Conveying a Certificate Signing Request in a Secure Zero-Touch Provisioning Bootstrapping Request
RFC 9646, “Conveying a Certificate Signing Request in a Secure Zero-Touch Provisioning Bootstrapping Request”, is a Proposed Standard document published in October 2024 by K. Watsen, R. Housley, S. Turner. It updates RFC 8572. The canonical text is published by the RFC Editor.
Abstract
This document extends the input to the "get-bootstrapping-data" RPC defined in RFC 8572 to include an optional certificate signing request (CSR), enabling a bootstrapping device to additionally obtain an identity certificate (e.g., a Local Device Identifier (LDevID) from IEEE 802.1AR) as part of the "onboarding information" response provided in the RPC-reply.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9646 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9645 YANG Groupings for TLS Clients and TLS Servers
- RFC 9647 A YANG Data Model for Babel
- RFC 9644 YANG Groupings for SSH Clients and SSH Servers
- RFC 9648 YANG Data Model for TCP
- RFC 9643 YANG Groupings for TCP Clients and TCP Servers
- RFC 9649 WebP Image Format
- RFC 9642 A YANG Data Model for a Keystore
- RFC 9650 Revision to Registration Procedures for IS-IS Neighbor Link- Attribute Bit Values