Internet Draft Guide to creating an EDSA PKI

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Internet Draft Guide to creating an EDSA PKI

Robert Moskowitz
I want to thank people here for their help.  I welcome you to look at the 1st cut of my work, I welcome comments.

I have to 'keep my fingers off of it' for a bit.  Start on the CRL and OCSP parts in a week or so.

Bob


-------- Forwarded Message --------
Subject: New Version Notification for draft-moskowitz-ecdsa-pki-00.txt
Date: Wed, 30 Aug 2017 06:53:03 -0700
From: [hidden email]
To: Robert Moskowitz [hidden email], Liang Xia [hidden email], Henk Birkholz [hidden email], Liang Xia [hidden email]


A new version of I-D, draft-moskowitz-ecdsa-pki-00.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.

Name:		draft-moskowitz-ecdsa-pki
Revision:	00
Title:		Guide for building an ECC pki
Document date:	2017-08-30
Group:		Individual Submission
Pages:		26
URL:            https://www.ietf.org/internet-drafts/draft-moskowitz-ecdsa-pki-00.txt
Status:         https://datatracker.ietf.org/doc/draft-moskowitz-ecdsa-pki/
Htmlized:       https://tools.ietf.org/html/draft-moskowitz-ecdsa-pki-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-00


Abstract:
   This memo provides a guide for building a PKI (Public Key
   Infrastructure) using openSSL.  All certificates in this guide are
   ECDSA, P-256, with SHA256 certificates.  Along with common End Entity
   certificates, this guide provides instructions for creating IEEE
   802.1AR [IEEE.802.1AR_2009] iDevID Secure Device certificates.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Internet Draft Guide to creating an EDSA PKI

Michael Wojcik
Bob, I just want to say thanks for producing this. Even if it never makes it out of I-D stage, there's a lot of useful information here.

It would probably make a good addition to the OpenSSL wiki, too.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Internet Draft Guide to creating an EDSA PKI

Blumenthal, Uri - 0553 - MITLL
On 9/1/17, 16:26, "openssl-users on behalf of Michael Wojcik" <[hidden email] on behalf of [hidden email]> wrote:

>    Bob, I just want to say thanks for producing this. Even if it never makes it out of I-D stage, there's a lot of useful information here.
>    
>    It would probably make a good addition to the OpenSSL wiki, too.
   
+1 on both.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Internet Draft Guide to creating an EDSA PKI

Robert Moskowitz


On 09/01/2017 04:30 PM, Blumenthal, Uri - 0553 - MITLL wrote:
> On 9/1/17, 16:26, "openssl-users on behalf of Michael Wojcik" <[hidden email] on behalf of [hidden email]> wrote:
>
>>     Bob, I just want to say thanks for producing this. Even if it never makes it out of I-D stage, there's a lot of useful information here.
>>    
>>     It would probably make a good addition to the OpenSSL wiki, too.
>      
> +1 on both.

Rich indicated that he would link this I-D on the wiki.

And I-Ds are 'forever'.

So far there are a couple nits on the draft.  Nothing on the body. One
item that perhaps others might know of and can help...

In the Security section I reference papers on problems with lack of
randomness.  I found the one paper that I really remember:

https://factorable.net/weakkeys12.extended.pdf

But perhaps there is a better site for this paper and perhaps people
here know of more papers like this to put in the reference section..

Thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users