Format and standard for CSR

Michael Richardson mcr at
Fri Aug 30 00:47:07 UTC 2019

Robert Moskowitz <rgm at> wrote:
    > On 8/29/19 9:20 AM, Michael Richardson wrote:
    >> Robert Moskowitz <rgm at> wrote:
    >> > I am writing an Internet Draft that will include transmission of a CSR, so I
    >> > need to reference the proper source.  No more sloppy, "well it works...".
    >> > Some digging said it is in PKCS#10 - CSR.  But I did not stop with
    >> > that.
    >> RFC2986 is PKCS10.
    >> RFC7030 references that, I don't think that there is anything newer.
    >> But, maybe I've mis-understood your question?

    > To bring up 7030, yes you have.

    > 7030 is not something you want to run over a highly constrained network,
    > involving a highly constrained device.  It does provide some good guidelines
    > for 'completeness'.  Is ANIMA using it?  And ANIMA is not just constrained
    > devices.

ANIMA BRSKI is an RFC7030 extension.
ANIMA constrained-BRSKI (draft-ietf-anima-constrained-voucher) is an
extension of ACE's draft-ietf-ace-coaps-est, which is a constrained version
of 7030.  [Yes, I'm an author on all of those]
It still uses CSRs (binary DER, never PEM encoded).

    > For this project there are strong arguments to do all registration stuff
    > within HIP messages.  At least for initial design.

    > It is not my job in this project to declare a winner in best CSR format
    > design.  For the initial specification, I need to do a best effort on current
    > practice.  PKCS#10 seems to be that.

We are going to be using CSR until we have something like CoID.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list