During the last LAMPS interim call, I mentioned this topic as well. It was decided to add support for KEM keys in RFC4210bis. Sean said, that he is working on a draft on PoP for KEM keys.
Hendrik > Von: Spasm <spasm-boun...@ietf.org> Im Auftrag von Blumenthal, Uri - 0553 - > MITLL > > TL;DR > Need to create a CSR for a key pair whose algorithm does not allow signing > (either because it’s something like Kyber, or because restriction enforced by > HSM). How to do it? > > Longer version: > > There are several use cases that require certifying long-term asymmetric keys > that are only capable of encryption/decryption – but not signing/verification. > That could be either because the algorithm itself does not do signing, or > because > the private key is generated and kept in a secure hardware that enforces usage > restriction. > > One example of a protocol that needs this is KEMTLS - which I hope is > accepted, > either as-is, or with simplification. > > CSR is supposed to be signed by the corresponding private key to prove > possession. Obviously, it cannot be done with a key such as described above. > How is this problem addressed in the real world? With AuthKEM and KEMTLS, > how would these protocols get their certificates? > > A short discussion of this issue on the OpenSSL mailing list brought up > Certificate > Management Protocol (CMP) and CRMF format. Is that where we're heading? > Are the "big CAs" on board with it? > > Thanks! > -- > V/R, > Uri > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
