IETF Logo Mail Archive

[Acme] "authorized key pair" vs CSR keys

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 18 December 2014 12:12 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C85881A883D for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 04:12:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MoFDJV6d_oMT for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 04:12:40 -0800 (PST)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214341A883B for <acme@ietf.org>; Thu, 18 Dec 2014 04:12:40 -0800 (PST)
Received: by mail-wg0-f42.google.com with SMTP id k14so1442725wgh.29 for <acme@ietf.org>; Thu, 18 Dec 2014 04:12:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=rvEttkmW2RKCfel/y3UaXE9w7/38H20oF9F/f4Ukvho=; b=AgNPnNM4tc5NMrIX+Qgu6kVfduKiYRwpoX6L/Ja6E0Re0uiWAS242oUHhSp42zngIT 8EZHDTz39T9E8jaw8VjU+2X3BZJ74J4jpy84kW5JSGKT2FH2KoIiNGUGa1OzeqFm+mHN 4rjKvB1h6T6sJar1Aqp09HJlG2Zx38MjcvY6T3T6wNZRq5W9W/fxA1U2w6JbjFp5iI89 3Zqm/74qCoV8/XjpFQzyaz5e8sMa4lvk6TI840RAb5d5GgMcpt52sZFRxAy98WtoA4tw RhKKxnI2gXYiLJsUPuydNk3eJzkBSVhwLuMk883jV8rNLvMOURHRZAlQ69PEdJetQ7/v 95Rg==
X-Received: by 10.194.19.4 with SMTP id a4mr3714012wje.3.1418904758533; Thu, 18 Dec 2014 04:12:38 -0800 (PST)
Received: from [192.168.1.79] (52.16.14.81.rev.sfr.net. [81.14.16.52]) by mx.google.com with ESMTPSA id bs2sm8702335wjc.43.2014.12.18.04.12.37 for <acme@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 18 Dec 2014 04:12:37 -0800 (PST)
Message-ID: <5492C4AF.3050708@gmail.com>
Date: Thu, 18 Dec 2014 13:12:31 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "acme@ietf.org" <acme@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/i8LT0SABVktVfxlckdgoK-keFs8
Subject: [Acme] "authorized key pair" vs CSR keys
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 12:12:42 -0000

Dear List,

I'm trying to "decipher" this spec
https://letsencrypt.github.io/acme-spec/
but I got lost early on :-(

Does/can the CSR use another key-pair than the "authorized key pair"?

If not the outer signature seems a bit odd since the CSR itself should contain a signature.

Anders

v2.23.0 | Report a Bug | By Email