Re: [Anima] voucher question re: pinned-domain-cert
Kent Watsen <kwatsen@juniper.net> Wed, 21 June 2017 20:55 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA2912949D for <anima@ietfa.amsl.com>; Wed, 21 Jun 2017 13:55:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEudrNUsIV_s for <anima@ietfa.amsl.com>; Wed, 21 Jun 2017 13:55:44 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0108.outbound.protection.outlook.com [104.47.34.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE231274D2 for <anima@ietf.org>; Wed, 21 Jun 2017 13:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CByIeVwN+PlC8cWbNFCmtffh/apKWYbWCcn+iWFFyZg=; b=NQCisPstYouhCCnuaI/+zZLgYxfJfbgTML6NAvPl3a3kcLUB0NKyrwz5PDtv768qjEMPWEItMul57H0daaTXQTNRMi1f+1scEWvCTVtHAxgVPZQnX8KHixZQ36aM7p2swB8U6HsITHI8HoQ3x7jotJF5Mn4PKVPMoq1rcL347Ok=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1460.namprd05.prod.outlook.com (10.160.117.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6; Wed, 21 Jun 2017 20:55:43 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1199.015; Wed, 21 Jun 2017 20:55:43 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] voucher question re: pinned-domain-cert
Thread-Index: AQHS6ruPoBi73lU+lUGI4HNn9mYtcaIviPaA
Date: Wed, 21 Jun 2017 20:55:43 +0000
Message-ID: <C6253888-1D2A-464F-9F30-808D0F05A130@juniper.net>
References: <3999.1498068462@dooku.sandelman.ca>
In-Reply-To: <3999.1498068462@dooku.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1460; 7:AKTVPDhjW0ZC0GGgOgRKqHHJNQxIHdaqW9hnxw3P0mRQaF5XUasCL1e++FIk7wmx1as+tnf6ldKO0Vz8nnX4C5GT8QB8NeSANrfhHzXEnx9Qrm5YGN0feAYHw0dyYyoyjjln6lco8mq+fBGcM1SOH05UYQNcDjqAxO7q03qbOBJ1YsNmXRh+aZQ1P9J+Wo7wpayIelViuX44uk485a4UcGEoHrMkwcxOLs1xezpBAdeHWbKZlbcPKN6oOOtdUUOIX9SRYSy0ucRhg3rWCn3XkvpcLb9khPyWD3lrDO/fWqFNLGRspKEdSMvNGXKZoNrSwDbVaeRz8zKLIilOYyUTKTJ3xFf7YTzdrLy10uXKbMEh/feCgpmk28vym5nN0MDIN+3dStPD+tRrzwd5P458a9QZaL45qP8icdYN6hMxJPbVWTRXvPFhQoO5POAgFeUN1c3bbq4+QLCdt7OC3C0xfweKq13+8nI61SwoeUvehCRgXco9LJSfhMFagfz+Tnwy3qwQ+E0AXLFZwIbzL03ShkxQt2r9jlE6JG60uPGDWt+UQgqIk356pyjXn8MLWSDZ1jvCoXluNFPvx0onnJqQnXUBoZtRDPPVlzaU1uougl+/qQICBKjeK+kN3rh3xnd6Ox9NYC0xGCOSp6BbLZCSCVyuKdI6bVJn7qV9wyflEbsOF9Qv97hZCRE9USSWX4A4Sb2pzcWWwKZoHvcd1EbfjRq9pycvtBk58d/dUS/ibooYcH9yMzx2IAJU7WaebHV7MLT0C84klRgtyaa9f05lyVOuo1TncfdWMzB1gH5cTf0=
x-ms-office365-filtering-correlation-id: bdb15d1b-b006-4c0f-d333-08d4b8e7e1fa
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:BN3PR0501MB1460;
x-ms-traffictypediagnostic: BN3PR0501MB1460:
x-microsoft-antispam-prvs: <BN3PR0501MB14603AB40ED44D5C889C8B4FA5DA0@BN3PR0501MB1460.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1460; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1460;
x-forefront-prvs: 0345CFD558
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(39450400003)(39850400002)(39400400002)(39410400002)(122556002)(77096006)(478600001)(8936002)(7736002)(83506001)(305945005)(81166006)(83716003)(3846002)(2501003)(2900100001)(86362001)(102836003)(6116002)(82746002)(25786009)(8676002)(5660300001)(230783001)(66066001)(2950100002)(14454004)(6246003)(38730400002)(3660700001)(189998001)(2906002)(3280700002)(33656002)(6436002)(76176999)(6512007)(53936002)(50986999)(54356999)(6506006)(6486002)(4001350100001)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1460; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <4FB2321CC802484D94DE1905DFAEBDEA@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jun 2017 20:55:43.3839 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1460
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/GRwWL4juHQZ8B7HCHPfa-YlMHMk>
Subject: Re: [Anima] voucher question re: pinned-domain-cert
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2017 20:55:46 -0000
Yes, a base64-encoded DER and a PEM are different, in that the
latter has header/footers missing in the former.
Kent
-----ORIGINAL MESSAGE-----
In voucher-03 (the latest I have on my laptop, while offline), we have:
+--ro pinned-domain-cert* binary
But then in 5.2 we show as an example:
{
"ietf-voucher:voucher": {
"created-on": "2016-10-07T19:31:42Z",
"assertion": "logged",
"serial-number": "JADA123456789",
"serial-number-issuer": "some binary identifier",
"domain-cert-trusted-ca": "base64-encoded X.509 DER",
I am currently implementing the pinned-domain-cert, which we did not include
in the example. I am guessing that we would write "base4-encoded X509 DER"
The question is, would this be in any way different than writing "X509 PEM"?
One would want to omit the "BEGIN FOO", lines, and all newlines, but I think
it would be essentially the same in a JSON (or JWT) format where we have
to base64.
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [Anima] voucher question re: pinned-domain-cert Michael Richardson
- Re: [Anima] voucher question re: pinned-domain-ce… Kent Watsen