IETF Logo Mail Archive

[Acme] Integrated with CSR. Re: ACME signature mechanics

Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 17 December 2014 17:27 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CE11A1B27 for <acme@ietfa.amsl.com>; Wed, 17 Dec 2014 09:27:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nLhwcDmVZiUX for <acme@ietfa.amsl.com>; Wed, 17 Dec 2014 09:27:11 -0800 (PST)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0E961A1F73 for <acme@ietf.org>; Wed, 17 Dec 2014 09:27:10 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id n3so16927978wiv.7 for <acme@ietf.org>; Wed, 17 Dec 2014 09:27:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=2BRV9KmPkxzoLjyXrQxtwUVrMf8i/xppv2IgosEvh5A=; b=u29m/dfwgJA4nV9bdYK9ZzNGCQr596qGHTwDAaRe3FBAIa+Y9nJZq0GGxNPTgSxGX3 MAEOoy8ucLjVprPJp0yac97n+hEaz+m3LrVNc89QVGoc09hzv0X/2CdIomtSXNarb4wi E4SkhA7e1Naa4bzJ1Sa64Sk1p8hZ+qClJitIlohhzyBi7VIm9JjllKGvaDUR+Kc3+/Yd uttxzx237KU/nRb/2vngFAmNzupTd9rBCvaIzSnfjDhn5tdfUNKRPUl+Cb0gIN7uC1NU sn8drCgEHkZYW/V0bLLWyY5DYtOxHv438X1h/mbcUEP65MSDZOeXGb6xOlDC0j0izT/f lFkA==
X-Received: by 10.194.63.229 with SMTP id j5mr74654148wjs.23.1418837229281; Wed, 17 Dec 2014 09:27:09 -0800 (PST)
Received: from [192.168.1.79] (52.16.14.81.rev.sfr.net. [81.14.16.52]) by mx.google.com with ESMTPSA id w10sm5890202wje.10.2014.12.17.09.27.08 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 17 Dec 2014 09:27:08 -0800 (PST)
Message-ID: <5491BCE5.9010002@gmail.com>
Date: Wed, 17 Dec 2014 18:27:01 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Richard Barnes <rlb@ipv.sx>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com> <20141217171915.GX3241@localhost>
In-Reply-To: <20141217171915.GX3241@localhost>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/6kC6cY_5l0Sk_gNcCELMtxVP1sQ
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: [Acme] Integrated with CSR. Re: ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2014 17:27:12 -0000

The "csr" object holds a public key and an associated signature that goes over
the public key and a hypothetical attribute.  This is a bare-bones CSR.

The counter/attestation-signature goes over the entire package.


{
   "type": "certificateRequest",
   "csr":
     {
       "domain": "acme.com",
       "signature":
         {
           "algorithm": "ES256",
           "publicKey":
             {
               "type": "EC",
               "curve": "P-256",
               "x": "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
               "y": "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
             },
           "value": "MEUCIF8p4ZY7YGJFaG8X41S-7ZCv...zesjHVc_pUqAa-IcbqefCTR9AvwivtbKA"
         }
     },
   "signature":
     {
       "algorithm": "RS256",
       "certificatePath":
         [
           "MIIETTCCAjWgAwIBAgIGAUoqo740MA0GCS...s9Zi90RyQ7UzWNrQjoLERGLkuetIw",
           "MIIFOjCCAyKgAwIBAgIBATANBgkqhkiG9w...O4Zfwjxug_CkeRb2m2sKaBNgCpJig"
         ],
       "value": "EmEcktZ2gyG639-vzCf_3b3A6CF8N_...gXLy-zDCUnXVv_P7kqkJlABNgnNRbeLmtFgw"
     }
}

v2.23.0 | Report a Bug | By Email