IETF Logo Mail Archive

Re: [Anima] Content-Transfer-Encoding and HTTP 1.x in ANIMA BRSKI

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 13 June 2019 17:18 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B591202D5 for <anima@ietfa.amsl.com>; Thu, 13 Jun 2019 10:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hIHkKdLn; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Ax8+GpwH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bW7JFMxuYXUm for <anima@ietfa.amsl.com>; Thu, 13 Jun 2019 10:18:41 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612D0120232 for <anima@ietf.org>; Thu, 13 Jun 2019 10:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8275; q=dns/txt; s=iport; t=1560446321; x=1561655921; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=XhLSO/HGUNOw+INotjmzdU1+MVvvUJnAvcFzEiCXwnE=; b=hIHkKdLnHjERcdPmkNYwbMxWLggXEwwCgTEMW7lBNRy+1RupztE+HkHK RYnxzBFGAjO6cBzQc3/+zpVTONh7f9/Wd2RGzLPjXEP/PPTWr9sKS3GNW TZcRWX8Jj4VxgQpmrHAlzOx4Z5Y52gedp7O/+n6yzWP4gd4Pb4BJedOuC s=;
IronPort-PHdr: 9a23:UQIlTxMyTFSfGq2bPvMl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOAAD5hAJd/4oNJK1lGQEBAQEBAQEBAQEBAQcBAQEBAQGBUwIBAQEBAQsBgQ4vUANqVSAECygKh1MDjmKCV5JghFOBLoEkA1QJAQEBDAEBIwoCAQGBS4J1AoJJIzYHDgEDAQEEAQECAQRtHAyFSgEBAQECARIbEwEBNwEECwIBCBEEAQEBJwcyFAkIAgQBCQQFCBqDAYEdTQMODwECDJ9+AoE4iF+CIoJ5AQEFgUZBgnkYgg8DBoE0AYtcF4FAP4ERRoIeLj6CGkcCAwGBRxgrCYMGgiaOCIUgligJAoIQhkeNIJcsiVmDQocajzgCBAIEBQIOAQEFgVYBMIFYcBWDJ4IPg3CFFIU/coEpjmsBgSABAQ
X-IronPort-AV: E=Sophos;i="5.63,369,1557187200"; d="scan'208,217";a="287019059"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Jun 2019 17:18:37 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x5DHIb13002692 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Jun 2019 17:18:37 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 12:18:36 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 13:18:31 -0400
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 13 Jun 2019 12:18:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oC717UqnbcKtyK371/bYKKB3caiwaWpwItp9YA+xw6U=; b=Ax8+GpwHWdnMZFat0qdYO9h2aNoIKVb4SuWkBunFSHnrV48ca4aC0griM5U7oGZI9wP+Nsqsf0ra162F4dJKzD5GgVYXT+xP2PsQvZXYwNMBHRGf3Xv/75tw/3QZYLOqnQRpfkPLceLRsizute2L9E3n+d31HJy9ZsV7twPUZAw=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2817.namprd11.prod.outlook.com (52.135.246.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.15; Thu, 13 Jun 2019 17:18:30 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::89af:3fb4:eae5:18b2]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::89af:3fb4:eae5:18b2%7]) with mapi id 15.20.1987.012; Thu, 13 Jun 2019 17:18:30 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Eliot Lear <lear@cisco.com>
CC: Carsten Bormann <cabo@tzi.org>, Julian Reschke <julian.reschke@gmx.de>, "draft-ietf-pkix-est@ietf.org" <draft-ietf-pkix-est@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Anima WG <anima@ietf.org>
Thread-Topic: [Anima] Content-Transfer-Encoding and HTTP 1.x in ANIMA BRSKI
Thread-Index: AQHVIdoDl1v+cVRF/keZkXS6xeh3nKaZpQQAgAAHCkA=
Date: Thu, 13 Jun 2019 17:18:30 +0000
Message-ID: <BN7PR11MB25473A12F646FAC8C19C1118C9EF0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <32410.1560275231@localhost> <15839.1560351718@localhost> <8a538f76-787d-de13-97f1-16195daae8ce@gmx.de> <F896BCBC-6C32-4107-B4B5-C12617F81326@tzi.org> <AD4DC1AA-C332-4BC7-B095-0CDD30700B99@cisco.com> <909.1560436148@localhost>
In-Reply-To: <909.1560436148@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [173.38.117.67]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05ff792d-48ad-4455-8bee-08d6f02327fb
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2817;
x-ms-traffictypediagnostic: BN7PR11MB2817:
x-microsoft-antispam-prvs: <BN7PR11MB2817092335EFBA4E44F815B7C9EF0@BN7PR11MB2817.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0067A8BA2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(136003)(39860400002)(396003)(199004)(189003)(966005)(316002)(52536014)(25786009)(4326008)(2906002)(8936002)(229853002)(3846002)(26005)(6116002)(6306002)(9686003)(5660300002)(305945005)(74316002)(7736002)(478600001)(76176011)(68736007)(186003)(7696005)(6636002)(81156014)(81166006)(8676002)(6246003)(53936002)(66066001)(256004)(86362001)(71190400001)(71200400001)(6506007)(6436002)(33656002)(102836004)(55016002)(14454004)(30864003)(76116006)(476003)(486006)(73956011)(66446008)(64756008)(66556008)(66476007)(99286004)(110136005)(54906003)(11346002)(66946007)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2817; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: feFYD5yynxl2VUnYZrBtbu7FnfgA3L05oZzEkQZV9HLI65Azq8eMgKgRtg+WX5uXLK+vW6hCVxPtPCBbt+yk1YXgdQyu6WI84n23XPylILefT+3PNqpH4Rh7Y+8BIUL9kEcySh/CIxGgGrhut/7NqUi5LAKOhC43go93hNc25mVXJ5TbDItwj9bum/vTaQswOWgejG9BXKg4Sf91zJb2/zJvghRMtQby84gM4A2Mhj/a50duvEGrOc4jfeYfnfsgmtiCgGxHURbAZGrLoXz/YIfvRC+rStk9YVqX7MKWpSdnY+ydMXu8RwK8qIPhjKVMxqYku5+1ZMUk5Z+ahTwPWs0Y+CpbPEeMcK4P8jdn0jS/x9rqxjvFw5uVFliukK/EqQnFTo7WQyWer47oLWIfRaGyL4aPZXbCeIb8k0Uv3W8=
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB25473A12F646FAC8C19C1118C9EF0BN7PR11MB2547namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 05ff792d-48ad-4455-8bee-08d6f02327fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2019 17:18:30.2623 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2817
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/SCUcd4vSzJSswrfwc3d4JOB7IjY>
Subject: Re: [Anima] Content-Transfer-Encoding and HTTP 1.x in ANIMA BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 17:18:52 -0000

The libest server or proxy will generate the CTE header as specified in RFC7030. The libest client will parse it, but it will not reject the response if the header is not there. It expects base64 encoded PKCS#7, not binary though. Note that in https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/ we assume all cert payloads are binary.

Now, I don't know how other EST clients would act. There are many out there by now that we can't safely tell if they would act up.

The commercial and enterprise CAs I tested with interoped fine with the libest client and they were not all sending the CTE field. They payload was base64 though.

To address the erratum, I would lean towards a recommendation against using the CTE header based on the referenced standards and state that base64 encoding is implied.

Rgs,
Panos

_____________________________________________
From: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>>
Sent: Thursday, June 13, 2019 10:29 AM
To: Eliot Lear <lear@cisco.com<mailto:lear@cisco.com>>
Cc: Carsten Bormann <cabo@tzi.org<mailto:cabo@tzi.org>>; Julian Reschke <julian.reschke@gmx.de<mailto:julian.reschke@gmx.de>>; draft-ietf-pkix-est@ietf.org<mailto:draft-ietf-pkix-est@ietf.org>; ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>; Anima WG <anima@ietf.org<mailto:anima@ietf.org>>; Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>
Subject: Re: [Anima] Content-Transfer-Encoding and HTTP 1.x in ANIMA BRSKI


* PGP Signed by an unknown key


Eliot Lear <lear@cisco.com<mailto:lear@cisco.com>> wrote:
    > I am looking at libest and it certainly generates the header.

How does it react to the absense of the header?
(or the header containing "binary")
Does it process binary directly in that case?

--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works
 -= IPv6 IoT consulting =-




* Unknown Key
* 0xDDD0DD65

v2.23.0 | Report a Bug | By Email