Re: [Secdispatch] draft-leggett-spkac: Signed Public Key and Challenge

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 09 November 2022 17:23 UTC

From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Graham Leggett <minfrin@sharp.fm>, secdispatch@ietf.org
In-reply-to: <FC5C3A5D-27A2-4E87-9148-282A7CB8E192@sharp.fm>
References: <77101A6A-7D9C-4817-B16D-70505FA10C6D@sharp.fm> <CADNypP8VhSkWX-gjLAs5mTV2YzUc0LRHsNNPdeqE7DiTHjR=3g@mail.gmail.com> <171941.1667844726@dyas> <FC5C3A5D-27A2-4E87-9148-282A7CB8E192@sharp.fm>
Comments: In-reply-to Graham Leggett <minfrin@sharp.fm> message dated "Wed, 09 Nov 2022 16:05:12 +0200."
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 09 Nov 2022 17:23:28 +0000
Message-ID: <417704.1668014608@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/kkK1mxZlTg347yZITLyr_DkLO-E>
Subject: Re: [Secdispatch] draft-leggett-spkac: Signed Public Key and Challenge
Precedence: list

Graham Leggett <minfrin@sharp.fm> wrote:
    > I care because I wrote this:
    > https://redwax.eu/rs/docs/latest/mod/mod_spkac.html, which is an
    > implementation of the server side of keygen. I also care because it
    > made distributing certs hard that had private keys generated by the end
    > user of the certificate. The vast majority of certificate distribution

I also care, because I'm involved in cacert.org, and there is an uptick in
client-side certificate use, but... now impossible to generate new keys in
the browser :-)

    > these days is done by “here is your cert, also here is your key that we
    > generated for you and is therefore by definition not private, and
    > therefore we can’t trust anything you signed with this”.

I also hate that :-)

    > I would like to revive the standard in HTML5, but that is a moot point
    > until the (very valid) SPKAC-has-no-definition problem is addressed.

Cool.



--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc

[Secdispatch] draft-leggett-spkac: Signed Public … Graham Leggett
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Russ Housley
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Rifaat Shekh-Yusef
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Michael Richardson
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Salz, Rich
Re: [Secdispatch] [EXTERNAL] Re: draft-leggett-sp… Mike Ounsworth
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Graham Leggett
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Michael Richardson
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Graham Leggett
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Roman Danyliw
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Graham Leggett
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Dirk-Willem van Gulik
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Daniel Kahn Gillmor
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Eric Rescorla
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Dirk-Willem van Gulik
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Daniel Kahn Gillmor
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Dirk-Willem van Gulik
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Russ Housley
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Graham Leggett
Re: [Secdispatch] draft-leggett-spkac: Signed Pub… Russ Housley

Re: [Secdispatch] draft-leggett-spkac: Signed Public Key and Challenge

Attachment: signature.asc