Robert Moskowitz wrote:
> On 8/29/19 9:20 AM, Michael Richardson wrote:
>> Robert Moskowitz wrote:
>> > I am writing an Internet Draft that will include transmission of a
CSR, so I
>> > need to reference the proper source. No more sloppy, "well it
works...".
>>
>> >
Robert Moskowitz wrote:
> I am writing an Internet Draft that will include transmission of a CSR,
so I
> need to reference the proper source. No more sloppy, "well it works...".
> Some digging said it is in PKCS#10 - CSR. But I did not stop with
> that.
RFC2986 is PKCS10.
> On Aug 28, 2019, at 9:30 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>>> Do you have an ASN.1 definition fit the content of CSR, or are you willing
>>> to create one?
>>
>> For now working with ASN.1.
>
> In that case, I would use one of the available defined standards, which are
>
A CSR is most commonly a PKCS#10 object and therefore defined in ASN.1 and
encoded in DER.
https://github.com/openssl/openssl/blob/master/crypto/include/internal/x509_int.h#L53
On 8/29/19 9:20 AM, Michael Richardson wrote:
Robert Moskowitz wrote:
> I am writing an Internet Draft that will include transmission of a CSR,
so I
> need to reference the proper source. No more sloppy, "well it works...".
> Some digging said it is in PKCS#10 - CSR. But I
On 8/29/19 11:20 AM, Salz, Rich wrote:
A CSR is most commonly a PKCS#10 object and therefore defined in ASN.1
and encoded in DER.
https://github.com/openssl/openssl/blob/master/crypto/include/internal/x509_int.h#L53
thanks, Rich
It all fits together now
> Uri, Greetings!
Hello there! ;-)
> On 8/28/19 6:09 PM, Blumenthal, Uri - 0553 - MITLL wrote:
> > Do you have an ASN.1 definition fit the content of CSR, or are you willing
> > to create one?
>
> For now working with ASN.1.
In that case, I would use one of the available defined standards,
Uri, Greetings!
On 8/28/19 6:09 PM, Blumenthal, Uri - 0553 - MITLL wrote:
Do you have an ASN.1 definition fit the content of CSR, or are you
willing to create one?
For now working with ASN.1.
IMHO, DER would be a pretty good choice, fat better than something
home-brewed and non-standard.
Do you have an ASN.1 definition fit the content of CSR, or are you willing to
create one?
IMHO, DER would be a pretty good choice, fat better than something home-brewed
and non-standard.
Regards,
Uri
Sent from my iPhone
> On Aug 28, 2019, at 17:49, Robert Moskowitz wrote:
>
> CSR is an
CSR is an object in a container that goes over a 'wire'. Sometimes the
wire is very small (BT4) so the container needs to be tightly designed.
It should be a standard, not something totally off the wall. Well I
could do it in CBOR, and probably will at some point, but for now
something
I don't see the point in DER encoding for a CSR – The RA and CA decide the
composition of the cert, based on the rules and CPA that they follow, and
of course any cert issued will be in DER format, and may include reordering
or modified/expanded extensions and key use restrictions. A CSR is
Peter, thank you for the response.
On 8/28/19 10:09 AM, Bowen, Peter wrote:
I think you want RFC 2986 (https://tools.ietf.org/html/rfc2986 ). That is the most
recent "PKCS #10" specification that I have seen and should align with what
`openssl req` creates. Adding '-outform DER' to your
I am writing an Internet Draft that will include transmission of a CSR,
so I need to reference the proper source. No more sloppy, "well it
works...".
Some digging said it is in PKCS#10 - CSR. But I did not stop with that.
A bit more googling lead me to RFC 4211...
When I create a CSR with:
13 matches
Mail list logo
