On 8/30/21 12:21 AM, Michael Richardson wrote:
Dan Harkins <[email protected]> wrote:
> Why can't the RA signal to the CA whatever things it things should
> be included in the CA, in addition to the goo provided in the client's
I don't know. Why can't it? What protocol can it use that is well deployed?
The RA can do that signalling. You just need to define the protocol.
> Why don't you want to define _that_ signalling instead of overloading
> a different protocol?
I'd love to define that protocol.
But, we thought CSRattrs was that protocol.
Why did you think that? I can see a "it's there and we can tweak it
to do this
weird thing we want to do" but I don't understand why one would think
that CSRattrs
was designed for that.
If the RA knows what information the CA needs in order to construct a
certificate
then it should just tell the CA.
Dan.
--
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
