-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA Certs request does not seem to fit BRSKI or PRM #23
Comments
I do not see a problem here in comparison with BRSKI, while I do not know for BRSKI-PRM. Figure 3 just extends/generalizes the final (enrollment) step of BRSKI. RFC 8995, Section 5.9: EST Integration for PKI Bootstrapping says:
This is also done with BRSKI-AE, in a fashion that is independent of EST but essentially with the same abstract contents BTW, note that the optional certificate confirmation mentioned in Figure 3 is not available in EST, but in CMP, |
…sue #23 Also update the changelog, tweak the aasvg input, and other minor improvement.
Hi @mcr, we just noticed this rather dated open issue. |
In section 4.2, figure 3, the time sequence diagram has the steps 1,2, which does not fit into the BRSKI RFC8995 flow,
nor does it seem to fit into the PRM model of communications.
Specifically, the CA Certs Request/reply occurs after enrollment, I think, but I guess it just occurs after voucher response.
The Attribute Request/Response is I guess the same as the /csrattrs request.
The Certificate Confirm step seems fine.
Mostly, I am concerned that this is not synchronized with PRM's needs.
The text was updated successfully, but these errors were encountered: