Skip to main content

BRSKI-AE: Alternative Enrollment Protocols in BRSKI

Document Type Replaced Internet-Draft (anima WG)
Expired & archived
Authors David von Oheimb , Steffen Fries , Hendrik Brockhaus , Eliot Lear
Last updated 2022-03-07
Replaces draft-fries-anima-brski-async-enroll
Replaced by draft-ietf-anima-brski-prm, draft-ietf-anima-brski-ae
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources GitHub Repository
Mailing list discussion
Stream WG state WG Document
Document shepherd Toerless Eckert
IESG IESG state Replaced by draft-ietf-anima-brski-ae, draft-ietf-anima-brski-prm
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document enhances Bootstrapping Remote Secure Key Infrastructure (BRSKI, [RFC8995]) to allow employing alternative enrollment protocols, such as CMP. Using self-contained signed objects, the origin of enrollment requests and responses can be authenticated independently of message transfer. This supports end-to-end security and asynchronous operation of certificate enrollment and provides flexibility where to authenticate and authorize certification requests.


David von Oheimb
Steffen Fries
Hendrik Brockhaus
Eliot Lear

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)