Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
> On 8/29/19 9:20 AM, Michael Richardson wrote:
>> Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
>> > I am writing an Internet Draft that will include transmission of a CSR, so I
>> > need to reference the proper source. No more sloppy, "well it works...".
>>
>> > Some digging said it is in PKCS#10 - CSR. But I did not stop with
>> > that.
>>
>> RFC2986 is PKCS10.
>> RFC7030 references that, I don't think that there is anything newer.
>> But, maybe I've mis-understood your question?
> To bring up 7030, yes you have.
> 7030 is not something you want to run over a highly constrained network,
> involving a highly constrained device. It does provide some good guidelines
> for 'completeness'. Is ANIMA using it? And ANIMA is not just constrained
> devices.
ANIMA BRSKI is an RFC7030 extension.
ANIMA constrained-BRSKI (draft-ietf-anima-constrained-voucher) is an
extension of ACE's draft-ietf-ace-coaps-est, which is a constrained version
of 7030. [Yes, I'm an author on all of those]
It still uses CSRs (binary DER, never PEM encoded).
> For this project there are strong arguments to do all registration stuff
> within HIP messages. At least for initial design.
> It is not my job in this project to declare a winner in best CSR format
> design. For the initial specification, I need to do a best effort on current
> practice. PKCS#10 seems to be that.
We are going to be using CSR until we have something like CoID.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature
