On 3/17/21 9:48 PM, tincanteksup wrote:
On 18/03/2021 01:22, Robert Moskowitz wrote:
On 3/17/21 8:17 PM, Viktor Dukhovni wrote:
Well, CSRs are self-signed, and X25519 does not support signing, so
you CANNOT have an X25519 CSR.
Slap myself on the forehead....
Of course I know that. But did not stop to think this through. :(
Will read through all this and get back here....
Wait until you spend 3 days waiting for an answer about Firefox
which I accidentally asked in #VBox ..
My forehead still bears the palm print and smarts!
I think it was the 'ox' which blinded me for so long. ;-)
I will have to discuss this with Russ...
A quick 'solution' to proof of ownership COULD be achieved IF:
The CA has an ECDH cert signed with its signing cert.
The client uses this to create a shared secret to KMAC the CSR.
The devil is in the details and I have other fish to fry...
