Re: [Acme] "authorized key pair" vs CSR keys
Martin Thomson <martin.thomson@gmail.com> Thu, 18 December 2014 19:55 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07411A1B94 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:55:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xFCteHSQcSxQ for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:55:14 -0800 (PST)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D126F1A6F17 for <acme@ietf.org>; Thu, 18 Dec 2014 11:55:13 -0800 (PST)
Received: by mail-ob0-f174.google.com with SMTP id nt9so5616809obb.5 for <acme@ietf.org>; Thu, 18 Dec 2014 11:55:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=u64PfATBdx79J0cmIYKpNmcGQV43lfJW49Tkq+3hMXQ=; b=N4bPhlf7KA8yTPcLlkGnoD/GZT6viabBrVcdLIRjE6hVJRLjJZNy7SjMdGn3jdDy+K HzKrAQWbWkCFg4Vulpu1WTkXPz8eN8jiS93IMMsK4O33rl5htIHRC1hOkQ/wcDK7jghm LqlBIJChrKH11bP2RJO+xiG68PFKPu2SsQP42IlYfFZ5nXgQg1BUV8dgZb+Bj3n5zh4B Ma0QTi8csXZ3NCkeqM3XDsvaevWL6orO276meAtPt406IK3CiDoUdqkFz1r/ZdjB1MGg DPFBtZHHUEy/aXZXaqucj5rkhaqC86wLzniBEu+nIriXkOzfAQR73IMQfpOBQHtQ6Som nNhg==
MIME-Version: 1.0
X-Received: by 10.202.219.198 with SMTP id s189mr2340362oig.72.1418932513140; Thu, 18 Dec 2014 11:55:13 -0800 (PST)
Received: by 10.202.49.203 with HTTP; Thu, 18 Dec 2014 11:55:13 -0800 (PST)
In-Reply-To: <5492C4AF.3050708@gmail.com>
References: <5492C4AF.3050708@gmail.com>
Date: Thu, 18 Dec 2014 11:55:13 -0800
Message-ID: <CABkgnnWxuD4qPeaMEQZWacxZEO1nCh5XczsG+BvnE9hrZHPTiA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/wO7xnfWRH1WtV2kLejF-Oi6mejw
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] "authorized key pair" vs CSR keys
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 19:55:15 -0000
On 18 December 2014 at 04:12, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > Does/can the CSR use another key-pair than the "authorized key pair"? > > If not the outer signature seems a bit odd since the CSR itself should > contain a signature. The signature in the CSR isn't enough to bind the CSR to the ACME protocol process. Without that, the information that appears in the ACME context couldn't be properly attributed to the private key owner.
- [Acme] "authorized key pair" vs CSR keys Anders Rundgren
- Re: [Acme] "authorized key pair" vs CSR keys Martin Thomson
- Re: [Acme] "authorized key pair" vs CSR keys Anders Rundgren
- Re: [Acme] "authorized key pair" vs CSR keys Martin Thomson
- Re: [Acme] "authorized key pair" vs CSR keys Anders Rundgren