Technical Summary
The EST (Enrollment over Secure Transport) protocol defined a Well-
Known URI (Uniform Resource Identifier): /.well-known/est. EST also
defined several path components that clients use for PKI (Public Key
Infrastructure) services, namely certificate enrollment (e.g.,
/simpleenroll). In some sense, the services provided by the path
components can be thought of as PKI management-related packages.
There are additional PKI-related packages a client might need as well
as other security-related packages, such as firmware, trust anchors,
and symmetric, asymmetric, and encrypted keys. This document also
specifies the PAL (Package Availability List), which is an XML
(Extensible Markup Language) file or JSON (Javascript Object
Notation) object that clients use to retrieve packages available and
authorized for them. This document extends the EST server path
components to provide these additional services.
Working Group Summary
This is an individual draft, AD sponsored. The was a fair amount
of review, including review from several XML experts. The shepherd
is the author of other similar RFCs, so his review was helpful as well.
Document Quality
There are a few implementations and there were several XML
expert reviews.
Personnel
Kathleen Moriarty is the responsible Security Area Director and
Dan Harkins is the draft shepherd.
The IANA Expert(s) for the PAL Package Types registry
in this document is Sean Turner.
IANA Note
IANA is requested to perform three registrations: PAL Name Space, PAL
XML Schema, and PAL Package Types. Future PAL Package Type registrations
require expert review per RFC5226.