Format and standard for CSR

Robert Moskowitz rgm at htt-consult.com
Thu Aug 29 14:04:49 UTC 2019



On 8/29/19 9:20 AM, Michael Richardson wrote:
> Robert Moskowitz <rgm at htt-consult.com> wrote:
>      > I am writing an Internet Draft that will include transmission of a CSR, so I
>      > need to reference the proper source.  No more sloppy, "well it works...".
>
>      > Some digging said it is in PKCS#10 - CSR.  But I did not stop with
>      > that.
>
> RFC2986 is PKCS10.
> RFC7030 references that, I don't think that there is anything newer.
> But, maybe I've mis-understood your question?

To bring up 7030, yes you have.

7030 is not something you want to run over a highly constrained network, 
involving a highly constrained device.  It does provide some good 
guidelines for 'completeness'.  Is ANIMA using it?  And ANIMA is not 
just constrained devices.

For this project there are strong arguments to do all registration stuff 
within HIP messages.  At least for initial design.

It is not my job in this project to declare a winner in best CSR format 
design.  For the initial specification, I need to do a best effort on 
current practice.  PKCS#10 seems to be that.

You may be one of the parties at the Hackathon.   And perhaps the only 
one on this list.




More information about the openssl-users mailing list