We can easily knock up some ASN.1 The only criteria is that it isn't mistaken for an X.509v3 cert. We can wrap TBSCertificate any which way, just put the signature ahead of the cert and the job is done.
But as an aside, isn't it rather a bug in the ASN.1 encoding that two such structures could be confused? I think that is something we might want to consider in the JSON world. I always put a unique format specifier in a signed object to prevent substitution attacks. One of my dislikes of XML Signature is it is difficult to see this is done right. On Wed, Feb 26, 2014 at 10:30 AM, Ben Laurie <[email protected]> wrote: > On 26 February 2014 14:13, Tomas Gustavsson <[email protected]> wrote: > > > > Did anyone consider using RFC4211 CRMF requests as "pre-certificates"? > > CRMF has both issuer and serialNumber, as well as extensions. The > > CertTemplate of RFC4211 is basically a TBSCertificate. > > Hmm. So it is. I had not come across this RFC before. > > Does anything implement it? > > > > > Cheers, > > Tomas > > > > PS: time to change subject of the thread? > > > > > > On 02/26/2014 05:46 AM, Rob Stradling wrote: > >> On 26/02/14 13:33, Carl Wallace wrote: > >>>>> > >>>>> While I agree that lack of a CA certificate with the matching naming > >>>>> really doesn¹t matter, breaking name chaining seems like an odd way > to > >>>>> maintain ³ritual compliance". Why not bump the version number > instead? > >>>>> v4 could be defined as a pre-certificate containing a poison > extension > >>>>> and > >>>>> a serial number that matches its v3 counterpart. > >>>> > >>>> Hi Carl. I briefly discussed the idea of changing the version number > >>>> with Ben a few months ago... > >>> > >>> Sorry for the rehash. There are occasions where I miss an email in > this > >>> list:-) > >> > >> No need to apologize. It was an off-list discussion. :-) > >> > > > > _______________________________________________ > > Trans mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/trans > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans > -- Website: http://hallambaker.com/
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
