Re: Certificate Management Protocol with RFC4210

Hi Mountie,

If you just care about certificate management, and not CMP specifically, you might also look at EST, which provides a pretty simple binding of CMC over HTTP:

After a brief read, it looks to me like EST could be implemented with WebCrypto, using a key pair generated with the API.  Actually, doing EST from a browser would make the issues related to TLS client authentication a little easier.  The server would just do whatever client authentication it normally does, then do EST to request/issue the certificate.  The certificate could obviously be stored anywhere.


On Mar 24, 2013, at 9:47 PM, Mountie Lee <> wrote:

> Hi.
> this is architectural design question.
> RFC4210 ( defines the Certificate Management Protocol.
> is it possible to implement CMP on UA side just with Javascript specs (with WebCrypto API or other WG's spec)?
> IETF also defines the CMP over HTTP spec (
> CMP and API can be designed as following
> Web Certificate API on UA Sandbox (CMP is built in UA)
> or
> Web Certificate API on CMP JS library on UA Sandbox
> to keep the backward compatibility and to use existing Public Key Infrastructure,
> RFC4210 is important.
> please comment for my concerns.
> regards
> mountie. 
> -- 
> Mountie Lee
> PayGate
> Tel : +82 2 2140 2700
> E-Mail :
> =======================================
> PayGate Inc.
> for Korea, Japan, China, and the World

Received on Monday, 25 March 2013 18:26:14 UTC