- From: Mountie Lee <mountie.lee@mw2.or.kr>
- Date: Tue, 26 Mar 2013 22:31:32 +0900
- To: Richard Barnes <rbarnes@bbn.com>
- Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
- Message-ID: <CAE-+aY+STYUYL-i2R=N6F-mf+1ETzUYn=Hh8ax6t-qvxbJg8ZA@mail.gmail.com>
Hi. Barnes thanks for your recommendation. My Ideas are certificate related features should have backward compatibility. already user agent has the Trusted CA list. the certificate related operations should be based on CA trust chains. regards mountie. On Tue, Mar 26, 2013 at 3:25 AM, Richard Barnes <rbarnes@bbn.com> wrote: > Hi Mountie, > > If you just care about certificate management, and not CMP specifically, > you might also look at EST, which provides a pretty simple binding of CMC > over HTTP: > <http://tools.ietf.org/html/draft-ietf-pkix-est-05> > > After a brief read, it looks to me like EST could be implemented with > WebCrypto, using a key pair generated with the API. Actually, doing EST > from a browser would make the issues related to TLS client authentication a > little easier. The server would just do whatever client authentication it > normally does, then do EST to request/issue the certificate. The > certificate could obviously be stored anywhere. > > --Richard > > > > On Mar 24, 2013, at 9:47 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote: > > > Hi. > > this is architectural design question. > > > > RFC4210 (http://tools.ietf.org/html/rfc4210) defines the Certificate > Management Protocol. > > > > is it possible to implement CMP on UA side just with Javascript specs > (with WebCrypto API or other WG's spec)? > > > > IETF also defines the CMP over HTTP spec ( > http://tools.ietf.org/html/rfc6712) > > > > CMP and API can be designed as following > > > > Web Certificate API on UA Sandbox (CMP is built in UA) > > or > > Web Certificate API on CMP JS library on UA Sandbox > > > > to keep the backward compatibility and to use existing Public Key > Infrastructure, > > RFC4210 is important. > > > > please comment for my concerns. > > > > regards > > mountie. > > > > > > -- > > Mountie Lee > > > > PayGate > > CTO, CISSP > > Tel : +82 2 2140 2700 > > E-Mail : mountie@paygate.net > > ======================================= > > PayGate Inc. > > THE STANDARD FOR ONLINE PAYMENT > > for Korea, Japan, China, and the World > > > > > > > > > > > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Tuesday, 26 March 2013 13:32:17 UTC