Re: [TLS] [lamps] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert?

2022-10-07 Thread von Oheimb, David
On Fri, 2022-10-07 at 17:30 +, Peter Gutmann wrote: von Oheimb, David mailto:david.von.ohe...@siemens.com>> writes: Peter, the argument you gave below: I mean what actual attack that's been actively exploited in the real world will use of PoP prevent? We've been shippin

Re: [TLS] [lamps] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert?

2022-10-07 Thread von Oheimb, David
years. This means losing control of your CSR can be dangerous as some Certification Authorities will accept them as proof of possession for revocation purposes. -Tim From: Spasm On Behalf Of Mike Ounsworth Sent: Thursday, October 6, 2022 10:05 PM To: Peter Gutmann ; von Oheimb,

Re: [TLS] [lamps] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert?

2022-10-07 Thread von Oheimb, David
: Friday, October 7, 2022 9:16 AM To: von Oheimb, David ; john.g...@entrust.com ; Mike.Ounsworth=40entrust@dmarc.ietf.org Cc: morgan...@dataio.com ; t...@thomwiggers.nl ; sp...@ietf.org ; tls@ietf.org ; u...@ll.mit.edu Subject: Re: [lamps] [EXTERNAL] Re: [TLS] Q: Creating CSR for encryptio

Re: [TLS] [lamps] [EXTERNAL] Re: Q: Creating CSR for encryption-only cert?

2022-10-06 Thread von Oheimb, David
P would be any better, but so far have concluded that it would have the same issues. Cheers, John Gray From: Spasm On Behalf Of Mike Ounsworth Sent: Thursday, October 6, 2022 12:05 PM To: Thom Wiggers ; Tomas Gustavsson Cc: von Oheimb, David ; u...@ll.mit.edu; openssl-us...@openssl.o

Re: [TLS] [lamps] Q: Creating CSR for encryption-only cert?

2022-10-06 Thread von Oheimb, David
Hi Thom, Tomas, and Mike, On Thu, 2022-10-06 at 16:05 +0200, Thom Wiggers wrote: Good discussion today, I'm learning some new things :D me too, namely regarding CT in relation to certificate conformation [:-)] Yet please let's keep openssl-us...@openssl.org ou

Re: [TLS] [lamps] Q: Creating CSR for encryption-only cert?

2022-10-06 Thread von Oheimb, David
Hi Thom, On Thu, 2022-10-06 at 12:07 +0200, Thom Wiggers wrote: Thanks for your email; you sent it right on time as I'd just started composing a similar email based on my reading of section 4.2 of RFC4211. Op do 6 okt. 2022 om 09:58 schreef Thom Wiggers mailto:t...@thomwiggers.nl>>: We weren'

Re: [TLS] [lamps] Q: Creating CSR for encryption-only cert?

2022-10-06 Thread von Oheimb, David
Hi Thom, Uri, et al, I had responded to Uri on the openssl-users list on Oct 3rd at 21:12 +0200 as follows: Requesting a cert in a CSR for a key pair that cannot be used for signing is indeed impossible in the widely used PKCS#10 format (except if one break sthe PKCS#10 requirement of a self-si