The BRSKI-AE authors have suggested that in order to make BRSKI more easily extendable that prior to using the /.well-known/est end points (both RFC7030 ones and bootstrapping-keyinfra ones), that the pledge should ask for /.well-known/brski, to get back a list.
The thread ending at https://mailarchive.ietf.org/arch/msg/anima/MQkNXJJjMkP0nqKlNEaxDZ94RgI alludes to this, but the current -03 document does not include this proposal, because it would need to go into BRSKI itself. REQ: GET /.well-known/brski RES: Content-Type: application/link-format {see RFC6690} </brski/voucherrequest>,ct=voucher-cms+json </brski/voucher_status>,ct=json </brski/requestauditlog>,ct=json </brski/enrollstatus>,ct=json </est/cacerts>;ct=pkcs7-mime </est/cacerts>;ct=pkcs7-mime </est/simpleenroll>;ct=pkcs7-mime </est/simplereenroll>;ct=pkcs7-mime </est/fullcmc>;ct=pkcs7-mime </est/serverkeygen>;ct= pkcs7-mime </est/csrattrs>;ct=pkcs7-mime </cmp/initialization>;ct=pkixcmp </cmp/certification>;ct=pkixcmp </cmp/keyupdate>;ct=pkixcmp </cmp/p10>;ct=pkixcmp </cmp/getCAcert>;ct=pkixcmp </cmp/getCSRparam>;ct=pkixcmp This is already done in draft-ietf-ace-coap-est-18, BTW. But, it asks /.well-known/core?rt=ace.est rather than /.well-known/brski. At this point, we are waiting for ACP document to be approved by the IESG. Assuming that our AD was amenable, I think that this could be snuck in before ACP is approved. This email does not include my opinion, as it has not yet been formed. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
