Key Possession Auth - Proposal

[dfrnas...@gmail.com]

I just found Boulder project. I want to build a PKI for our company to issue certificates for our sensors network.

We need to setup a root CA, several intermediate CA. Then, many docker microservices and sensors will query the intermediate CAs to authenticate their private key.

My main concern is the Challenge. I want to issue several "tokens" signed by a known key. Then, I will inject a token in the microservices and sensors (which are offline). On start, the device generates its key and uses the token used to authenticate the services/sensors and get the certificate.

This is similar to "Proof of Possession of a Prior Key" in the RFC. However nonce cannot be generated by the server because the microservice does not have the private key to sign this nonce. This does not ensure the freshness of the token. However, tokens can have a expire time (e.g.1 week). In addition, the "master key" that issues the tokens is protected in a different machine.

1. Is this scenario complaint with section 7.3 http://letsencrypt.github.io/acme-spec/#rfc.section.7.3  "This JWS is NOT REQUIRED to have a “nonce” header parameter" ? 
   
2. Is it implemented on Boulder?
3. Does Boulder support HSM or PKCS#11 devices like Yubico or Nitrokey?
4. The root CA shall not use Boulder and be offline, right?

I was developing a project exactly like this to authenticate Docker Containers: https://github.com/dnascimento/symbios . I will contribute to Boulder.