Zum Hauptinhalt springen

6. Security Considerations

This section preserves the RFC text for EST CSR Attributes, including CSR attribute OIDs and values, ASN.1 syntax, id-ExtensionReq, CertificationRequestInfoTemplate, Base64 examples, ASN.1 dump output, IANA registrations, and security considerations.

Original RFC Text

6.  Security Considerations

The security considerations from [RFC7030], Section 6 are unchanged.

6.1. Identity and Privacy Considerations

An EST server may use this mechanism to instruct the EST client about
the identities it should include in the CSR it sends as part of
enrollment. The client may only be aware of its Initial Device
Identifier (IDevID) Subject, which includes a manufacturer serial
number. The EST server can use this mechanism to tell the client to
include a specific fully qualified domain name in the CSR in order to
complete domain ownership proofs required by the CA. Additionally,
the EST server may deem the manufacturer serial number in an IDevID
as personally identifiable information and may want to specify a new
random opaque identifier that the pledge should use in its CSR. This
may be desirable if the CA and EST server have different operators.