Format and standard for CSR
mcr at sandelman.ca
Fri Aug 30 00:47:07 UTC 2019
Robert Moskowitz <rgm at htt-consult.com> wrote:
> On 8/29/19 9:20 AM, Michael Richardson wrote:
>> Robert Moskowitz <rgm at htt-consult.com> wrote:
>> > I am writing an Internet Draft that will include transmission of a CSR, so I
>> > need to reference the proper source. No more sloppy, "well it works...".
>> > Some digging said it is in PKCS#10 - CSR. But I did not stop with
>> > that.
>> RFC2986 is PKCS10.
>> RFC7030 references that, I don't think that there is anything newer.
>> But, maybe I've mis-understood your question?
> To bring up 7030, yes you have.
> 7030 is not something you want to run over a highly constrained network,
> involving a highly constrained device. It does provide some good guidelines
> for 'completeness'. Is ANIMA using it? And ANIMA is not just constrained
ANIMA BRSKI is an RFC7030 extension.
ANIMA constrained-BRSKI (draft-ietf-anima-constrained-voucher) is an
extension of ACE's draft-ietf-ace-coaps-est, which is a constrained version
of 7030. [Yes, I'm an author on all of those]
It still uses CSRs (binary DER, never PEM encoded).
> For this project there are strong arguments to do all registration stuff
> within HIP messages. At least for initial design.
> It is not my job in this project to declare a winner in best CSR format
> design. For the initial specification, I need to do a best effort on current
> practice. PKCS#10 seems to be that.
We are going to be using CSR until we have something like CoID.
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the openssl-users