RFC Errata
RFC 8295, "EST (Enrollment over Secure Transport) Extensions", January 2018
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 7626
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Piotr Popis
Date Reported: 2023-09-04
Section 2.1.1. says:
0007 Start DS certificate enrollment: Indicates that the client needs to begin enrolling its DS certificate. The PAL entry points to a /simpleenroll URI, which is defined in [RFC7030].
It should say:
0007 Start DS certificate enrollment: Indicates that the client needs to begin enrolling its DS certificate. The PAL entry points to a /simpleenroll or a /fullcmc URI, both of which are defined in [RFC7030].
Notes:
Without this change and taking the 0006 definition into consideration, one might assume that a Simple PKI Request doesn't require the /csrattrs URI to be done beforehand, but the enrollment with a Full PKI Request must be preceded by the /csrattrs URI, which is not required - see the rest of the document, especially Section 9 and [RFC7030].