- From: Richard Barnes <rbarnes@bbn.com>
- Date: Mon, 25 Mar 2013 14:25:44 -0400
- To: Mountie Lee <mountie.lee@mw2.or.kr>
- Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Hi Mountie, If you just care about certificate management, and not CMP specifically, you might also look at EST, which provides a pretty simple binding of CMC over HTTP: <http://tools.ietf.org/html/draft-ietf-pkix-est-05> After a brief read, it looks to me like EST could be implemented with WebCrypto, using a key pair generated with the API. Actually, doing EST from a browser would make the issues related to TLS client authentication a little easier. The server would just do whatever client authentication it normally does, then do EST to request/issue the certificate. The certificate could obviously be stored anywhere. --Richard On Mar 24, 2013, at 9:47 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote: > Hi. > this is architectural design question. > > RFC4210 (http://tools.ietf.org/html/rfc4210) defines the Certificate Management Protocol. > > is it possible to implement CMP on UA side just with Javascript specs (with WebCrypto API or other WG's spec)? > > IETF also defines the CMP over HTTP spec (http://tools.ietf.org/html/rfc6712) > > CMP and API can be designed as following > > Web Certificate API on UA Sandbox (CMP is built in UA) > or > Web Certificate API on CMP JS library on UA Sandbox > > to keep the backward compatibility and to use existing Public Key Infrastructure, > RFC4210 is important. > > please comment for my concerns. > > regards > mountie. > > > -- > Mountie Lee > > PayGate > CTO, CISSP > Tel : +82 2 2140 2700 > E-Mail : mountie@paygate.net > ======================================= > PayGate Inc. > THE STANDARD FOR ONLINE PAYMENT > for Korea, Japan, China, and the World > >
Received on Monday, 25 March 2013 18:26:14 UTC