Re: [Anima] about moving /.well-known/est/enrollstatus ??

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 21 September 2020 06:40 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 780A13A1488 for <anima@ietfa.amsl.com>; Sun, 20 Sep 2020 23:40:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rwbmpH5roih for <anima@ietfa.amsl.com>; Sun, 20 Sep 2020 23:40:34 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50042.outbound.protection.outlook.com [40.107.5.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1893A1484 for <anima@ietf.org>; Sun, 20 Sep 2020 23:40:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JyKtYHohPMCG2/mm0NUyFfA3e1GxmoWu9xvH5+hOgVJgoAWY4hydZQugdQdXme8o/tQuk5MhuZn1JkvJ6GVEBe1GvUCFrfaDcrXrVxxoVfBBr2gj9NIeq1cFuXbWyZITXCH0dGWB+aM8XezF9kJ3XwfGAv4A/95h4aZYBTS51Z6x3BDcf9nq3qEwueOhgdut190vZGbA37CZmb2l+X2TVJvMuJTQ/gc+bYJF9i1CFa+m0WvnyoKBOrmgY8YGcmtot6nN87a7LVgtd40xyy0VMiO0+39Mo02WfJbL4iwkip42IgtlDilmLJZ2RjgeLXgkf8J7kiB7W0aeHOje0kpnBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kFVMaZImgLNOgx5wxXGO6DTIYDxMa/jDkYSRZMkuEp8=; b=ei0fwUhVmxut9Q+d78tgo6F8D50bsuQj8JO+NRe0kd9+uM1qfYfZJEhiOcQABsBoAIuZpzCQk5wT+eSdOHtnD2vpFFppjA75LotYHFDjPU6uNjWCDqpfYdWju4DOXbS0jqx+ADjSZ0/L8zOHhBW7iLmP8hDtJGQr9DZzNooslhVmQO7lz+XCbYGGcX+5sn3obAuR4XtZjqGO5LYTo1Mh51/3jjGMAE9KU83qqUkPayuaYDmhvHmfaZ8e5izfZ0QXABmRvMrEHR53brWkqCwT/Ao8hpC4FldHDGTnECEWcrPKwN3HFiOMeDi7tFr5HzPAa9TTx1+mv9uC6GXuncXBWg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kFVMaZImgLNOgx5wxXGO6DTIYDxMa/jDkYSRZMkuEp8=; b=R/UYvu/Owv6hZvF+MUv2qP9vPT80mHuQmqeFrIrEHAEGQ1IJv4i1o6X6zA7p9DZx39LqXrf4YHjCp82+BCIRuSYvNxcBjL+z+rkxHsX05Gc+1X/ImTB+OB8mxK7tl7r1N6mrvMFlCmbr2X1cv+T13gYtuflr5AmUM5kaeGdVQMw=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM8PR10MB4211.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ed::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 06:40:30 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed%6]) with mapi id 15.20.3391.024; Mon, 21 Sep 2020 06:40:30 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>
CC: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] about moving /.well-known/est/enrollstatus ??
Thread-Index: AQHWjGL98pJppTsPuka8OKZPLXt4AaltJhAAgAHILwCAA7wPwA==
Content-Class:
Date: Mon, 21 Sep 2020 06:40:30 +0000
Message-ID: <AM0PR10MB241852B7690CE44D0F3382B1FE3A0@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <16833.1600285962@localhost> <770760586ca24a30a38d5b4820cacfa5@siemens.com> <106078.1600464878@dooku>
In-Reply-To: <106078.1600464878@dooku>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-09-21T06:40:28Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=0e73894b-bc0d-406b-8cf9-69fe7b0844c7; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.169]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 05c6c4c9-656e-45b8-5add-08d85df93ba0
x-ms-traffictypediagnostic: AM8PR10MB4211:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM8PR10MB42118566C36391687E6E5F08FE3A0@AM8PR10MB4211.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: J/PGQLewCCBVPZjaKSGJfi3vdisGEP6WQpOboTxZoiCblxUcNVTtaeuFSWjmH0WYUe0mac2eL27/BuNpw24JXeqFPrmxMRXNaXRu95FAOMAmgmmjYuxnKjSMKcDv1qmFtY2t6O73EbPBdDWSgTLuWkWPK0RoRe/vjumLMYaqUIiIAaXWappmbBzGVXj5hki9qnGOZStYP9MDVlCLkh0arLZbREK1ylCJpDPBJ/2XQlDQcW84STQgzU+MJvq9lUnFjI42mDnNWPjDyb7TFvI//WEGfj7LrDFmrSgcNkGWpvd00m3uVNd4LOc28ZPdDeFH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(346002)(39860400002)(376002)(136003)(478600001)(8936002)(26005)(8676002)(4326008)(6506007)(55236004)(7696005)(186003)(86362001)(83380400001)(316002)(71200400001)(110136005)(4744005)(55016002)(5660300002)(66946007)(66446008)(66476007)(64756008)(2906002)(66556008)(76116006)(33656002)(9686003)(52536014)(6636002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: szkx28Tuyev8COzEqgv1ONyb/1ua6e1u6SbKntL+YbAn6OxB6bzgXJf+UmIP3laPkGkE/79zEjI/j+xiKlxhoj8rtoEWMvFWMRwA0plPE3vmDJJstT5yAvWliA/IZEe8mUxTJfqyxc0UEYIY2xgTNKDG3mT/0hbKQpYZ2x6RJb15ampYNbIMRijpTjRBHXNfOkj5Ucj+WmscMzvNeZlCAIOpNjx9Wj5yo0esr0DTcf2UPE0wX/NSnuTx0UoNElaDi7EaBce6rFBp/Bsiwua6gkX2GHfLgSPqaDA7vjLM/jv2Dn5b+OEVEUm3Fcrue/hAqB+ay2GJuBVqVbs5GaE7wFnMSPKa3SRfRtiE2NlT5At7eF+PkxkNkdrf7WRPYUtxlDQ+Vnw+fTPNupm1xSJYP0yVnOKV6TAiHnoTFjrGF+xsQxGfCIp6kG0OtTndUUWb6Yc3b54270CY2jBoxfPJG0ct1VhjHOUn3Iw4z/kyeSit5V6cWpHvyoiiGYyUmQEO0LMsN44TC4lCKaC8UmIndJjGHmDo1RDbHkPSNnm0sAQxU6uY7AHg7+UARRrXnE4GGw+YbVHgvZHK5yWll59PO4MKv+rNC6zF9kQlrpseDYu3vPHXA2g9BvHCbocaGqlIoZjqHmhkhR8aJc9sZoSuUQ==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 05c6c4c9-656e-45b8-5add-08d85df93ba0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2020 06:40:30.0660 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7Z/u/e3pPSJ6LkbfUi6STxw6xoROo5Jve3FLL8PivFw/AR0W8UYZktyVvrLd5T0g4KMEcwNETN3QHiJxs1iROQuSCwge7YpxggjEQAwlkaQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4211
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/7v3bbVKM8-c3xNt2h3eyL0m5G9Y>
Subject: Re: [Anima] about moving /.well-known/est/enrollstatus ??
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 06:40:36 -0000

> Von: Anima <anima-bounces@ietf.org> Im Auftrag von Michael Richardson
> 
> Fries, Steffen <steffen.fries@siemens.com> wrote:
>     > Sorry for the late replay on this. There is probably one fits all
>     > answer for this. The reason is that the enrollment protocols are
>     > defined different in that respect.
>     > - EST does not provide it out of the box, this was the reason to have it in
> BRSKI
>     > - CMP provides a certificate confirmation message (certConf).
>     > - CMC provides a confirmation message with the Confirm Certificate
> Acceptance Control
>     > - SCEP explicitly mentions the lack of the certificate confirmation
>     > message in the security consideration section
>     > - ACME seems to not provide it either.
> 
>     > Given that it would make sense to move it to /brski to make it
>     > independent from EST.
> 
> Interesting.
> So when doing CMP or CMC, would there be two confirmations?

CMP has a certConf message, but it can be omitted where BRSKI is carrying the content in enrollstatus.