Bootstrapping event counter. SZTPD needs to maintain bootstrapping event counters.

Device record counters. It is planned to track when the device records are created, last modified, and the total number of modifications. Similarly, to track when the bootstrapping device first connected, last connected, and the total number of connections.

send notifications, as currently none are.

Run the “verify-device-ownership” callouts at time of bootstrapping event (in addition to when the device record was first created). Seems like something that should be opt-ed into, and hence a feature that can be implemented later.

Support a callout to retrieve an ownership voucher from an external system. This would implement the “supply-ownership-voucher” RPC defined in the “sztpd-rpcs” module. The RPC is currently protected by a ‘feature’ statement called “supply-ownership-voucher”, thus programmatically signaling that it is not supported, though visible in the YANG.

Support signing conveyed information sent from SZTPD using the private key associated with a configured owner certificate.

Support encrypting conveyed information sent from SZTPD using the device’s public key from its identity certificate (e.g., IDevID).

Support stapling revocation responses to CMS objects returned to devices.

Update the SBI’s “get-bootstrapping-data” response to strip-out the “ietf-sztp-conveyed-info:” prefix from the “hash-algorithm” value. Since the namespace is already “ietf-sztp-conveyed-info”, the value MAY be prefixed, and while it is considered clearer to always use prefixes, it may be considered cluttering in this instance…

Enabled TLS ports to use RSA-based keys (extended deep-inspection logic)

Enabled TLS server certs to be unordered inside the CMS structure when configured.

Logic now removes the <content-data> wrapper from XML-based conveyed-information responses.

Added support for the ‘relay-progress-report’ dynamic-callout. Previously only the webhook was supported.

Rewrote the support for “ordered-by user” lists to be more scalable.

Added initial support for pagination query parameters (‘limit’, ‘offset’, and ‘direction’).

Added XML support for the SBI (now supports both JSON and XML). Strong HTTP header checking.

Added strong validation for known base64-encoded values (public keys, private keys, end-entity certificates, and trust anchor certificates) when being configured.

Changed “/transport/listen/endpoint/use-for” to be a “mandatory true” leaf; it was a “mandatory false” leaf-list, thus removing the ability for an endpoint to present more than one API, which was unnecessarily present before.

The “ordered-by user” query parameters (point + insert) now work, per Section 4.8 of RFC 8040^{[There are three “ordered-by user” lists in SZTPD: download-uris, bootstrap-servers, and matched-responses (the first two are leaf-lists).]}[Be advised that the “download-uri” leaf-list uses URL as keys; the client MUST percent-encode these URL-based keys.].

Modified the “wn-sztpd-1” YANG module to set the per-device device-type leafref to “require-instance true” (was false).

Implemented the “SZTPD_DEFAULT_ADDR” environment variable, as described in the Installation Guide.