On Jul 02, 2014, at 11:16, Sean Turner <turn...@ieca.com> wrote: > On Jul 02, 2014, at 10:00, Stephen Kent <k...@bbn.com> wrote: > >> Rob, >> >>> At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote: >>>> I did suggest we might use other cert request mechanisms. EST is the >>>> obvious, current, standards-based option for this, if folks want to >>>> consider alternatives to PKCS#10. Since it was authored by a Cisco >>>> guy, there is some chance it might become available in their >>>> routers. I would suggest this path only for router certs, not for >>>> the RPKI certs. That might make it unpalatable, as a CA operated by >>>> an ISP would have to deal with two cert request formats: PKCS#1- for >>>> child CA certs (if the ISP is not a stub in the RPKI tree) and EST >>>> for router certs. >>> Is there any real benefit to EST, given that we already have to >>> support PKCS #10 and given that PKCS #10 implementations are almost >>> certainly easier to find than EST implementations? >> As I noted, I am aware of only a Cisco implementation, but we could check >> with >> Max Pritikin to see if he is aware of others. >>> Absent some serious advantage that I'm not seeing, this doesn't seem >>> particularly attractive. >>> >>>> I'm just pointing out options. >>> Understood. >> > > Dan’s got an implementation on github: > > https://github.com/danharkins/est > > spt
Here’s the link for Cisco's: https://github.com/cisco/libest spt _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr