Response to /skc may be unencrypted PKCS #8 private key

EricssonResearch / EST-OSCORE

Protecting EST payloads with OSCORE

Other

1 stars 2 forks source link

Response to /skc may be unencrypted PKCS #8 private key #13

Closed malishav closed 1 year ago

malishav commented 1 year ago

Marco Tiloca wrote:

Regarding the response from /skc, is it possible to deviate from what is defined in RFC 9148 and not encrypt the private key? After all, end-to-end encryption of the whole EST payload is ensured by OSCORE.

If yes, that might open for a new Content-Format pair (284, 287), i.e., an unencrypted PKCS #8 private key together with a single certificate (not a PKCS #7 container).

malishav commented 1 year ago

As agreed in the meeting, we will specify that the response /skc can be PKCS #8 private key because OSCORE is used, and also specify the new Context-Format pair.