Skip to main content

BRSKI-AE: Alternative Enrollment Protocols in BRSKI

Document Type Replaced Internet-Draft (anima WG)
Authors David von Oheimb , Steffen Fries , Hendrik Brockhaus , Eliot Lear
Last updated 2022-03-07
Replaces draft-fries-anima-brski-async-enroll
Replaced by draft-ietf-anima-brski-ae
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text html xml htmlized pdfized bibtex
Additional resources GitHub Repository
Mailing list discussion
Stream WG state WG Document
Document shepherd Toerless Eckert
IESG IESG state Replaced by draft-ietf-anima-brski-ae
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


This document enhances Bootstrapping Remote Secure Key Infrastructure (BRSKI, [RFC8995]) to allow employing alternative enrollment protocols, such as CMP. Using self-contained signed objects, the origin of enrollment requests and responses can be authenticated independently of message transfer. This supports end-to-end security and asynchronous operation of certificate enrollment and provides flexibility where to authenticate and authorize certification requests.


David von Oheimb
Steffen Fries
Hendrik Brockhaus
Eliot Lear

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)