Sorry Ted, I think I was not so clear. We use https (http over tls) to transmit this invoice files and I think it will be great if we have the option on the tls protocol to ask another service to encrypt things to it, without having the certificate (with private key).
On Mon, Jul 16, 2018 at 1:50 PM Ted Lemon <mel...@fugue.com> wrote: > > Why do you need to extend tls to do this? Why not just use it for > encapsulation? What you are describing sounds more like pgp than tls. > > On Mon, Jul 16, 2018 at 12:15 PM Walter Neto <walter.n...@superlogica.com> > wrote: >> >> Hi IETF tls list, >> >> I have some problem to solve I believe it is good to make my questions and >> proposals here. >> >> I'm from Brazil, here we need to use X.509 certificates to sign electronic >> invoices XMLs and to communicate this XMLs through https. >> >> The problem is that the most of emitters pass their certificates (with >> private >> and public keys) to the software companies that communicate this invoices, >> what >> in my point of view it is so insecure, the other problem is that generate a >> certificate to the software company authorized to emmit the invoice is so >> bureaucratic. >> >> My proposal is to create a service that generates tokens to third >> applications >> use this service to sign, and encrypt data without the certificate, and >> introduce an option in the tls protocol to pass the token and the service >> address to use it when don't have local cert files. >> >> Does it make sense? >> >> -- >> Walter Neto >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
