Re: [lamps] Revocation Request Format?

Peter Bowen <> Fri, 02 March 2018 20:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64DA1126C22 for <>; Fri, 2 Mar 2018 12:03:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SsJFMtJbqjdo for <>; Fri, 2 Mar 2018 12:03:32 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6EE66124217 for <>; Fri, 2 Mar 2018 12:03:32 -0800 (PST)
Received: by with SMTP id o145so14961197lff.0 for <>; Fri, 02 Mar 2018 12:03:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JW8wOFncmb1v9g1FhlgFflCubeC7zlyHLe+Y0u+1hRU=; b=ne0OLVfi0ci5nYXA6pZthagMQvKvNEL0o+lmMGzlHG3rMVGAeu73/h+0DDTxwLrz8g K4uRXdorhezDB2Ij2b8gQtimxnUzhVQ3tfLkvlQyLsO14eof1lQIYxzCOgQqJaIsyEOc 4CHwHUacuECtl7msDaz/wnphHy5CCeYmNShLd+XWs/qGoqGh7WOOjHqZu98QQ/5xXfXN qwAcEC9OkhdIKZOK4uwPMfTZ94az3LmeIiM4oPmnbVvjem0q/v3xZt49WFYVhvBm6adA xcTBUPXI2LSnf06N/Q1Rfapla3batWjPwSgWurSUnF+M8SmNX6rtL3A74C5Ae1r03lVY Qbbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JW8wOFncmb1v9g1FhlgFflCubeC7zlyHLe+Y0u+1hRU=; b=WAu4U7cboI2CmdJDkdUSAAn3gmNBX+xaikveErZXAGXJFA+9sTHsmyZjbZyWTmsNK4 SUnpLLdOKhoViV2eFGq1xm4S/2yXj9CtComzwfANNicejepw7BsAAhl7xePF1SdI1K2k 8I26iueowITC6P4x33E47E3cW9Fx86FMoujgEg+PFdhseYB1ge4UAq/U43Mb7ADMW6L5 MXy88jYf44V7D534SeXInVHawNrKNmyV4oxKRfH4FN15WarHPNd2DlgNdDWW8++61/QL 9y8nsyjyCPP03L9HNueTtP22YUzj6+DB4yYQANE6Q3lLF0JLuBOfREDUM2j8ib2yrQGr ys9w==
X-Gm-Message-State: AElRT7GRVBR7tAcc6jwsqiqu3iupavFuvm+db3UwWqTPssxk8Xavo982 uRPA3dAC1Pxn4+AQVagIwJDJrsMnyMJOd9ZfmGOClmP5
X-Google-Smtp-Source: AG47ELsh8RRS3nnjquGzXVsLjaz8PYqsmM5aPvxDw8HvQHicgBf0GNG04SQnMMz0kijtfzeHZ2S67iCR8ZKvvhmQh2M=
X-Received: by with SMTP id b191mr4546904lfe.73.1520021010606; Fri, 02 Mar 2018 12:03:30 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Fri, 2 Mar 2018 12:03:29 -0800 (PST)
In-Reply-To: <>
References: <> <>
From: Peter Bowen <>
Date: Fri, 2 Mar 2018 12:03:29 -0800
Message-ID: <>
To: Ryan Sleevi <>
Cc: Phillip Hallam-Baker <>, SPASM <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [lamps] Revocation Request Format?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Mar 2018 20:03:34 -0000

On Fri, Mar 2, 2018 at 8:08 AM, Ryan Sleevi <> wrote:
> It seems signing a new CSR has been a common practice as proof of
> possession.
> There's one segment of users that want to have a time-constrained request
> (that is, incorporating a challenge/response), while another would prefer
> that you can generate the 'request to revoke' at the same time you request
> the cert, so that you can use this token for situations such as loss of
> private key (but not loss of revocation token)
> It doesn't seem like there needs to be a bespoke format here, considering
> that the industry is still working through its use cases, and any signed
> data is sufficient.
> Further, it may do harm to try and standardize that. Consider the ROBOT
> attack ( ), which presented a signing oracle with
> TLS private keys. Prematurely constraining revocation requests to a
> particular format might otherwise preclude reasonable demonstration of
> private key compromise.
> So I don't think there's anything for LAMPS to do here - we have ample
> available technology (running code that already works) and we have not yet
> ascertained industry needs in any meaningful way (no rough consensus for
> something new)

There is also a documented (albeit not in RFCs) format for a generic
signed public key with challenge:

PublicKeyAndChallenge ::= SEQUENCE {
  spki SubjectPublicKeyInfo,
  challenge IA5STRING

SignedPublicKeyAndChallenge ::= SEQUENCE {
  publicKeyAndChallenge PublicKeyAndChallenge,
  signatureAlgorithm AlgorithmIdentifier,
  signature BIT STRING

The challenge is an arbitrary length IA5STRING, so it could easily
include nonce or other challenge data to prove key control.