrar may wish to be backed by an ACME CA in the cloud, to which the Registrar does not have as many privileges.

Maybe this is more of an ACME Integrations issue!

Taking this to the list.

[mcr]

moved to https://github.com/anima-wg/brski-cloud/issues/1