Hi David, Thanks for your email; you sent it right on time as I'd just started composing a similar email based on my reading of section 4.2 of RFC4211.
Op do 6 okt. 2022 om 09:58 schreef Thom Wiggers <t...@thomwiggers.nl>: > > We weren't aware of CRMF, so it seems I've got some reading to do as I > write some paragraphs on KEM certificates in my PhD thesis :) > > Digging into RFC4211 and as David just wrote, my interpretation of the "indirect method" specified there mostly lines up with the "encrypt certificate" approach I described in my previous email. CRMF, as an interactive protocol, does require that you prove to the issuer that you decrypted correctly, as David wrote, so I suppose that this makes it important that the protocol that implements CRMF delays submitting to the CT logs until after they've received confirmation, to avoid the "attack" that I described. Of course, that still means that the "encrypt certificate" message does not work for the kinds of "non-interactive" issuance that CSRs allow. I'll continue my reading with your pointers, thanks :) Cheers, Thom
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
