BRSKI with Alternative Enrollment
RFC 9733, “BRSKI with Alternative Enrollment”, is a Proposed Standard document published in March 2025 by D. von Oheimb, S. Fries, H. Brockhaus. The canonical text is published by the RFC Editor.
Abstract
This document defines enhancements to the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol, known as BRSKI with Alternative Enrollment (BRSKI-AE). BRSKI-AE extends BRSKI to support certificate enrollment mechanisms instead of the originally specified use of Enrollment over Secure Transport (EST). It supports certificate enrollment protocols such as the Certificate Management Protocol (CMP) that use authenticated self-contained signed objects for certification messages, allowing for flexibility in network device onboarding scenarios. The enhancements address use cases where the existing enrollment mechanism may not be feasible or optimal, providing a framework for integrating suitable alternative enrollment protocols. This document also updates the BRSKI reference architecture to accommodate these alternative methods, ensuring secure and scalable deployment across a range of network environments.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9733 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9732 A Framework for NRP-Based Enhanced Virtual Private Networks
- RFC 9734 X.509 Certificate Extended Key Usage for Instant Messaging URIs
- RFC 9731 A YANG Data Model for Virtual Network Operations
- RFC 9735 Locator/ID Separation Protocol Distinguished Name Encoding
- RFC 9730 Interworking of GMPLS Control and Centralized Controller Systems
- RFC 9736 The BGP Monitoring Protocol Peer Up Message Namespace
- RFC 9729 The Concealed HTTP Authentication Scheme
- RFC 9737 Reporting Errors in NFSv4.2 via LAYOUTRETURN