EST (Enrollment over Secure Transport) Extensions

Note: This ballot was opened for revision 08 and is now closed.

(Kathleen Moriarty) (was Discuss, Yes) Yes

(Alia Atlas) No Objection

Deborah Brungard No Objection

Ben Campbell No Objection

Comment (2017-08-02 for -09)
- 2.2/2.3: Is there any expectation that a server can provide the PAL in both XML and JSON?

Spencer Dawkins No Objection

Suresh Krishnan No Objection

Warren Kumari (was Discuss) No Objection

Comment (2017-08-02 for -09)
The above would have been less annoying if the XML had been wrapped in a <CODE BEGINS> / <CODE ENDS> tag.

I'd encourage the author to look at the OpsDir review ( , which has some good comments, especially:
# 3: while I don't think that quotes would help, I *do* find the forward slash in (S1) "simple enrollment with /simpleenroll, rekey/renew with /simplereenroll, etc." to be jarring - suggest "rekey or renew" instead.
(some of the comments in the OpsDir review have already been addressed).

Section 1.1.  Definitions
"clients that have a non-electronic air gap" -- I see that the "non-electronic" bit was added in a recent version, but I'm confused as to what it is trying to convey. What is an electronic vs non-electronic airgap? Was this to somehow address concerns about things like bypassing airgaps using audio or something? I'm sure that there was a reason for adding it, but it simply confused me.

Section 1. Introduction.
/firmware -- "... a mechanism for the infrastructure to inform the client that a firmware and software updates..." -- s/a// 

Section 4.  Distribute CRLs and ARLs
"Providing CRLs at the time of bootstrap would obviate the need for..." -- I'd suggest  "Providing CRLs at the time of bootstrap obviates the need for..."

Note: I previously had a DISCUSS position because the XML seemed to be incorrect. This appears to be a rendering artifact in different PDF viewers - for example, in the OS X Preview app, the opening <xsd:annotation> after the <xsd:complexType name="PAL"> doesn't render. This **seems** to be related to this specific document (but is sufficiently weird that I'm not sure), so it may be worth checking the final RFC Ed version for this issue.

Mirja K├╝hlewind No Objection

Comment (2017-08-01 for -09)
One high level comment:
The introduction of "/serverkeygen/return" actually seems to warrent an update of RFC7030 to me.

One question:
The shepherd write-up says it was presented in lamps but the chairs did not asks for adoption. Why?

Questions on the IANA section:
- Shouldn't pal be registered in the well-know URI registry?
- Section 11.3 could be clearer. What's the name of the new registry and what fields are needed for registration? Should the media types be listed or how can this requirement be assessed: "Package types MUST be paired with a media type."?

Terry Manderson No Objection

Alexey Melnikov (was Discuss) No Objection

Comment (2017-10-01 for -10)
Thank you for addressing my DISCUSS and comments.

Eric Rescorla (was Discuss) No Objection

Comment (2017-08-01 for -10)
The abstract is kind of hard to follow. It would be useful to have a
more straightforward presentation. E.g.,

   The EST (Enrollment over Secure Transport) protocol defined a Well-
   Known URI (Uniform Resource Identifier): /.well-known/est along with
   a number of other path components that clients use for PKI (Public Key
   Infrastructure) services, namely certificate enrollment (e.g.,
   /simpleenroll).  This document defines a number of other PKI services
   as additional path components, specifically....

The presentation of the PAL model is kind of hard to follow. In
particular, how am I supposed to know that I should provide a return
receipt for some operation. Do I:

(1) see the path in the PAL where I first discover the operation
(2) poll the PAL to see if it shows up with a receipt.

In general, I think a section on overall PAL usage would be helpful,
including covering polling, how to use date and time, etc. It would
also be helpful to indicate where the Info field can have an
indirection and where it cannot, as well as how to use the additional
PAL field (/pal).

S 1.
       /tamp - To control the TAs in client TA databases, servers use
       the /tamp PC to request that clients retrieve a TAMP query,
       update, and adjust packages and clients use the /tamp/return PC
       to return response, confirm, and error. The /tamp and
       /tamp/return PCs are defined in Section 7.

Please provide a ref to TAMP.

S 1.6.
   | Locate Available   | N/A                      | Section 2.2       |
   | Packages           | application/xml or       | Section 2.3       |
   |                    | application/json         |                   |
   |                    | [RFC7303][RFC7159]       |                   |

NIT: You should probably attach these citations to the relevant format.

The whole formatting of this table is pretty crazy, especially the TAMP

S 3.
   The server need not authenticate or authorize the client for
   distributing an EE certificate because the package contents is

NIT: "contents are"

S 5.1.
   strength with the symmetric key being delivered to the client.  The
   cipher suite use MUST NOT have NULL encryption algorithm as this will

NIT: "suite used"

S 7.2.1.
   As specified in [RFC5934], these content types should be signed.  If
   signed, a signed data encapsulates the TAMP content.

Is this a 2119 SHOULD?

S 8.3.1.
If you use pBE, how does the client know the password

Adam Roach (was Discuss) No Objection