Re: [TLS] OCSP and browsers

2022-10-04 Thread Tim Hollebeek
Also, the amount of work necessary to make Certificate Transparency work with three day certificates is probably not worth the effort. It's not that you can't do it ... the easiest way is to break the 1-1 correspondence between SCTs and certificates, and make allowances for issuing a series of

[TLS] Q: Creating CSR for encryption-only cert?

2022-10-04 Thread Blumenthal, Uri - 0553 - MITLL
TL;DR Need to create a CSR for a key pair whose algorithm does not allow signing (either because it’s something like Kyber, or because restriction enforced by HSM). How to do it? Longer version: There are several use cases that require certifying long-term asymmetric keys that are only capable

Re: [TLS] Securely disabling ECH

2022-10-04 Thread Salz, Rich
I do not understand your question. Let me start with a picture. Client <-> TLS terminating <-> Desired Origin Concretely for an example: Browser <-> a CDN <-> origin for www.example.com The key phrase is the middle entity is a TLS terminating one. (As op

Re: [TLS] Creating CSR for encryption-only cert?

2022-10-04 Thread Mike Ounsworth
Hi Uri, > Need to create a CSR for a key pair whose algorithm does not allow signing I believe you don't. I believe that CSR (aka PKCS#10, aka RFC 2986) requires a *signature*. A couple of years ago I attempted to summarize the state of IETF cert enrollment protocols for non-signing keys: see s

Re: [TLS] Creating CSR for encryption-only cert?

2022-10-04 Thread Brockhaus, Hendrik
During the last LAMPS interim call, I mentioned this topic as well. It was decided to add support for KEM keys in RFC4210bis. Sean said, that he is working on a draft on PoP for KEM keys. Hendrik > Von: Spasm Im Auftrag von Blumenthal, Uri - 0553 - > MITLL > > TL;DR > Need to create a CSR for

Re: [TLS] Creating CSR for encryption-only cert?

2022-10-04 Thread Brockhaus, Hendrik
> Von: Spasm Im Auftrag von Mike Ounsworth > > Hi Uri, > > > Need to create a CSR for a key pair whose algorithm does not allow signing > > Summary: > Yes: CMP, EST-with-full-CMC. > No: Lightweight CMP, EST. ACME should also be here since it requires a CSR. [HB] As soon as CRMF supports PoP fo

Re: [TLS] [lamps] Q: Creating CSR for encryption-only cert?

2022-10-04 Thread Russ Housley
Uri: You cannot do it with PKCS#10. That is why CRMF (RFC 4211) was created. RFC 2875 and RFC 6955 talk about the proof-of-possession (PoP) of 2875 Diffie-Hellman keys. A similar PoP specification will be needed for Kyber, and some folks agreed to write the -00 version before IETF 115 (nudge

Re: [TLS] [lamps] Q: Creating CSR for encryption-only cert?

2022-10-04 Thread Martin Thomson
The integrity of TLS doesn't depend on the key holder presenting proof of possession toward the issuing CA. Perhaps we could define an extension that produced an empty signature, so that it could be used for any algorithm without these complications... On Wed, Oct 5, 2022, at 03:05, Russ Housl

Re: [TLS] Creating CSR for encryption-only cert?

2022-10-04 Thread Peter Gutmann
Brockhaus, Hendrik writes: >During the last LAMPS interim call, I mentioned this topic as well. It was >decided to add support for KEM keys in RFC4210bis. Sean said, that he is >working on a draft on PoP for KEM keys. Uhh... CMP has supported KEM keys since day one. And signing keys, and key ag