<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Uri, Greetings!<br>
<br>
<div class="moz-cite-prefix">On 8/28/19 6:09 PM, Blumenthal, Uri -
0553 - MITLL wrote:<br>
</div>
<blockquote type="cite"
cite="mid:6F416D99-3A19-4E8F-A25B-DA3074BC8ABC@ll.mit.edu">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Do you have an ASN.1 definition fit the content of CSR, or are you
willing to create one?</blockquote>
<br>
For now working with ASN.1.<br>
<br>
<blockquote type="cite"
cite="mid:6F416D99-3A19-4E8F-A25B-DA3074BC8ABC@ll.mit.edu">
<div>IMHO, DER would be a pretty good choice, fat better than
something home-brewed and non-standard.<br>
</div>
</blockquote>
<br>
take a look at rfc 7049. This is the standard for data objects over
constrained networks. Then look at<br>
<br>
draft-birkholz-core-coid<br>
<br>
For work being done to define by a good team to meld x.509 stuff
with CBOR.<br>
<br>
"The wonderful thing about standards is there are so many to choose
from."<br>
<br>
There was a reference point to Grace Hopper saying this in '58.<br>
<br>
<blockquote type="cite"
cite="mid:6F416D99-3A19-4E8F-A25B-DA3074BC8ABC@ll.mit.edu">
<div><br>
<div dir="ltr" id="AppleMailSignature">Regards,
<div>Uri</div>
<div><br>
</div>
<div>Sent from my iPhone</div>
</div>
<div dir="ltr"><br>
On Aug 28, 2019, at 17:49, Robert Moskowitz <<a
href="mailto:rgm@htt-consult.com" moz-do-not-send="true">rgm@htt-consult.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
CSR is an object in a container that goes over a 'wire'.
Sometimes the wire is very small (BT4) so the container
needs to be tightly designed.<br>
<br>
It should be a standard, not something totally off the
wall. Well I could do it in CBOR, and probably will at some
point, but for now something more common in PKIX world
should work.<br>
<br>
Mangle it, stuff it down the wire, de-mangle it and use it.
For now I am referencing RFC 2986.<br>
<br>
What do you suggest. Please reference documents that can be
referenced in the document.<br>
<br>
Thanks<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/28/19 5:23 PM, Michael
Sierchio wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHu1Y72oWURbi-6PhfVdfvKT_V7ZRAXhq_WtZvmnQoehs4XYzA@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>I don't see the point in DER encoding for a CSR –
The RA and CA decide the composition of the cert,
based on the rules and CPA that they follow, and of
course any cert issued will be in DER format, and may
include reordering or modified/expanded extensions and
key use restrictions. A CSR is basically an assertion
that includes pubkey, proof of possession of the
private key, and any request elements required by
policy. It's a one-time document that needs to be
validated precisely once.</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Aug 28, 2019
at 6:49 AM Robert Moskowitz <<a
href="mailto:rgm@htt-consult.com"
moz-do-not-send="true">rgm@htt-consult.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">I am writing an
Internet Draft that will include transmission of a
CSR, <br>
so I need to reference the proper source. No more
sloppy, "well it <br>
works...".<br>
<br>
Some digging said it is in PKCS#10 - CSR. But I did
not stop with that.<br>
<br>
A bit more googling lead me to RFC 4211...<br>
<br>
When I create a CSR with:<br>
<br>
openssl req -config openssl-intermediate.cnf\<br>
-key ./private/client.key.pem \<br>
-subj "$DN" -new -out ./csr/client.csr.pem<br>
<br>
What format is this? Are there better, more concise
formats (e.g. DER?) <br>
for transmission over constrained networks?<br>
<br>
I can dump it with<br>
<br>
openssl req -text -noout -verify -in
./csr/client.csr.pem<br>
<br>
But that does not really tell me the format, only what
is in the cert.<br>
<br>
Thanks<br>
<br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font face="arial, helvetica,
sans-serif" color="#666666"><br>
"Well," Brahmā said, "even after ten
thousand explanations, a fool is no wiser,
but an intelligent person requires only two
thousand five hundred."</font>
<div><font face="arial, helvetica, sans-serif"
color="#666666"><br>
- The Mahābhārata</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>