RE: Question for CA representatives about PKCS#10 CSRs you accept
At us, none of them used. We are dropping the ATTRIBUTES, the content of certificate relies on the defined certificate profile. Üdvözlettel/Regards, Varga Viktor Üzemeltetési és Vevőszolgálati Vezető IT Service and Customers Service Executive Netlock Kft. -Original Message- From: dev-tech-crypto-bounces+varga_v=netlock...@lists.mozilla.org [mailto:dev-tech-crypto-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf Of Nelson B Bolyard Sent: Thursday, June 17, 2010 8:46 PM To: mozilla's crypto code discussion list Subject: Question for CA representatives about PKCS#10 CSRs you accept I have a question for CAs that accept PKCS#10 CSRs. Background: PKCS#10 certificate requests may contain an optional set of ATTRIBUTEs. One type of ATTRIBUTE, the only type mentioned in PKCS#10, is the PKCS#9 certificate Extension Request. But PKCS#10 suggests that other types could be defined, such as challenge-response attributes (presumably for some sort of challenge response protocol for authenticating the requester to the issuer). I'm not aware of any other ATTRIBUTE types that have ever been defined and published in RFCs for inclusion in CSRs. The questions for CA representatives are: What are all the types of ATTRIBUTES that you accept in PKCS#10 CSRs? and For any attribute type other than PKCS#9 certificate extension requests, where (in what standard or other document) is that attribute defined? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs rendszerrel. Tovabbi informacio: http://www.filtermax.hu This email has been scanned for viruses and SPAM by the filter:mail MessageLabs System. More information: http://www.filtermax.hu ___ _ ___ Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs rendszerrel. Tovabbi informacio: http://www.filtermax.hu This email has been scanned for viruses and SPAM by the filter:mail MessageLabs System. More information: http://www.filtermax.hu -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Question for CA representatives about PKCS#10 CSRs you accept
I can tell you that Eddy Nigg's (Startcom) system drops all ATTRIBUTE requests, relying on the CSR simply as a means of knowing what the public key is and proof of possession of the private key. and believe me, it'd be much easier if it didn't. -Kyle H On Thu, Jun 17, 2010 at 11:45 AM, Nelson B Bolyard nel...@bolyard.me wrote: I have a question for CAs that accept PKCS#10 CSRs. Background: PKCS#10 certificate requests may contain an optional set of ATTRIBUTEs. One type of ATTRIBUTE, the only type mentioned in PKCS#10, is the PKCS#9 certificate Extension Request. But PKCS#10 suggests that other types could be defined, such as challenge-response attributes (presumably for some sort of challenge response protocol for authenticating the requester to the issuer). I'm not aware of any other ATTRIBUTE types that have ever been defined and published in RFCs for inclusion in CSRs. The questions for CA representatives are: What are all the types of ATTRIBUTES that you accept in PKCS#10 CSRs? and For any attribute type other than PKCS#9 certificate extension requests, where (in what standard or other document) is that attribute defined? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Question for CA representatives about PKCS#10 CSRs you accept
I have a question for CAs that accept PKCS#10 CSRs. Background: PKCS#10 certificate requests may contain an optional set of ATTRIBUTEs. One type of ATTRIBUTE, the only type mentioned in PKCS#10, is the PKCS#9 certificate Extension Request. But PKCS#10 suggests that other types could be defined, such as challenge-response attributes (presumably for some sort of challenge response protocol for authenticating the requester to the issuer). I'm not aware of any other ATTRIBUTE types that have ever been defined and published in RFCs for inclusion in CSRs. The questions for CA representatives are: What are all the types of ATTRIBUTES that you accept in PKCS#10 CSRs? and For any attribute type other than PKCS#9 certificate extension requests, where (in what standard or other document) is that attribute defined? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
