@techreport{ietf-lamps-rfc7030-csrattrs-23,
    number =    {draft-ietf-lamps-rfc7030-csrattrs-23},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030-csrattrs/23/},
    author =    {Michael Richardson and Owen Friel and David von Oheimb and Dan Harkins},
    title =     {{Clarification and enhancement of RFC7030 CSR Attributes definition}},
    pagetotal = 25,
    year =      2025,
    month =     jun,
    day =       28,
    abstract =  {This document updates RFC7030, Enrollment over Secure Transport (EST), clarifying how the Certificate Signiing Request (CSR) Attributes Response can be used by an EST server to specify both CSR attribute Object IDs (OID) and also CSR attribute values, in particular X.509 extension values, that the server expects the client to include in subsequent CSR request. RFC9148 is derived from RFC7030, and it is also updated. RFC7030 (EST) is ambiguous in its specification of the CSR Attributes Response. This has resulted in implementation challenges and implementor confusion. As a result, there was not universal understanding of what was specified. This document clarifies the encoding rules. This document therefore also provides a new straightforward approach: using a template for CSR contents that may be partially filled in by the server. This also allows an EST server to specify a subject Distinguished Name (DN).},
}