[pkix] In-the-wild implementations of RFC6955?

Michael StJohns <msj@nthpermutation.com> Mon, 23 May 2022 21:56 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 086E1C1D3C5A for <pkix@ietfa.amsl.com>; Mon, 23 May 2022 14:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TocakbBIDjWW for <pkix@ietfa.amsl.com>; Mon, 23 May 2022 14:56:04 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C71DEC1D3C62 for <pkix@ietf.org>; Mon, 23 May 2022 14:56:01 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id 135so11310931qkm.4 for <pkix@ietf.org>; Mon, 23 May 2022 14:56:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:content-language:to:from :subject:content-transfer-encoding; bh=mJ4u0XtTiiMMIHbeBsgblTzSJo4XR5FG19S/Kuz4s7M=; b=rGyCg39BNr+VXoCKbxqwqxSy1F1aDCS1Cs19TyKXImIlbjwNpv7HHrag+vjg1/dEhr 4M/x1iRSIrWCkwqSg9ve4fpSXzLGdIX59LU9vL7XW/8j2zi7R7j0dTYgBMTcCW+mMz6O ZtX9KVBwpJS2sKraMgmDmfgI9OEISfcDhfpOCDNrjpSLXb3Lv0F4TXgtbo7CtM17vagu kZHYMEbM3YNf+TVjY06CCvDgbFO8jKNN0DLvNf+rMnZs6Q9HPIt25CXRwMDUlGlKTHrZ Q3OuYUi4ArT2jB5uA8lB7U7BUc/h3wVuEFJ+GMFbm9tq0WTOLNuLnzQqdF8jcRrD4110 9zHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:from:subject:content-transfer-encoding; bh=mJ4u0XtTiiMMIHbeBsgblTzSJo4XR5FG19S/Kuz4s7M=; b=4Y3iIbefphxZmwmH33K8tX229viDmwlKdGojlQ4DrdtKlUYN/1noLVRsxOyDdfDdHu NYmTL/DYeKW8d8u//zskGS0eMEeqZqgcbV6s4RKkPLBNt7IEWGV8OI2miiaxGiAu+nj0 J0I5mW/TFTRRO1e0sCqR2luY/GBmf+SSEZ2R2FAKB7F44GWNNh2scvPCWrM5O57KVve/ zJ4weXmBHD1/RC7Ci8rzoUdZRA3bjhdoxGRCQY7NODfthL76bLX6deFHGm83Qt4yXA2S aJ340iDbHQNkyGLCObOYbDTq7LE733VZg7GY9KB9ltSaP4zNqGN5jqepBbALbzkAgUvf Yv7g==
X-Gm-Message-State: AOAM530dIuoeddEJzwQ5fSeS2vW0OWRcSYK47vqkcnCe+q2GZfgn0z70 2rWYHf9iD1IsolK1OwSWgeJEr2w+7sYzgMoI
X-Google-Smtp-Source: ABdhPJwVRfvY+60/b+REC6B1LSrfqkIRXZnEcMczK6mrHKRNhMh6sNVB05vPoGPyXl586a8J9Nypzg==
X-Received: by 2002:a05:620a:1712:b0:6a3:abba:697a with SMTP id az18-20020a05620a171200b006a3abba697amr2345368qkb.149.1653342959506; Mon, 23 May 2022 14:55:59 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-51-200-187.washdc.fios.verizon.net. [108.51.200.187]) by smtp.gmail.com with ESMTPSA id j20-20020a37ef14000000b0069fc13ce1d6sm4885415qkk.7.2022.05.23.14.55.58 for <pkix@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 May 2022 14:55:58 -0700 (PDT)
Message-ID: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com>
Date: Mon, 23 May 2022 17:55:57 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: IETF PKIX <pkix@ietf.org>
From: Michael StJohns <msj@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/vDxSZDU1e_Xg9Vibb7RoCx9Wrrs>
Subject: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2022 21:56:06 -0000

Hi -

Is anyone aware of

a)  implementation of CSR software which can generate requests for ECDH 
certificates (EC public key, keyAgreement key usage extension) that use 
the RFC6955 Proof of Possession as the signature for a PKCS10 CSR?

b) public CA's  or CA software that actually support issuing 
certificates against those types of CSRs?

Thanks - Mike