BRSKI resource | constrained-BRSKI resource |
---|---|
/requestvoucher | /rv |
/voucher_status | /vs |
/enrollstatus | /es |
BRSKI + EST | Constrained-BRSKI + EST | Well-known URI namespace |
---|---|---|
/requestvoucher | /rv | brski |
/voucher_status | /vs | brski |
/csrattrs | /att | est |
/simpleenroll | /sen | est |
/cacerts | /crts | est |
/enrollstatus | /es | brski |
/simplereenroll | /sren | est |
Integer | Assertion Type |
---|---|
0 | verified |
1 | logged |
2 | proximity |
Attribute | Description |
---|---|
brski | Root path of Bootstrapping Remote Secure Key Infrastructure (BRSKI) resources |
brski.rv | BRSKI request voucher resource |
brski.vs | BRSKI voucher status telemetry resource |
brski.es | BRSKI enrollment status telemetry resource |
URI | Short URI | Description | Reference |
---|---|---|---|
requestvoucher | rv | Request voucher: Pledge to Registrar, and Registrar to MASA |
|
voucher_status | vs | Voucher status telemetry: Pledge to Registrar |
|
requestauditlog | -- | Request audit log: Registrar to MASA |
|
enrollstatus | es | Enrollment status telemetry: Pledge to Registrar |
|
Function |====================| Profiles -> | Min | Typ | Full |
---|---|---|---|
General | === | === | ==== |
Support Constrained BRSKI bootstrap | Y | Y | Y |
Support other bootstrap method(s) | - | - | Y |
Real-time clock and cert time checks | - | - | Y |
Constrained BRSKI | === | === | ==== |
Discovery for rt=brski* | - | - | Y |
Support pinned Registrar public key (RPK) | Y | - | Y |
Support pinned Registrar certificate | - | Y | Y |
Support pinned Domain CA | - | Y | Y |
Constrained EST | === | === | ==== |
Discovery for rt=ace.est* | - | - | Y |
GET /att and response parsing | - | - | Y |
GET /crts format 281 (multiple CA certs) | - | - | Y |
GET /crts only format TBD287 (one CA cert only) | Y | Y | - |
ETag handling support for GET /crts | - | Y | Y |
Re-enrollment supported | - (1) | Y | Y |
6.6.1 optimized procedure | Y | Y | - |
Pro-active cert re-enrollment at own initiative | N/A | - | Y |
Periodic trust anchor retrieval GET /crts | - (1) | Y | Y |
Supports change of Registrar identity | - (1) | Y | Y |