File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Updates:

RFC 7030, RFC 9148

Authors:

M. Richardson, Ed.
O. Friel
D. von Oheimb
D. Harkins

Stream:

IETF

Source:

lamps (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9908

Discuss this RFC: Send questions or comments to the mailing list spasm@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9908

Abstract

This document updates RFC 7030, "Enrollment over Secure Transport" (EST), clarifying how the Certificate Signing Request (CSR) Attributes Response can be used by an EST server to specify both CSR attribute Object Identifiers (OIDs) and CSR attribute values, particularly X.509 extension values, that the server expects the client to include in a subsequent CSR request. RFC 9148 is derived from RFC 7030 and is also updated.

RFC 7030 is ambiguous in its specification of the CSR Attributes Response. This has resulted in implementation challenges and implementor confusion because there was no universal understanding of what was specified. This document clarifies the encoding rules.

This document also provides a new straightforward approach: using a template for CSR contents that may be partially filled in by the server. This also allows an EST server to specify a subject Distinguished Name (DN).

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.