On 3/17/21 9:48 PM, tincanteksup wrote:

On 18/03/2021 01:22, Robert Moskowitz wrote:

On 3/17/21 8:17 PM, Viktor Dukhovni wrote:
Well, CSRs are self-signed, and X25519 does not support signing, so
you CANNOT have an X25519 CSR.

Slap myself on the forehead....

Of course I know that.  But did not stop to think this through.   :(

Will read through all this and get back here....

Wait until you spend 3 days waiting for an answer about Firefox
which I accidentally asked in #VBox ..

My forehead still bears the palm print and smarts!
I think it was the 'ox' which blinded me for so long. ;-)

I will have to discuss this with Russ...

A quick 'solution' to proof of ownership COULD be achieved IF:

The CA has an ECDH cert signed with its signing cert.

The client uses this to create a shared secret to KMAC the CSR.

The devil is in the details and I have other fish to fry...

Reply via email to