Re: [core] MULTIPART-CT: Nested multiparts

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 23 July 2019 23:31 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3071512096F for <core@ietfa.amsl.com>; Tue, 23 Jul 2019 16:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dh9t1B8h-ZST for <core@ietfa.amsl.com>; Tue, 23 Jul 2019 16:31:48 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 458821201B5 for <core@ietf.org>; Tue, 23 Jul 2019 16:31:47 -0700 (PDT)
Received: from dooku.sandelman.ca (dhcp-8960.meeting.ietf.org [31.133.137.96]) by relay.sandelman.ca (Postfix) with ESMTPS id C93FF1F44B; Tue, 23 Jul 2019 23:31:46 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 5E57D1BBF; Tue, 23 Jul 2019 19:32:09 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: consultancy@vanderstok.org, Christer Holmberg <christer.holmberg@ericsson.com>, core@ietf.org
In-reply-to: <4ec617e4c7c5c399850494ede141c0f6@bbhmail.nl>
References: <2A1536C9-17DC-43F4-A3EA-F471B92D8ECC@ericsson.com> <01f701d54181$7d5a8a90$780f9fb0$@augustcellars.com> <HE1PR07MB3161947FEC4D90C879863B2893C70@HE1PR07MB3161.eurprd07.prod.outlook.com> <4ec617e4c7c5c399850494ede141c0f6@bbhmail.nl>
Comments: In-reply-to Peter van der Stok <stokcons@bbhmail.nl> message dated "Tue, 23 Jul 2019 14:31:26 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 23 Jul 2019 19:32:09 -0400
Message-ID: <4643.1563924729@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/k02e38oNtcMUVC7HAHf-_BeEW_E>
Subject: Re: [core] MULTIPART-CT: Nested multiparts
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 23:31:50 -0000

Peter van der Stok <stokcons@bbhmail.nl> wrote:
    > actually, in the anima-join-proxy draft embedded multipart-ct will happen

You mentioned that, and maybe you are thinking about the returned voucher.

But the multipart that I have in the constrained voucher document is
HTTPS/MIME multipart from MASA->JRC.  It's not CoAP there, it's HTTPS.   It
contains a PKIX certificate and a constrained voucher.

It's multipart rather than putting the validation chain in the unprotected
COSE bucket, so that the Registar can use the certificate, but otherwise
strip that off so that the large certificate chain can be passed back to the
pledge.

We have discussed the question of whether we need to return the certificate
chain to the pledge (which should have the entire certificate chain built in
to firmware) or not.  I supposed we could use multipart again there... but
let's discuss. 

-- 
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-