- The protocol is to be based as much as possible on the existing
CMS, PKCS#10 and CRMF specifications.
- The protocol must support the current industry practice of a
PKCS#10 request followed by a PKCS#7 response as a subset of the
protocol.
- The protocol needs to easily support the multi-key enrollment
protocols required by S/MIME and other groups.
- The protocol must supply a way of doing all operations in a
single-round trip. When this is not possible the number of round
trips is to be minimized.
- The protocol will be designed such that all key generation can
occur on the client.
- The mandatory algorithms must superset the required algorithms for
S/MIME.
- The protocol will contain POP methods. Optional provisions for
multiple-round trip POP will be made if necessary.
- The protocol will support deferred and pending responses to
certificate request for cases where external procedures are
required to issue a certificate.
- The protocol needs to support arbitrary chains of local
registration authorities as intermediaries between certificate
requesters and issuers.
