Return-Path: X-Original-To: anima@ietfa.amsl.com Delivered-To: anima@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF4DAC1F5883 for ; Mon, 8 Jul 2024 15:29:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.106 X-Spam-Level: X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPEuW4pWbuOS for ; Mon, 8 Jul 2024 15:29:48 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110C5C2299BD for ; Mon, 8 Jul 2024 15:29:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D31338993 for ; Mon, 8 Jul 2024 18:29:46 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zhhzfUcK67ZY for ; Mon, 8 Jul 2024 18:29:46 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id B827038992 for ; Mon, 8 Jul 2024 18:29:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1720477785; bh=QDYn38ctnLxOmzihArPNP3Q9CsLpeKptn0RuvsK2tlY=; h=From:To:Subject:In-Reply-To:References:Date:From; b=lnj64rbeDemDsTG6FX/aGG3MCzuTVUzklwh3prSKKxAp1D3F1STLax42tmwFbbT/4 XiwTDXGIe8Iu0SnKHW/bNcs0XFwRIw7S9nYHAY13+JEMQDZAYusp5blb9dOyG09rqf 4myXHSEQrhCMlSjNLIiipbcYQftpaCk3g9tYb+rl1IhvLH+5LDCWb0HbCmBfKMB6yV 70CnAAgVGS+8e3HATqP+FhSfWjCKZR8FJ3+ZcVIv6P52t6ssZfhtmSHaPGjKNq9smy J6BCyqiBxfA1DOn6UhD4jV/iUy+xo/EfV0il/sPqhIqSaL2lndTxPPZCYj/U8s4TAz AmOwhqwa/8wjg== Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B1317322 for ; Mon, 8 Jul 2024 18:29:45 -0400 (EDT) From: Michael Richardson To: anima@ietf.org In-Reply-To: <172047704310.461285.3728066842265531644@dt-datatracker-5f88556585-j5r2h> References: <172047704310.461285.3728066842265531644@dt-datatracker-5f88556585-j5r2h> X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Message-ID-Hash: V7CFJN63VBG46GZRTXU27TGDN5ZS2YYO X-Message-ID-Hash: V7CFJN63VBG46GZRTXU27TGDN5ZS2YYO X-MailFrom: mcr+ietf@sandelman.ca X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9rc4 Precedence: list Subject: =?utf-8?q?=5BAnima=5D_Re=3A_I-D_Action=3A_draft-ietf-anima-rfc8366bis-12=2Et?= =?utf-8?q?xt?= List-Id: Autonomic Networking Integrated Model and Approach Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I have finally returned to the ~23 issues that have been open for ~1 year. I only got three issues closed today, but I'll continue working up to the m= eeting. So please expect a more complete -13 on July 20th. internet-drafts@ietf.org wrote: > Authors: Kent Watsen I'm considering resorting the author names to be alphabetical. > Abstract: > This document defines a strategy to securely assign a pledge to an > owner using an artifact signed, directly or indirectly, by the > pledge's manufacturer. This artifact is known as a "voucher". This probably deserves a rewrite, but it will get done last. > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-anima-rfc8366b= is-12 I have added Appendix A with CMS examples. The JWS and COSE examples are in the [jBRSKI] and [cBRSKI] documents. https://www.ietf.org/archive/id/draft-ietf-anima-rfc8366bis-12.html#name-ke= y-pairs-associated-with-e In the appendix, there is some space taken up with the private keys and certificates. I have to double check that I've got all the right files, as the IDevID private key says "RSA", but is an EC key. There are two possible formats for private keys, the PKCS8 one and the PKCS1 one. Are there preferences? Perhaps a picture of the relationship of all the files/keys is in order. I included one key, the CA self-signed certificate expanded. ("openssl x509 -in foo -text" vs "openssl x509 -in foo " ) Do people want them all expanded? I also notice that the certificates have expired, and I'll go back to my reference code and update things. I have asked Kent for a worked example of an SZTP key. I have a CMS signed key from Thomas Werner @ Siemens which I can include as well. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFJBAEBCgA0FiEEbsyLEzg/qUTA43uogItw+93Q3WUFAmaMaFkWHG1jcitpZXRm QHNhbmRlbG1hbi5jYQAKCRCAi3D73dDdZS39B/dhfsQhalbPNOmDIpEPFGN2HmNh W2U11zQjgHXR3DEZmqkw5NDzsFB3VkTLQDLJyY7zRQcSCLKhFJ44Bpd+e2yYy5I1 JB7V7H18cQsVbJ2vQOgBg+gdi+qFFkPKxuLqPTER66hG1va36PrSgruCOy72mf4k 8a4fBjs2DAz2LTWXv0I8197PmK0cIRTrGwtbYCvL/4jb2IJFaUBMwr5BqR+0dN1O 32+lDoCkJcBw3jqOyTy9Bi7Zs4rrUnihBYliTRC1L+ZPuIJsCkIWq5o2o22XviHR 0CP44Jg4XykqDN5jQtTU4u+r9NLKJbJ261UL/+B6uSX2xHdFyVqSJT7Jk5U= =ngUU -----END PGP SIGNATURE----- --=-=-=--