Re: [Anima] WGLC for draft-ietf-anima-jws-voucher-06 ends March 15th, 2023
Toerless Eckert <tte@cs.fau.de> Thu, 16 March 2023 02:47 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68E89C15155C; Wed, 15 Mar 2023 19:47:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.646
X-Spam-Level:
X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9wH6t34Eg3l; Wed, 15 Mar 2023 19:47:16 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F83C15256B; Wed, 15 Mar 2023 19:47:12 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4PcWr82Vjcznkfp; Thu, 16 Mar 2023 03:47:04 +0100 (CET)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4PcWr81xHyzkvKd; Thu, 16 Mar 2023 03:47:04 +0100 (CET)
Date: Thu, 16 Mar 2023 03:47:04 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: anima <anima@ietf.org>
Cc: anima-chairs <anima-chairs@ietf.org>, draft-ietf-anima-jws-voucher@ietf.org
Message-ID: <ZBKDKHUy1j1VJ2Xr@faui48e.informatik.uni-erlangen.de>
References: <Y/64vsTFCJ8+gTuG@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Y/64vsTFCJ8+gTuG@faui48e.informatik.uni-erlangen.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/YRe1Y5aoeNBIcoaZKs1CAOxUUlU>
Subject: Re: [Anima] WGLC for draft-ietf-anima-jws-voucher-06 ends March 15th, 2023
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2023 02:47:20 -0000
Here is my feedback / review of -06: Thanks a lot for this work. Looks good. Now if we could just split up all the hard work into simple small docs like this ;-)) Couple of hopefully easy to fix text nits. two simple process 'majors', only maybe somewhat a point of discussion is to upgrade all refs from rfc8366 to rfc8366bis - to make this JWS work immediately applicable to any extensions that rfc8366 will bring. Comments inline using output of idnits. Cheers Toerless --- idnits 2.17.1 draft-ietf-anima-jws-voucher-06.txt: -(579): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There is 1 instance of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7515], [RFC8366]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document date (22 February 2023) is 21 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'THIS RFC' is mentioned on line 265, but not defined == Missing Reference: 'RFCxxxx' is mentioned on line 291, but not defined == Missing Reference: 'THING' is mentioned on line 291, but not defined == Outdated reference: A later version (-08) exists of draft-ietf-anima-brski-prm-07 == Outdated reference: A later version (-20) exists of draft-ietf-anima-constrained-voucher-19 Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 anima Working Group T. Werner 3 Internet-Draft Siemens AG 4 Updates: RFC8366 (if approved) M. Richardson 5 Intended status: Standards Track Sandelman Software Works 6 Expires: 26 August 2023 22 February 2023 8 JWS signed Voucher Artifacts for Bootstrapping Protocols 9 draft-ietf-anima-jws-voucher-06 11 Abstract 13 [RFC8366] defines a digital artifact called voucher as a YANG-defined 14 JSON document that is signed using a Cryptographic Message Syntax 15 (CMS) structure. This document introduces a variant of the voucher 16 artifact in which CMS is replaced by the JSON Object Signing and 17 Encryption (JOSE) mechanism described in [RFC7515] to support 18 deployments in which JOSE is preferred over CMS. 20 In addition to explaining how the format is created, the 21 "application/voucher-jws+json" media type is registered and examples 22 are provided. nit: i think this second paragraph (20-22) is redundant here. Remove. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on 26 August 2023. 41 Copyright Notice 43 Copyright (c) 2023 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 48 license-info) in effect on the date of publication of this document. 49 Please review these documents carefully, as they describe your rights 50 and restrictions with respect to this document. Code Components 51 extracted from this document must include Revised BSD License text as 52 described in Section 4.e of the Trust Legal Provisions and are 53 provided without warranty as described in the Revised BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Voucher Artifact with JSON Web Signature . . . . . . . . . . 3 60 3.1. Voucher Representation in General JWS JSON Serialization 61 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 3.2. JWS Payload of Voucher in General JWS JSON 63 Serialization . . . . . . . . . . . . . . . . . . . . . . 4 64 3.3. JWS Protected Header of Voucher in General JWS JSON 65 Serialization . . . . . . . . . . . . . . . . . . . . . . 5 66 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 5 67 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 68 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 69 6.1. Media-Type Registry . . . . . . . . . . . . . . . . . . . 6 70 6.1.1. application/voucher-jws+json . . . . . . . . . . . . 6 71 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 72 8. Changelog [RFC Editor: please delete] . . . . . . . . . . . . 7 73 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 7 74 9.1. Example Pledge Voucher Request - PVR (from Pledge to 75 Registrar) . . . . . . . . . . . . . . . . . . . . . . . 7 76 9.2. Example Parboiled Registrar Voucher Request - RVR (from 77 Registrar to MASA) . . . . . . . . . . . . . . . . . . . 9 78 9.3. Example Voucher Response (from MASA to Pledge, via 79 Registrar) . . . . . . . . . . . . . . . . . . . . . . . 11 80 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 81 10.1. Normative References . . . . . . . . . . . . . . . . . . 12 82 10.2. Informative References . . . . . . . . . . . . . . . . . 13 83 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 14 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 86 1. Introduction 88 "A Voucher Artifact for Bootstrapping Protocols" [RFC8366] defines a 89 YANG-based data structure used in "Bootstrapping Remote Secure Key ^ nit: Full stop, start new sentence: "It is ..". Always good when coming from a german background to try to split sentences into shorter ones or thinking about shorter sentences in english - and useful to do re-reading acros any whole draft (not that i am the expert on this, i just have been beaten over the head very often by reviewers for this). 90 Infrastructure" [BRSKI] and "Secure Zero Touch Provisioning" [SZTP] 91 to transfer ownership of a device from a manufacturer to a new owner 92 (site domain). That document provides a serialization of the voucher 93 to JSON [RFC8259] with a signature according to the Cryptographic 94 Message Syntax (CMS) [RFC5652]. The resulting voucher artifact has 95 the media type "application/voucher-cms+json". nit: I would move the sentence explaining where it's used to the end of the paragraph as it interrupts the flow of explaining what it is.. 97 [I-D.ietf-anima-constrained-voucher] provides a serialization of the 98 voucher to CBOR [RFC8949] with the signature format of COSE [RFC8812] 99 and the media type "application/voucher-cose+cbor". nit: These reference will just be RFC numbers, one this draft turns RFC, so it will be a lot harder to immediately guess that the reason for this draft is to support constrained environments. Suggest you add a sentence or two to explain the purpose of this work in this respect. nit: Its also not clear why this is mentioned here. E.g.: whats the relevance to this draft ? Add another sentence or two. 101 This document provides a serialization of the voucher to JSON 102 [RFC8259] with the signature in form of JSON Web Signature (JWS) 103 [RFC7515] and the media type "application/voucher-jws+json". The 104 encoding specified in this document is used by 105 [I-D.ietf-anima-brski-prm] and may be more handy for use cases 106 requiring signed JSON objects. nit: Up to this point, and with quick lookahead through the rest of the document, i think it is missing a good hard justification for this work. Is there a good/hard example for JWS to reduce the need for otherwise unnecessary CMS libraries ? I am not sure about this given how i think we always need CMS for parsing of certificates - which i think we can never avoid ? Aka: Whatver the best explanation is of reduction in code in this respect might be one useful justification. JWS using the sameencoding mechanisms as the voucher, hence reducing the number of encodings == "programming languages" that need to be understood/used by developers and operators troubleshooting. I guess this true but needs to be put into better sentence(s). In general: whatever benefits of this mechanism are that could help other adopters of solution pick this option over other BRSKI option. 108 This document does not extend the YANG definition of [RFC8366]. nit: s/extend/change/ 110 With the availability of different encoded vouchers, nit: differently 110 it is up to an 111 industry specific application statement to indicate/decide which 112 voucher signature format is to be used. There is no provision across 113 the different voucher signature formats that a receiver could safely 114 recognize which format it uses unless additional context is provided. 115 For example, [BRSKI] provides this context via the media type for the 116 voucher artifact. nit: would suggest rewording 110-116 as follows: applications that use voucher must either assume one specific voucher encoding or indicate which voucher encoding is used through mechanism such as the aforementioned media-types which are defined for all voucher encodings. nit: i think "voucher and signature format" is better 116 This document utilizes the optional "typ" (Type) 117 Header Parameter of JWS [RFC7515] to provide information about the 118 signed object. nit: I think this is "introduces", but not "utilizes". As in: code right now could ignore this field, right ? nit: Migh want to write a sentence avbout what the Type field offers as benefit. I guess it does allow to distinguish different Types while still keeping the same media-type, but that does not help much if the mechanism to request/reply a particular voucher format can only negotiate based on media-type. In that case, every different JWS voucher option we want to invent might need a separate media-type. 120 This document should be considered an update to [RFC8366] in the 121 category of "See Also" as per [I-D.kuehlewind-update-tag]. TODO: 122 double check with RFC8366bis major: I don't think this is an update to RFC8366 or RFC8366bis according to the currently active semantic of update. This is because we are not changing any encoding/extension point or the like of vouchers according to rfc8366. Instead we are creating a derived "JWS Format Voucher Artefact". Maybe this is the wording that cold be used in the initial explanation text. Something like 'rfc8366bis defines a "CMS Format Voucher Artefact" (RFC8366, Section 6.5). The voucher is defined via YANG and CMS is the signature format. This document defined a "JWS Format Voucher Artefact" using the voucher YANG definitions of RFC866bis and replacing the CMS signature with a JWS signature. Aka: Lets forget to even reference RFC8366 but only RFC8366. This allows us not to have to explain how RFC8366bis is a superset/evolution of RFC8366 and how even if we immediately only need RFC8366 YANG model for PRM, it of course is a lot more flexible to specify applicability of the JWS signature for the whole RFC8366bis superset of YANG options. This is of course only best and true if there are not any incompatibilities between JWS and any RFC8366bis YANG model details... But i couldn't think of what that could be. Aka: should all be correct. 124 2. Terminology 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 128 "OPTIONAL" in this document are to be interpreted as described in 129 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 130 capitals, as shown here. 132 3. Voucher Artifact with JSON Web Signature 134 [RFC7515] defines the following serializations for JWS: 136 1. "JWS Compact Serialization" in Section 7.1 of [RFC7515] 138 2. "JWS JSON Serialization" in Section 7.2 of [RFC7515] - "General 139 JWS JSON Serialization Syntax" in Section 7.2.1 of [RFC7515] 140 - "Flattened JWS JSON Serialization Syntax" in Section 7.2.2 of 141 [RFC7515] 143 This document makes use of the "General JWS JSON Serialization 144 Syntax" to support multiple signatures, as already supported by 145 [RFC8366] for CMS-signed vouchers. nit: do you need 134-141 ? You could simple write in 144: Syntax" according to Section 7.2.1 of [RFC7517], 147 The [RFC8366] voucher data structure consists of a nested map, the 148 outer map of which is: 150 { "ietf-voucher:voucher" : { inner map }} nit: All those things said with rfc8366 would be nice to upgrade to rfc8366 and check if thats still all correct. I think it is, but Michael would best have to ack. 152 This outer map is considered the JWS Payload as described in 153 Section 3 of [RFC7515]. A "JWS JSON Serialization Overview" is given 154 in Section 3.2 of [RFC7515] and more details on the JWS 155 serializations in Section 7 of [RFC7515]. 157 3.1. Voucher Representation in General JWS JSON Serialization Syntax 159 The following figure gives an overview of the Voucher representation nit: how is this "gives an overview" ? Isn't this "specifies the Voucher representation in compliance with the "General JWS JSON Serialization Syntax" aka: you are allocating/defining "ietf-voucher:voucher" here, so it is a specification... ?! (i think) 160 in "General JWS JSON Serialization Syntax": 162 { 163 "payload": "BASE64URL(ietf-voucher:voucher)", 164 "signatures": [ 165 { 166 "protected": "BASE64URL(UTF8(JWS Protected Header))", 167 "signature": "base64encodedvalue==" nit: i think you need to copy some notational text from rfc8366bis into some earlier sections of this document to define the format BASE64URL and base64encodedvalue before using them here. 168 } 169 ] 170 } 172 Figure 1: Voucher Representation in General JWS JSON 173 Serialization Syntax nit: I think this caption should be somthing like Voucher representation using the General JWS JSON Serialization in JSON Syntax 175 3.2. JWS Payload of Voucher in General JWS JSON Serialization 177 The following figure depicts the decoded JWS Payload in JSON syntax: nit: depicts an example of a decoded ?? 179 { 180 "ietf-voucher:voucher": { 181 "assertion": "logged", 182 "serial-number": "0123456789", 183 "nonce": "5742698422680472", 184 "created-on": "2022-07-08T03:01:24.618Z", 185 "pinned-domain-cert": "base64encodedvalue==" 186 } 187 } 189 Figure 2: Decoded JWS Payload in JSON Syntax 191 3.3. JWS Protected Header of Voucher in General JWS JSON Serialization 193 The standard header parameters "typ" and "alg" as described in 194 [RFC7515] are utilized in the protected header. The "alg" header 195 MUST contain the algorithm type used to create the signature, e.g., 196 "ES256". The "typ" header SHOULD contain the value "TODO: voucher- 197 jws+json", if present. major: I don't think we should go with a "TODO" here past WGLC, please come up with a proposal. 199 If X.509 (PKIX) certificates [RFC5280] are used, then the "x5c" 200 parameter defined in Section 4.1.6 of [RFC7515] SHOULD be used to 201 contain the certificate and chain. Vouchers will often need all 202 certificates in the chain, including what would be considered the 203 trust anchor certificate, because intermediate devices (such as the 204 Registrar) may need to audit the artifact, or end systems may need to 205 pin a trust anchor for future operations. Note, a trust anchor 206 SHOULD be provided differently to be trusted. This is consistent nit: Sentence does not parse. "provided differently" - differently from what ? 207 with Section 5.5.2 of [BRSKI]. 209 The following figure gives the decoded JWS Protected Header in JSON 210 syntax: nit: is this example or specification ? Seems like we want to specify the "voucher-jws+json" field, but not suer about "alg". Seems like an example ? Maybe split into a spec picture and an example picture, even if they just differ by "alg". 212 { 213 "alg": "ES256", 214 "typ": "voucher-jws+json", 215 "x5c": [ 216 "base64encodedvalue1==", 217 "base64encodedvalue2==" 218 ] 219 } 221 Figure 3: JWS Protected Header in JSON Syntax 223 4. Privacy Considerations 225 The Voucher Request reveals the IDevID of the component (Pledge) that nit: s/The/A/ 226 is in the process of bootstrapping. 228 This request occurs via HTTP-over-TLS, however, for the Pledge-to- 229 Registrar TLS connection, the Pledge is provisinally accepting the ^^^^^^^^^^^^ 230 Registrar server certificate. Hence it is subject to disclosure by a 231 Dolev-Yao attacker (a "malicious messenger")[onpath], as explained in nit: If you want to include such fancy name-calling for an attack, you should also add a reference for it. nit: Please make this explanation conditional, e.g.:will reveal the IDevID... if a signaling mechanism such as that of BRSKI is used. Aka: Exposure is not a property of the voucher concept but of the signaling using to retrieve a voucher-request. 232 Section 10.2 of [BRSKI]. 234 The use of a JWS header brings no new privacy considerations. nit: s/header/signature/ nit: ... compared to the use of CMS signaure. 236 5. Security Considerations 238 The issues of how [RFC8366] vouchers are used in a [BRSKI] system is 239 addressed in Section 11 of [BRSKI]. This document does not change 240 any of those issues, it just changes the signature technology used 241 for voucher request and response artifacts. 243 Section 9 of [SZTP] deals with voucher use in Secure Zero Touch 244 Provisioning, for which this document also makes no changes to 245 security. nit: add reference to section in BRSKI-PRM which likely is most important because that is where JWS voucher is actually planned to be used, and its security considerations are somewhat different from BRSKI if i remember correctly. 247 6. IANA Considerations 249 6.1. Media-Type Registry 251 This section registers the "application/voucher-jws+json" in the 252 "Media Types" registry. 254 6.1.1. application/voucher-jws+json I don't think you need to sub-section the request into 6.1.1, keep it in 6.1 But replace 251-252 with something like: This document registers a new media type in the "Media Types" registry [RFC6838]. IANA is asked to register the following: 256 Type name: application 257 Subtype name: voucher-jws+json 258 Required parameters: none 259 Optional parameters: none 260 Encoding considerations: JWS+JSON vouchers are JOSE objects 261 signed with one or multiple signers. 262 Security considerations: See section [Security Considerations] 263 Interoperability considerations: The format is designed to be 264 broadly interoperable. 265 Published specification: [THIS RFC]. 266 Applications that use this media type: ANIMA, 6tisch, and other 267 zero-touch bootstrapping/provisioning solutions 268 Additional information: 269 Magic number(s): None 270 File extension(s): .vjj 271 Macintosh file type code(s): none 272 Person & email address to contact for further information: IETF 273 ANIMA WG 274 Intended usage: LIMITED 275 Restrictions on usage: NONE 276 Author: ANIMA WG 277 Change controller: IETF 278 Provisional registration? (standards tree only): NO 280 7. Acknowledgments 282 We would like to thank the various reviewers for their input, in 283 particular Steffen Fries, Ingo Wenda, ...TODO Support in PoC 284 implementations Hong Rui Li and He Peng Jia, ...TODO nit: Remove TODO. Once you get additional reviews, e.g.: IESG, AD and the like, i have started to put in parenthesis the role from which the review was done No need to include names of foks you've listed below as contributors (e.g.: Steffen, myself) 286 [RFC Editor: please delete] TODO: ... 288 8. Changelog [RFC Editor: please delete] 290 * Added adoption call comments from Toerless. Changed from 291 [RFCxxxx] to [THING] style for some key references. 293 * Updated references "I-D.ietf-anima-brski-async-enroll" switched to 294 "I-D.ietf-anima-brski-prm" 296 * Switch from "JWS Compact Serialization" to "General JWS JSON 297 Serialization", as focus is now on "General JWS JSON 298 Serialization" 300 * Include Voucher representation in "General JWS JSON Serialization" 301 syntax 303 * Include examples A1, A2, A3 using "General JWS JSON Serialization" 305 * Added optional "typ": "voucher-jws+json" header parameter to JWS 306 objects 308 * Examples folded according to RFC8792, Single Backslash rule 310 * Restructuring and clean-up, preparation for WGLC 312 * Included feedback from shepherd review 314 -- back 316 9. Examples 318 These examples are folded according to [RFC8792] Single Backslash 319 rule. 321 9.1. Example Pledge Voucher Request - PVR (from Pledge to Registrar) 323 The following is an example request sent from a Pledge to the 324 Registrar, in "General JWS JSON Serialization". 326 =============== NOTE: '\' line wrapping per RFC 8792 ================ 328 { 329 "payload": "eyJpZXRmLXZvdWNoZXItcmVxdWVzdDp2b3VjaGVyIjp7InNlcmlhbC\ 330 1udW1iZXIiOiIwMTIzNDU2Nzg5Iiwibm9uY2UiOiI2R3RuK1pRS04ySHFERlZrQkV4Wk\ 331 xRPT0iLCJjcmVhdGVkLW9uIjoiMjAyMi0wNy0wOFQwODo0MDo0Mi44MjBaIiwicHJveG\ 332 ltaXR5LXJlZ2lzdHJhci1jZXJ0IjoiTUlJQjRqQ0NBWWlnQXdJQkFnSUdBWFk3MmJiWk\ 333 1Bb0dDQ3FHU000OUJBTUNNRFV4RXpBUkJnTlZCQW9NQ2sxNVFuVnphVzVsYzNNeERUQU\ 334 xCZ05WQkFjTUJGTnBkR1V4RHpBTkJnTlZCQU1NQmxSbGMzUkRRVEFlRncweU1ERXlNRG\ 335 N3TmpFNE1USmFGdzB6TURFeU1EY3dOakU0TVRKYU1ENHhFekFSQmdOVkJBb01DazE1UW\ 336 5WemFXNWxjM014RFRBTEJnTlZCQWNNQkZOcGRHVXhHREFXQmdOVkJBTU1EMFJ2YldGcG\ 337 JsSmxaMmx6ZEhKaGNqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJCaz\ 338 E2Sy9pNzlvUmtLNVliZVBnOFVTUjgvdXMxZFBVaVpITXRva1NkcUtXNWZuV3NCZCtxUk\ 339 w3V1JmZmVXa3lnZWJvSmZJbGx1cmNpMjV3bmhpT1ZDR2plekI1TUIwR0ExVWRKUVFXTU\ 340 JRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREhEQU9CZ05WSFE4QkFmOEVCQU1DQjRBd1\ 341 NBWURWUjBSQkVFd1A0SWRjbVZuYVhOMGNtRnlMWFJsYzNRdWMybGxiV1Z1Y3kxaWRDNX\ 342 VaWFNDSG5KbFoybHpkSEpoY2kxMFpYTjBOaTV6YVdWdFpXNXpMV0owTG01bGREQUtCZ2\ 343 dxaGtqT1BRUURBZ05JQURCRkFpQnhsZEJoWnEwRXY1SkwyUHJXQ3R5UzZoRFlXMXlDTy\ 344 9SYXVicEM3TWFJRGdJaEFMU0piZ0xuZ2hiYkFnMGRjV0ZVVm8vZ0dOMC9qd3pKWjBTbD\ 345 JoNHhJWGsxIn19", 346 "signatures": [{ 347 "protected": "eyJ4NWMiOlsiTUlJQitUQ0NBYUNnQXdJQkFnSUdBWG5WanNVNU\ 348 1Bb0dDQ3FHU000OUJBTUNNRDB4Q3pBSkJnTlZCQVlUQWtGUk1SVXdFd1lEVlFRS0RBeE\ 349 thVzVuU21sdVowTnZjbkF4RnpBVkJnTlZCQU1NRGtwcGJtZEthVzVuVkdWemRFTkJNQ0\ 350 FYRFRJeE1EWXdOREExTkRZeE5Gb1lEems1T1RreE1qTXhNak0xT1RVNVdqQlNNUXN3Q1\ 351 FZRFZRUUdFd0pCVVRFVk1CTUdBMVVFQ2d3TVNtbHVaMHBwYm1kRGIzSndNUk13RVFZRF\ 352 ZRUUZFd293TVRJek5EVTJOemc1TVJjd0ZRWURWUVFEREE1S2FXNW5TbWx1WjBSbGRtbG\ 353 paVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQzc5bGlhUmNCalpjRU\ 354 VYdzdyVWVhdnRHSkF1SDRwazRJNDJ2YUJNc1UxMWlMRENDTGtWaHRVVjIxbXZhS0N2TX\ 355 gyWStTTWdROGZmd0wyM3ozVElWQldqZFRCek1Dc0dDQ3NHQVFVRkJ3RWdCQjhXSFcxaG\ 356 MyRXRkR1Z6ZEM1emFXVnRaVzV6TFdKMExtNWxkRG81TkRRek1COEdBMVVkSXdRWU1CYU\ 357 FGRlFMak56UFwvU1wva291alF3amc1RTVmdndjWWJNQk1HQTFVZEpRUU1NQW9HQ0NzR0\ 358 FRVUZCd01DTUE0R0ExVWREd0VCXC93UUVBd0lIZ0RBS0JnZ3Foa2pPUFFRREFnTkhBRE\ 359 JFQWlCdTN3UkJMc0pNUDVzTTA3MEgrVUZyeU5VNmdLekxPUmNGeVJST2xxcUhpZ0lnWE\ 360 NtSkxUekVsdkQycG9LNmR4NmwxXC91eW1UbmJRRERmSmxhdHVYMlJvT0U9Il0sInR5cC\ 361 I6InZvdWNoZXItandzK2pzb24iLCJhbGciOiJFUzI1NiJ9", 362 "signature": "abVg4TDGzSTjVHkQlNeIW3ABu5ZXdMl1cEqwcIAlHFW4BrlGbO\ 363 -DRTKfyCOGxSW49-ktJcrVlYgKqC4xmZoy0Q" 364 }] 365 } 367 Figure 4: Example Pledge Voucher Request - PVR 369 9.2. Example Parboiled Registrar Voucher Request - RVR (from Registrar 370 to MASA) 372 The term parboiled refers to food which is partially cooked. In 373 [BRSKI], the term refers to a Pledge voucher-request (PVR) which has 374 been received by the Registrar, and then has been processed by the 375 Registrar ("cooked"), and is now being forwarded to the MASA. 377 The following is an example Registrar voucher-request (RVR) sent from 378 the Registrar to the MASA, in "General JWS JSON Serialization". Note 379 that the previous PVR can be seen in the payload as "prior-signed- 380 voucher-request". 382 =============== NOTE: '\' line wrapping per RFC 8792 ================ 384 { 385 "payload": "eyJpZXRmLXZvdWNoZXItcmVxdWVzdDp2b3VjaGVyIjp7InNlcmlhbC\ 386 1udW1iZXIiOiIwMTIzNDU2Nzg5IiwiaWRldmlkLWlzc3VlciI6IkJCZ3dGb0FVVkF1TT\ 387 NNLzlMK1NpNk5EQ09Ea1RsKy9CeGhzPSIsIm5vbmNlIjoiNkd0bitaUUtOMkhxREZWa0\ 388 JFeFpMUT09IiwicHJpb3Itc2lnbmVkLXZvdWNoZXItcmVxdWVzdCI6ImV5SndZWGxzYj\ 389 JGa0lqb2laWGxLY0ZwWVVtMU1XRnAyWkZkT2IxcFlTWFJqYlZaNFpGZFdlbVJFY0RKaU\ 390 0xWnFZVWRXZVVscWNEZEpiazVzWTIxc2FHSkRNWFZrVnpGcFdsaEphVTlwU1hkTlZFbD\ 391 ZUa1JWTWs1Nlp6VkphWGRwWW0wNWRWa3lWV2xQYVVreVVqTlNkVXN4Y0ZKVE1EUjVVMG\ 392 hHUlZKc1duSlJhMVkwVjJ0NFVsQlVNR2xNUTBwcVkyMVdhR1JIVm10TVZ6bDFTV3B2YV\ 393 UxcVFYbE5hVEIzVG5rd2QwOUdVWGRQUkc4d1RVUnZNRTFwTkRSTmFrSmhTV2wzYVdOSV\ 394 NuWmxSMngwWVZoU05VeFlTbXhhTW14NlpFaEthR05wTVdwYVdFb3dTV3B2YVZSVmJFcF\ 395 JhbEp4VVRCT1FsZFhiRzVSV0dSS1VXdEdibE5WWkVKWFJtc3pUVzFLYVZkck1VSmlNR1\ 396 JFVVROR1NGVXdNREJQVlVwQ1ZGVk9UbEpHVmpSU1dIQkNWV3RLYmxSc1drTlJWemxPVV\ 397 RKemVFNVdSblZXYm5Cb1ZucFdjMWw2VGs1bFJWSlZVVlY0UTFvd05WZFJhMFpxVkZWS1\ 398 IxUnVRbXRTTVZZMFVraHdRbFJyU201VWJGcERVVlV4VGxGdGVGTmlSMDE2Vld0U1VsWk\ 399 ZSbXhTYm1OM1pWVXhSVkpZYkU1U1IwNHpWRzF3Ums1Rk1WVlRiVVpIWkhwQ05sUlZVa1\ 400 psVlRGRldUTmtUMkZyVlRCVVZsSkxXVlV4UlU1SWFFWmxhMFpUVVcxa1QxWnJTa0ppTU\ 401 RGRVlYcEZNVlZYTlZkbGJVWllUbGQ0YWswd01UUlNSbEpDVkVWS2JsUnNXa05SVjA1T1\ 402 VXdGFUMk5IVWtoV1dHaElVa1ZHV0ZGdFpFOVdhMHBDVkZVeFJVMUdTakpaYkdSSFkwZE\ 403 tjMU50ZUdGTmJYZzJXa1ZvUzJGSFRuRlJiSEJPVVdzeFNGRnViSGhTTVU1T1RrUnNRbG\ 404 93VmtoUk1FNTRVakZPVGs1RWJFSmtNRlpKVVZSQ1NsRlZTa05oZWtVeVUzazVjRTU2Yk\ 405 haVmJYUk1UbFpzYVZwV1FtNVBSbFpVVldwbmRtUllUWGhhUmtKV1lWWndTVlJZVW5aaE\ 406 1VNXJZMVYwV0U1WFduVldNMDVEV2tOMGVGVnJkek5XTVVwdFdtMVdXR0V6Ykc1YVYwcD\ 407 JVMjFhU21KSGVERmpiVTV3VFdwV00ySnRhSEJVTVZwRVVqSndiR1ZyU1RGVVZVbDNVak\ 408 JGZUZaWFVrdFZWa1pZVkZWS1VsSXdUa1JqTUdSQ1ZWWldSMUZ1WkU1UmEwcHVXak5LUT\ 409 Fvd1ZrZFJiRVpxVWtWb1JWRlZPVU5hTURWWFUwWkZORkZyUm0xUFJWWkRVVlV4UkZGcV\ 410 VrSmtNVTVDVjFWU1YxVnFRbE5SYTFaR1pERkJNRk5YVW1waVZscDFXVlpvVDAxSFRuUl\ 411 NibXhOVjBaS2MxbDZUbEprVjAxNVlrZDRhVll4V2pGWk0ydDRZVmRTUkU1WVZtRlhSaz\ 412 VFVTBjMVMySkdiM2xpU0hCclUwVndiMWt5YTNoTlJuQlpWR3BDVDJGVVZqWlpWbVJYWk\ 413 Vad1dFNVljRTFXTUc5M1ZFY3dNV0pIVWtWUlZYUkRXakprZUdGSGRIRlVNVUpTVlZWU1\ 414 Fsb3dOVXBSVlZKRFVtdEdjRkZ1YUhOYVJVcHZWMjVGZDFKWVdURlRhM2Q1VlVoS1dGRX\ 415 pValZWZWxwdlVrWnNXRTFZYkVSVWVUbFRXVmhXYVdORlRUTlVWMFpLVWtka1NtRkZSaz\ 416 FWTUhCcFdqQjRkVm95YUdsWmEwWnVUVWRTYWxZd1dsWldiVGgyV2pCa1QwMURPWEZrTT\ 417 NCTFYycENWR0pFU205T1NHaEtWMGR6ZUVsdU1Ua2lMQ0p6YVdkdVlYUjFjbVZ6SWpwYm\ 418 V5SndjbTkwWldOMFpXUWlPaUpsZVVvMFRsZE5hVTlzYzJsVVZXeEtVV2wwVlZFd1RrSl\ 419 pWVTV1VVZoa1NsRnJSbTVUVldSQ1YwYzFWMkZ1VGxaT1ZURkNZakJrUkZFelJraFZNRE\ 420 F3VDFWS1FsUlZUazVTUkVJMFVUTndRbE5yU201VWJGcERVVlpzVlZGWGRFZFZhekZUVm\ 421 xoa1JtUXhiRVZXYkVaU1V6QlNRbVZGZEdoV2VsWjFWVEl4YzJSV2IzZFVibHBxWW10R0\ 422 5GSnVjRUpXYTBwdVZHeGFRMUZWTVU1U1IzUjNZMGRLZEZwRmRHaFdlbFoxVm10a1YyVn\ 423 RVa1pVYTBwT1VUQkdXVkpHVWtwbFJURkZWMWhrVDFKRlJYaFVhMUphWlVVMVIySXhiRV\ 424 ZsYlhNeFZERlNjbVZGTVhGVVdHaE9ZV3N3ZUZReFVsWk9WbVJ4VVd4T1RsVllUak5STV\ 425 VaYVVrWmFVbFZWWkVaa01IQkRWbFpTUmxack1VTlVWV1JDVFZaV1JsRXlaRE5VVms1MF\ 426 lraFdZVTFJUW5kWmJURnJVa2RKZWxOdVpFNVZhekV6VWxaR1dsSkdXbEpWVlZwR1pEST\ 427 VNMVJXVWtwbGF6VkZWbFJLVDJWdFl6RlVWa3BxWkRCYVVsZFZVbGRWVmtaRlVrVkZNVk\ 428 15UmxoT1Z6VlVZbGQ0TVZkcVFsTmlSMUowWWtkd1lWWkZTbUZVVlVwT1VqQktOV05WWk\ 429 ZSVVZGRTFVVmRrUmxJd1RrUmpWV1JVVkZSUk5WRllaRVpUUlVWM1UxVkdRMUY2WXpWaV\ 430 IyeG9WVzFPUTJGc2NHcFNWVlpaWkhwa2VWWlhWbWhrYmxKSVUydEdNVk5FVW5kaGVsSk\ 431 tUa1JLTWxsVlNrNWpNVlY0VFZkc1RWSkZUa1JVUjNSWFlVaFNWbFpxU1hoaVdGcG9Vek\ 432 JPTWxSWVozbFhVM1JVVkZka1VrOUhXbTFrTUhkNVRUTnZlbFpGYkZkUmJHUnhXa1pTUT\ 433 JWck1VUmpNR1JFVVROT1NGRldSbFpTYTBvelVsZGtRMUZxYUZoVFJtTjRZVWROZVZKWV\ 434 VtdFNNVm8yV2tWTk1XVnRSbGhXYmxKaFZucFdObFJHWkV0TlJYaDBUbGQ0YTFKSE9ERl\ 435 VhMUpTWldzeFEwOUZaRUpOVmxaclUxaGtVbGRWTVVOWlZVWkhVbXhHVFdGck5UWlZSbm\ 436 QyVlRGM2RtRXlPVEZoYkVZellXMWpNVkpVVm0xa2JtUnFWMWRLVGxGck1VaFJWRVpXV2\ 437 tWd1VsVlZNVTVSVnpsSVVUQk9lbEl3UmxKV1ZWcERaREF4UkZSVlJUQlNNRVY0VmxkU1\ 438 JXUXdWa05ZUXprelZWVldRbVF3YkVsYU1GSkNVekJLYmxvelJtOWhNbkJRVlVaR1VsSk\ 439 ZSbTVVYTJoQ1VrVktSbEZYYkVOa1ZFNHpWV3RLVFdNd2NFNVZSRlo2VkZSQk0wMUZaM0\ 440 pXVlZwNVpWVTFWazV0WkV4bGEzaFFWVzFPUjJWV1NsTlVNbmg0WTFWb2NGb3diRzVYUl\ 441 U1MFUydDRWV1ZyVm5Oa2ExRjVZMGM1VEU1dFVqUk9iWGQ0V0VNNU1XVlhNVlZpYlVwU1\ 442 VrVlNiVk50ZUdoa1NGWlpUV3hLZGxRd1ZUbEpiREJ6U1c1U05XTkRTVFpKYmxwMlpGZE\ 443 9iMXBZU1hSaGJtUjZTekp3ZW1JeU5HbE1RMHBvWWtkamFVOXBTa1pWZWtreFRtbEtPU0\ 444 lzSW5OcFoyNWhkSFZ5WlNJNkltRmlWbWMwVkVSSGVsTlVhbFpJYTFGc1RtVkpWek5CUW\ 445 5VMVdsaGtUV3d4WTBWeGQyTkpRV3hJUmxjMFFuSnNSMkpQTFVSU1ZFdG1lVU5QUjNoVF\ 446 Z6UTVMV3QwU21OeVZteFpaMHR4UXpSNGJWcHZlVEJSSW4xZGZRPT0iLCJjcmVhdGVkLW\ 447 9uIjoiMjAyMi0wNy0wOFQwODo0MDo0Mi44NDhaIn19", 448 "signatures": [{ 449 "protected": "eyJ4NWMiOlsiTUlJQm96Q0NBVXFnQXdJQkFnSUdBVzBlTHVJRk\ 450 1Bb0dDQ3FHU000OUJBTUNNRFV4RXpBUkJnTlZCQW9NQ2sxNVFuVnphVzVsYzNNeERUQU\ 451 xCZ05WQkFjTUJGTnBkR1V4RHpBTkJnTlZCQU1NQmxSbGMzUkRRVEFlRncweE9UQTVNVE\ 452 V3TWpNM016SmFGdzB5T1RBNU1URXdNak0zTXpKYU1GUXhFekFSQmdOVkJBb01DazE1UW\ 453 5WemFXNWxjM014RFRBTEJnTlZCQWNNQkZOcGRHVXhMakFzQmdOVkJBTU1KVkpsWjJsem\ 454 RISmhjaUJXYjNWamFHVnlJRkpsY1hWbGMzUWdVMmxuYm1sdVp5QkxaWGt3V1RBVEJnY3\ 455 Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVQ2eFZ2QXZxVHoxWlVpdU5XaFhwUXNrYV\ 456 B5N0FISFFMd1hpSjBpRUx0NnVOUGFuQU4wUW5XTVlPXC8wQ0RFaklrQlFvYnc4WUtxan\ 457 R4SkhWU0dUajlLT295Y3dKVEFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNESERBT0JnTl\ 458 ZIUThCQWY4RUJBTUNCNEF3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWXIyTGZxb2FDS0\ 459 RGNFJBY01tSmkrTkNacWRTaXVWdWdJU0E3T2hLUnEzWUNJRHhuUE1NbnBYQU1UclBKdV\ 460 BXeWNlRVIxMVB4SE9uKzBDcFNIaTJxZ3BXWCIsIk1JSUJwRENDQVVtZ0F3SUJBZ0lHQV\ 461 cwZUx1SCtNQW9HQ0NxR1NNNDlCQU1DTURVeEV6QVJCZ05WQkFvTUNrMTVRblZ6YVc1bG\ 462 MzTXhEVEFMQmdOVkJBY01CRk5wZEdVeER6QU5CZ05WQkFNTUJsUmxjM1JEUVRBZUZ3MH\ 463 hPVEE1TVRFd01qTTNNekphRncweU9UQTVNVEV3TWpNM016SmFNRFV4RXpBUkJnTlZCQW\ 464 9NQ2sxNVFuVnphVzVsYzNNeERUQUxCZ05WQkFjTUJGTnBkR1V4RHpBTkJnTlZCQU1NQm\ 465 xSbGMzUkRRVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT2t2a1RIdT\ 466 hRbFQzRkhKMVVhSTcrV3NIT2IwVVMzU0FMdEc1d3VLUURqaWV4MDZcL1NjWTVQSmlidm\ 467 dIVEIrRlwvUVRqZ2VsSEd5MVlLcHdjTk1jc1N5YWpSVEJETUJJR0ExVWRFd0VCXC93UU\ 468 lNQVlCQWY4Q0FRRXdEZ1lEVlIwUEFRSFwvQkFRREFnSUVNQjBHQTFVZERnUVdCQlRvWk\ 469 lNelFkc0RcL2pcLytnWFwvN2NCSnVjSFwvWG1qQUtCZ2dxaGtqT1BRUURBZ05KQURCR0\ 470 FpRUF0eFEzK0lMR0JQSXRTaDRiOVdYaFhOdWhxU1A2SCtiXC9MQ1wvZlZZRGpRNm9DSV\ 471 FERzJ1UkNIbFZxM3loQjU4VFhNVWJ6SDgrT2xoV1V2T2xSRDNWRXFEZGNRdz09Il0sIn\ 472 R5cCI6InZvdWNoZXItandzK2pzb24iLCJhbGciOiJFUzI1NiJ9", 473 "signature": "0fzuqVdyhemWsu_HQeF-CmQwJeLp9IStNf-bWZwz6SojrEOR4a\ 474 Dq6VStyG8eWXjGHNZiRyyLJo7RP1rKatuS2w" 475 }] 476 } 478 Figure 5: Example Parboiled Registrar Voucher Request - RVR 480 9.3. Example Voucher Response (from MASA to Pledge, via Registrar) 482 The following is an example voucher response from MASA to Pledge via 483 Registrar, in "General JWS JSON Serialization". 485 =============== NOTE: '\' line wrapping per RFC 8792 ================ 487 { 488 "payload": "eyJpZXRmLXZvdWNoZXI6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJsb2\ 489 dnZWQiLCJzZXJpYWwtbnVtYmVyIjoiMDEyMzQ1Njc4OSIsIm5vbmNlIjoiZGRoSGQ4Ml\ 490 FpUGtzMDBTck1USTlEUT09IiwiY3JlYXRlZC1vbiI6IjIwMjItMDctMDdUMTc6NDc6MD\ 491 EuODkwWiIsInBpbm5lZC1kb21haW4tY2VydCI6Ik1JSUJwRENDQVVtZ0F3SUJBZ0lHQV\ 492 cwZUx1SCtNQW9HQ0NxR1NNNDlCQU1DTURVeEV6QVJCZ05WQkFvTUNrMTVRblZ6YVc1bG\ 493 MzTXhEVEFMQmdOVkJBY01CRk5wZEdVeER6QU5CZ05WQkFNTUJsUmxjM1JEUVRBZUZ3MH\ 494 hPVEE1TVRFd01qTTNNekphRncweU9UQTVNVEV3TWpNM016SmFNRFV4RXpBUkJnTlZCQW\ 495 9NQ2sxNVFuVnphVzVsYzNNeERUQUxCZ05WQkFjTUJGTnBkR1V4RHpBTkJnTlZCQU1NQm\ 496 xSbGMzUkRRVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT2t2a1RIdT\ 497 hRbFQzRkhKMVVhSTcrV3NIT2IwVVMzU0FMdEc1d3VLUURqaWV4MDYvU2NZNVBKaWJ2Z0\ 498 hUQitGL1FUamdlbEhHeTFZS3B3Y05NY3NTeWFqUlRCRE1CSUdBMVVkRXdFQi93UUlNQV\ 499 lCQWY4Q0FRRXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1CMEdBMVVkRGdRV0JCVG9aSU16UW\ 500 RzRC9qLytnWC83Y0JKdWNIL1htakFLQmdncWhrak9QUVFEQWdOSkFEQkdBaUVBdHhRMy\ 501 tJTEdCUEl0U2g0YjlXWGhYTnVocVNQNkgrYi9MQy9mVllEalE2b0NJUURHMnVSQ0hsVn\ 502 EzeWhCNThUWE1VYnpIOCtPbGhXVXZPbFJEM1ZFcURkY1F3PT0ifX0", 503 "signatures": [{ 504 "protected": "eyJ4NWMiOlsiTUlJQmt6Q0NBVGlnQXdJQkFnSUdBV0ZCakNrWU\ 505 1Bb0dDQ3FHU000OUJBTUNNRDB4Q3pBSkJnTlZCQVlUQWtGUk1SVXdFd1lEVlFRS0RBeE\ 506 thVzVuU21sdVowTnZjbkF4RnpBVkJnTlZCQU1NRGtwcGJtZEthVzVuVkdWemRFTkJNQj\ 507 RYRFRFNE1ERXlPVEV3TlRJME1Gb1hEVEk0TURFeU9URXdOVEkwTUZvd1R6RUxNQWtHQT\ 508 FVRUJoTUNRVkV4RlRBVEJnTlZCQW9NREVwcGJtZEthVzVuUTI5eWNERXBNQ2NHQTFVRU\ 509 F3d2dTbWx1WjBwcGJtZERiM0p3SUZadmRXTm9aWElnVTJsbmJtbHVaeUJMWlhrd1dUQV\ 510 RCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTQzZiZUxBbWVxMVZ3NmlRclJzOF\ 511 IwWlcrNGIxR1d5ZG1XczJHQU1GV3diaXRmMm5JWEgzT3FIS1Z1OHMyUnZpQkdOaXZPS0\ 512 dCSEh0QmRpRkVaWnZiN294SXdFREFPQmdOVkhROEJBZjhFQkFNQ0I0QXdDZ1lJS29aSX\ 513 pqMEVBd0lEU1FBd1JnSWhBSTRQWWJ4dHNzSFAyVkh4XC90elVvUVwvU3N5ZEwzMERRSU\ 514 5FdGNOOW1DVFhQQWlFQXZJYjNvK0ZPM0JUbmNMRnNhSlpSQWtkN3pPdXNuXC9cL1pLT2\ 515 FFS2JzVkRpVT0iXSwidHlwIjoidm91Y2hlci1qd3MranNvbiIsImFsZyI6IkVTMjU2In\ 516 0", 517 "signature": "y1HLYBFlwouf42XWSKUWjeYQHnG2Q6A4bjA7hvTkB3z1dPwTUl\ 518 jPHtuN2Qex6gDxTfaSiKeoXGsOD4JWOgQJPg" 519 }] 520 } 522 Figure 6: Example Voucher Response 524 10. References 526 10.1. Normative References 528 [BRSKI] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., 529 and K. Watsen, "Bootstrapping Remote Secure Key 530 Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, 531 May 2021, <https://www.rfc-editor.org/rfc/rfc8995>. 533 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 534 Requirement Levels", BCP 14, RFC 2119, 535 DOI 10.17487/RFC2119, March 1997, 536 <https://www.rfc-editor.org/rfc/rfc2119>. 538 [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 539 Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 540 2015, <https://www.rfc-editor.org/rfc/rfc7515>. 542 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 543 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 544 May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. 546 [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 547 Interchange Format", STD 90, RFC 8259, 548 DOI 10.17487/RFC8259, December 2017, 549 <https://www.rfc-editor.org/rfc/rfc8259>. 551 [RFC8366] Watsen, K., Richardson, M., Pritikin, M., and T. Eckert, 552 "A Voucher Artifact for Bootstrapping Protocols", 553 RFC 8366, DOI 10.17487/RFC8366, May 2018, 554 <https://www.rfc-editor.org/rfc/rfc8366>. 556 [SZTP] Watsen, K., Farrer, I., and M. Abrahamsson, "Secure Zero 557 Touch Provisioning (SZTP)", RFC 8572, 558 DOI 10.17487/RFC8572, April 2019, 559 <https://www.rfc-editor.org/rfc/rfc8572>. 561 10.2. Informative References 563 [I-D.ietf-anima-brski-prm] 564 Fries, S., Werner, T., Lear, E., and M. Richardson, "BRSKI 565 with Pledge in Responder Mode (BRSKI-PRM)", Work in 566 Progress, Internet-Draft, draft-ietf-anima-brski-prm-07, 567 21 February 2023, <https://datatracker.ietf.org/doc/html/ 568 draft-ietf-anima-brski-prm-07>. 570 [I-D.ietf-anima-constrained-voucher] 571 Richardson, M., Van der Stok, P., Kampanakis, P., and E. 572 Dijk, "Constrained Bootstrapping Remote Secure Key 573 Infrastructure (BRSKI)", Work in Progress, Internet-Draft, 574 draft-ietf-anima-constrained-voucher-19, 2 January 2023, 575 <https://datatracker.ietf.org/doc/html/draft-ietf-anima- 576 constrained-voucher-19>. 578 [I-D.kuehlewind-update-tag] 579 Kühlewind, M. and S. Krishnan, "Definition of new tags for 580 relations between RFCs", Work in Progress, Internet-Draft, 581 draft-kuehlewind-update-tag-04, 12 July 2021, 582 <https://datatracker.ietf.org/doc/html/draft-kuehlewind- 583 update-tag-04>. 585 [onpath] "can an on-path attacker drop traffic?", n.d., 586 <https://mailarchive.ietf.org/arch/msg/saag/ 587 m1r9uo4xYznOcf85Eyk0Rhut598/>. 589 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 590 Housley, R., and W. Polk, "Internet X.509 Public Key 591 Infrastructure Certificate and Certificate Revocation List 592 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 593 <https://www.rfc-editor.org/rfc/rfc5280>. 595 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 596 RFC 5652, DOI 10.17487/RFC5652, September 2009, 597 <https://www.rfc-editor.org/rfc/rfc5652>. 599 [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, 600 "Handling Long Lines in Content of Internet-Drafts and 601 RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, 602 <https://www.rfc-editor.org/rfc/rfc8792>. 604 [RFC8812] Jones, M., "CBOR Object Signing and Encryption (COSE) and 605 JSON Object Signing and Encryption (JOSE) Registrations 606 for Web Authentication (WebAuthn) Algorithms", RFC 8812, 607 DOI 10.17487/RFC8812, August 2020, 608 <https://www.rfc-editor.org/rfc/rfc8812>. 610 [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object 611 Representation (CBOR)", STD 94, RFC 8949, 612 DOI 10.17487/RFC8949, December 2020, 613 <https://www.rfc-editor.org/rfc/rfc8949>. 615 Contributors 617 Toerless Eckert 618 Futurewei Technologies Inc. 619 Email: tte+ietf@cs.fau.de Please remove the "+ietf", that was an old idea that didn't work out too well. 621 Esko Dijk 622 Email: esko.dijk@iotconsultancy.nl 624 Steffen Fries 625 Siemens AG 626 Email: steffen.fries@siemens.com 628 Authors' Addresses 630 Thomas Werner 631 Siemens AG 632 Email: thomas-werner@siemens.com 634 Michael Richardson 635 Sandelman Software Works 636 Email: mcr+ietf@sandelman.ca Thank you so much. EOF
- [Anima] WGLC for draft-ietf-anima-jws-voucher-06 … Toerless Eckert
- Re: [Anima] WGLC for draft-ietf-anima-jws-voucher… Toerless Eckert