Re: Certificate Management Protocol with RFC4210 from Mountie Lee on 2013-03-26 (public-webcrypto@w3.org from March 2013)

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Tue, 26 Mar 2013 22:31:32 +0900
To: Richard Barnes <rbarnes@bbn.com>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CAE-+aY+STYUYL-i2R=N6F-mf+1ETzUYn=Hh8ax6t-qvxbJg8ZA@mail.gmail.com>

Hi. Barnes
thanks for your recommendation.

My Ideas are certificate related features should have backward
compatibility.
already user agent has the Trusted CA list.

the certificate related operations should be based on CA trust chains.

regards
mountie.






On Tue, Mar 26, 2013 at 3:25 AM, Richard Barnes <rbarnes@bbn.com> wrote:

> Hi Mountie,
>
> If you just care about certificate management, and not CMP specifically,
> you might also look at EST, which provides a pretty simple binding of CMC
> over HTTP:
> <http://tools.ietf.org/html/draft-ietf-pkix-est-05>
>
> After a brief read, it looks to me like EST could be implemented with
> WebCrypto, using a key pair generated with the API.  Actually, doing EST
> from a browser would make the issues related to TLS client authentication a
> little easier.  The server would just do whatever client authentication it
> normally does, then do EST to request/issue the certificate.  The
> certificate could obviously be stored anywhere.
>
> --Richard
>
>
>
> On Mar 24, 2013, at 9:47 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
>
> > Hi.
> > this is architectural design question.
> >
> > RFC4210 (http://tools.ietf.org/html/rfc4210) defines the Certificate
> Management Protocol.
> >
> > is it possible to implement CMP on UA side just with Javascript specs
> (with WebCrypto API or other WG's spec)?
> >
> > IETF also defines the CMP over HTTP spec (
> http://tools.ietf.org/html/rfc6712)
> >
> > CMP and API can be designed as following
> >
> > Web Certificate API on UA Sandbox (CMP is built in UA)
> > or
> > Web Certificate API on CMP JS library on UA Sandbox
> >
> > to keep the backward compatibility and to use existing Public Key
> Infrastructure,
> > RFC4210 is important.
> >
> > please comment for my concerns.
> >
> > regards
> > mountie.
> >
> >
> > --
> > Mountie Lee
> >
> > PayGate
> > CTO, CISSP
> > Tel : +82 2 2140 2700
> > E-Mail : mountie@paygate.net
> > =======================================
> > PayGate Inc.
> > THE STANDARD FOR ONLINE PAYMENT
> > for Korea, Japan, China, and the World
> >
> >
>
>
>
>
>
>
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Tuesday, 26 March 2013 13:32:17 UTC