On 7/18/23 01:27, Robert Moskowitz wrote:
What about the offline system accepting the CSR via a flash drive, or other device to bridge the airgap? Is the argument you don't trust the party providing the CSR? Or if it is some kind of MiTM, and an adversary actually changes the QR code you're seeing on your side (e.g. someone inside Zoom who can control the video feed). You would end up signing the wrong cert.Offline.Consider a CA signing process where one party is in the US, the other Canada. They are meeting over Zoom.The requesting party holds up a computer with the CSR data in a QR code. The ones I am making should fit.The signing party holds up their offline signing system to receive the QR code and create the cert which it then encodes in a QR code.
Regards, Raghu Saxena
Attachment:
OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
