IETF Logo Mail Archive

Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 12 November 2014 08:49 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5DD1A88BF for <pkix@ietfa.amsl.com>; Wed, 12 Nov 2014 00:49:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.794
X-Spam-Level:
X-Spam-Status: No, score=-4.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycUzbJNq8P2W for <pkix@ietfa.amsl.com>; Wed, 12 Nov 2014 00:49:23 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77A031A8913 for <pkix@ietf.org>; Wed, 12 Nov 2014 00:49:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1415782164; x=1447318164; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=Prv+gyQT4Lt7A0dW1GRY3LwuAGhGtlKBo9J/+UMPyNY=; b=aU053WQGlzWkhEtZLgfawoh10qYIcuf/ArkoXu5n9pn2Bo6aHmfPP83q YrcN9rWDmhVbrY+1Z2ivhCgcEW2xv9YOqAh0uPCHC27qzoa29tZHIGg1D adiAJ4eLE6OOZ2YwLzRI4kDXapI1TSqtfVGmuZkwmC6d2vZ9GjxFi94KN w=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="290631625"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 12 Nov 2014 21:49:20 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.15]) by uxchange10-fe3.UoA.auckland.ac.nz ([130.216.4.125]) with mapi id 14.03.0174.001; Wed, 12 Nov 2014 21:49:19 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] Simple Certificate Enrollment Protocol (SCEP)
Thread-Index: Ac/+VYvk9G7sYxBDQjmfJG8dWqDf1Q==
Date: Wed, 12 Nov 2014 08:49:19 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9E6654@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/FK8G0hWNNa_hRM53e8O_dZOAORo
Subject: Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 08:49:28 -0000

"Max Pritikin (pritikin)" <pritikin@cisco.com> writes:

>A question: How is updating "half a billion SCEP devices” to a new version of
>SCEP any different than updating them to EST or similar?

It's not a new version of SCEP (many implementations that I've done interop
with already do AES, for example, even though the spec doesn't mention it),
it's clarifying existing practice, noting possible problem areas (renewal is a
big one, see the discussion on the JSCEP list a while back), etc.  For most
existing implementations it'll mean no change, for future updates it's an
option to choose more-likely-to-work option X instead of Y.

Peter.

v2.23.0 | Report a Bug | By Email