[Anima] Re: I-D Action: draft-ietf-anima-rfc8366bis-12.txt
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 08 July 2024 22:29 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF4DAC1F5883 for <anima@ietfa.amsl.com>; Mon, 8 Jul 2024 15:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPEuW4pWbuOS for <anima@ietfa.amsl.com>; Mon, 8 Jul 2024 15:29:48 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110C5C2299BD for <anima@ietf.org>; Mon, 8 Jul 2024 15:29:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D31338993 for <anima@ietf.org>; Mon, 8 Jul 2024 18:29:46 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zhhzfUcK67ZY for <anima@ietf.org>; Mon, 8 Jul 2024 18:29:46 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id B827038992 for <anima@ietf.org>; Mon, 8 Jul 2024 18:29:45 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1720477785; bh=QDYn38ctnLxOmzihArPNP3Q9CsLpeKptn0RuvsK2tlY=; h=From:To:Subject:In-Reply-To:References:Date:From; b=lnj64rbeDemDsTG6FX/aGG3MCzuTVUzklwh3prSKKxAp1D3F1STLax42tmwFbbT/4 XiwTDXGIe8Iu0SnKHW/bNcs0XFwRIw7S9nYHAY13+JEMQDZAYusp5blb9dOyG09rqf 4myXHSEQrhCMlSjNLIiipbcYQftpaCk3g9tYb+rl1IhvLH+5LDCWb0HbCmBfKMB6yV 70CnAAgVGS+8e3HATqP+FhSfWjCKZR8FJ3+ZcVIv6P52t6ssZfhtmSHaPGjKNq9smy J6BCyqiBxfA1DOn6UhD4jV/iUy+xo/EfV0il/sPqhIqSaL2lndTxPPZCYj/U8s4TAz AmOwhqwa/8wjg==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B1317322 for <anima@ietf.org>; Mon, 8 Jul 2024 18:29:45 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org
In-Reply-To: <172047704310.461285.3728066842265531644@dt-datatracker-5f88556585-j5r2h>
References: <172047704310.461285.3728066842265531644@dt-datatracker-5f88556585-j5r2h>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 08 Jul 2024 18:29:45 -0400
Message-ID: <9578.1720477785@obiwan.sandelman.ca>
Message-ID-Hash: V7CFJN63VBG46GZRTXU27TGDN5ZS2YYO
X-Message-ID-Hash: V7CFJN63VBG46GZRTXU27TGDN5ZS2YYO
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Anima] Re: I-D Action: draft-ietf-anima-rfc8366bis-12.txt
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/t9cUMJULngoAHPmGB1qG2KLwXCk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>
I have finally returned to the ~23 issues that have been open for ~1 year. I only got three issues closed today, but I'll continue working up to the meeting. So please expect a more complete -13 on July 20th. internet-drafts@ietf.org wrote: > Authors: Kent Watsen I'm considering resorting the author names to be alphabetical. > Abstract: > This document defines a strategy to securely assign a pledge to an > owner using an artifact signed, directly or indirectly, by the > pledge's manufacturer. This artifact is known as a "voucher". This probably deserves a rewrite, but it will get done last. > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-rfc8366bis-12 I have added Appendix A with CMS examples. The JWS and COSE examples are in the [jBRSKI] and [cBRSKI] documents. https://www.ietf.org/archive/id/draft-ietf-anima-rfc8366bis-12.html#name-key-pairs-associated-with-e In the appendix, there is some space taken up with the private keys and certificates. I have to double check that I've got all the right files, as the IDevID private key says "RSA", but is an EC key. There are two possible formats for private keys, the PKCS8 one and the PKCS1 one. Are there preferences? Perhaps a picture of the relationship of all the files/keys is in order. I included one key, the CA self-signed certificate expanded. ("openssl x509 -in foo -text" vs "openssl x509 -in foo " ) Do people want them all expanded? I also notice that the certificates have expired, and I'll go back to my reference code and update things. I have asked Kent for a worked example of an SZTP key. I have a CMS signed key from Thomas Werner @ Siemens which I can include as well. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Anima] I-D Action: draft-ietf-anima-rfc8366bis-1… internet-drafts
- [Anima] Re: I-D Action: draft-ietf-anima-rfc8366b… Michael Richardson
- [Anima] Re: I-D Action: draft-ietf-anima-rfc8366b… Esko Dijk