Uri, Greetings!
On 8/28/19 6:09 PM, Blumenthal, Uri - 0553 - MITLL wrote:
Do you have an ASN.1 definition fit the content of CSR, or are you
willing to create one?
For now working with ASN.1.
IMHO, DER would be a pretty good choice, fat better than something
home-brewed and non-standard.
take a look at rfc 7049. This is the standard for data objects over
constrained networks. Then look at
draft-birkholz-core-coid
For work being done to define by a good team to meld x.509 stuff with CBOR.
"The wonderful thing about standards is there are so many to choose from."
There was a reference point to Grace Hopper saying this in '58.
Regards,
Uri
Sent from my iPhone
On Aug 28, 2019, at 17:49, Robert Moskowitz <r...@htt-consult.com
<mailto:r...@htt-consult.com>> wrote:
CSR is an object in a container that goes over a 'wire'. Sometimes
the wire is very small (BT4) so the container needs to be tightly
designed.
It should be a standard, not something totally off the wall. Well I
could do it in CBOR, and probably will at some point, but for now
something more common in PKIX world should work.
Mangle it, stuff it down the wire, de-mangle it and use it. For now I
am referencing RFC 2986.
What do you suggest. Please reference documents that can be
referenced in the document.
Thanks
On 8/28/19 5:23 PM, Michael Sierchio wrote:
I don't see the point in DER encoding for a CSR – The RA and CA
decide the composition of the cert, based on the rules and CPA that
they follow, and of course any cert issued will be in DER format,
and may include reordering or modified/expanded extensions and key
use restrictions. A CSR is basically an assertion that includes
pubkey, proof of possession of the private key, and any request
elements required by policy. It's a one-time document that needs to
be validated precisely once.
On Wed, Aug 28, 2019 at 6:49 AM Robert Moskowitz
<r...@htt-consult.com <mailto:r...@htt-consult.com>> wrote:
I am writing an Internet Draft that will include transmission of
a CSR,
so I need to reference the proper source. No more sloppy, "well it
works...".
Some digging said it is in PKCS#10 - CSR. But I did not stop
with that.
A bit more googling lead me to RFC 4211...
When I create a CSR with:
openssl req -config openssl-intermediate.cnf\
-key ./private/client.key.pem \
-subj "$DN" -new -out ./csr/client.csr.pem
What format is this? Are there better, more concise formats
(e.g. DER?)
for transmission over constrained networks?
I can dump it with
openssl req -text -noout -verify -in ./csr/client.csr.pem
But that does not really tell me the format, only what is in the
cert.
Thanks
--
"Well," Brahmā said, "even after ten thousand explanations, a fool
is no wiser, but an intelligent person requires only two thousand
five hundred."
- The Mahābhārata
