Technical Summary
This document updates RFC 7030 to clarify the handling of Certificate
Signing Request (CSR) attributes in Enrollment over Secure Transport
(EST). This document describes how an EST server specifies the CSR
attribute types (object identifiers) and also CSR attribute values,
especially X.509 extension values, that the EST server expects the
client to include in subsequent CSRs.
It provides new convenient and straightforward approach:
using a template for CSR contents that may be partially filled in by
the server. This also allows specifying a subject Distinguished Name
(DN).
Working Group Summary
EST has wide support. Several people have expressed support of
the clarifications in this document. Great care was taken to ensure
that the conventions specified in this document do not break current
implementations of RFC 7030.
Document Quality
No special reviews are needed. The ASN.1 module in Appendix A properly
compiles.
There are downward normative reference to Informational RFC 5911,
Informational RFC 5912, and Informational RFC 6268. All of these
are already in the downref registry, so no special action is needed
for them.
Personnel
The Document Shepherd for this document is Russ Housley. The Responsible
Area Director is Deb Cooley.
IANA Note
(Insert IANA Note here or remove section)