The abstract for RFC 4211 seems to say that the RFC is meant to be a spec for CRMF (which I understand to be a protocol for transmitting a CSR), while RFC 2986 specs out the CertificationRequest information type, which seems also be a CSR.
What is CRMF, how does it relate to a CSR, and which RFC ultimately specs out a CSR?
Thanks!
CRMF is one way to request a certificate SCEP is another, and so is ACME.
The Rfc 2986 specifies PKCS#10, which is what a CSR is. Most protocols transmit PKCS#10 plus some more info (for instance authentication ands other metadata).