IETF Logo Mail Archive

[pkix] Question about RFC 7030 - Enrollment over Secure Transport

Reilly James <james.reilly@kone.com> Fri, 22 May 2020 10:55 UTC

Return-Path: <james.reilly@kone.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F833A0AF5 for <pkix@ietfa.amsl.com>; Fri, 22 May 2020 03:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kone.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8d7eXD-fVrwg for <pkix@ietfa.amsl.com>; Fri, 22 May 2020 03:55:11 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2102.outbound.protection.outlook.com [40.107.20.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C2593A0AF3 for <pkix@ietf.org>; Fri, 22 May 2020 03:55:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SB3sk/4XT2uTkGViHdKHMFGa+n9nMX0ks1XDujbQUfLEbvQ09EMLeQrxjk8qOaphvxa1DIK/o1dBwp+BYAB8ZZ9i/yn35vJg6tCTc/KmRMgbyg8WW3dq7+pN2Q90YwMnd6wDVYlGEUCP0t6frMSAgtU+jf8I4RBSPnfDdpWU4cYcfhMRJQlk3pj4rrCn86NjiPjB9NdWkhqbTImVXaGHdQO8bFo8C8UXx00xC0bScWJ7++cdOiAcQdq6OPYtjHIGSJvpLLb12vimY9ayuIt0gEkXNIeqgwlkXp/KT/UXbmC71JU0JOljnZdvc/JxqgwQP9A1fOYohtxCpdMvJhTn8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gmfjQ5T0AvICdIP3d4UFrVjzkwb2RoWFo5PMM06fOo4=; b=Rp338HLR1GUNrVPmROyD0bd2PIFMqa4Bcu76AFeNNL/gzKQhYXRIq6xhazTp4+BXHpMtyn+FyRZx9fDJp1waz/tj7LMME0IMxZmmGBlhyf6vmFz1DleV4Kb7wu09fZDZUF4G4AvniQRuZfchJc2GXgObVx0nvy71O3x2aod0COvQ/d9xrrxrpPZMXgk2i3e+QFQWMpplkC8YCwkidEGvzONCzAUKM/BV8d3UV3ooFOvWTbfMZia/E/jzC12ewhjMSDia5MbMWWY2CKEzM8+sx1Iy5Y1pR4fFxfr9gA4wnRdTZQrguyYXw3PrEpSVLWjHJFnute+ZoZrZ/+V8bIIiBA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kone.com; dmarc=pass action=none header.from=kone.com; dkim=pass header.d=kone.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kone.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gmfjQ5T0AvICdIP3d4UFrVjzkwb2RoWFo5PMM06fOo4=; b=RKUlS1A4vqRM3UkVu3czhDsDeLFudzOc3D3/++A11wgufwAIin5h09xBOzDJr4MM0u1J75rq3HXxM0beOKYdzGxvDGZ66ep0YeloJdKDNNcFpOIWsTnMivY0mnihqH3hJT+nUUvc40qdKlLt5sSbEeUoHwivSehuge0paQnUNo4=
Received: from AM6PR07MB5493.eurprd07.prod.outlook.com (2603:10a6:20b:86::22) by AM6PR07MB5432.eurprd07.prod.outlook.com (2603:10a6:20b:8f::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.9; Fri, 22 May 2020 10:55:08 +0000
Received: from AM6PR07MB5493.eurprd07.prod.outlook.com ([fe80::5009:eadf:67bb:a130]) by AM6PR07MB5493.eurprd07.prod.outlook.com ([fe80::5009:eadf:67bb:a130%4]) with mapi id 15.20.3021.019; Fri, 22 May 2020 10:55:08 +0000
From: Reilly James <james.reilly@kone.com>
To: "pkix@ietf.org" <pkix@ietf.org>
Thread-Topic: Question about RFC 7030 - Enrollment over Secure Transport
Thread-Index: AdYwJ3Ts9+DsbQVQS4+mKlif4+ckrQ==
Date: Fri, 22 May 2020 10:55:08 +0000
Message-ID: <AM6PR07MB5493360C958292A80FB88E53E3B40@AM6PR07MB5493.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=kone.com;
x-originating-ip: [85.156.182.228]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 110b5cb0-6190-4c1c-d1a6-08d7fe3e9808
x-ms-traffictypediagnostic: AM6PR07MB5432:
x-microsoft-antispam-prvs: <AM6PR07MB54322E95BE6C3037E9EFC8FFE3B40@AM6PR07MB5432.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 04111BAC64
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: MoPyQIqPejhP67iat+HTcc1wDh18RdlYK3PrH5AC7xgxehg/dKTNOD2MWgeGEjcjYSdEGygHGagwDHDRRGiJXQYRIW6vXGTkgktZDwAtN9Rd6uFyuYEgVfISzK1QArXk4N4dAJ74d29qBGO1smNMs3aygWcHknd7dI5lQOsJ1fCiCMNLNq3tDCSG1hOtK4/ugNHJGbbiUoWCc1UK4Hhdf5Ij10JO0HLeLSF+Yof4RHHZDImy9yNTMk+E7iPQxRhUgkNP9/HQCI3eqUT5SEYq2Zk0Y1FaK/YeBv9pHHRhuRIF1Bp0QZVWPlEehcCM5gM5maJUXBjKDbYAmz6foWN+qg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB5493.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(366004)(376002)(396003)(346002)(5660300002)(86362001)(6506007)(478600001)(8676002)(8936002)(26005)(33656002)(186003)(55016002)(9686003)(6916009)(2906002)(316002)(52536014)(7696005)(66476007)(66946007)(64756008)(66446008)(66556008)(4744005)(76116006)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: PyIK53Ha7KV5b3R1ElvTuOKMoIqTOjZL74L/TBmLoKLx12W0xCzTcUYS5D2feQBzHgjFS1BrVCqbQE4y2TriNGrwvAZxBgFMwwcgw6qvMOFwK6xUoEr906HLRTBW224HsBI/cNXZzVE0SvnM59Y2C6/J5j4MIdYU79chLeP02EA93lm4/edEDk9spmSz7G6+7Y1z1+PohfVhDnG4jF0/aAL9tT1UV92+aYsJHPlinRxPhC+R4R3yjhMm5E3vs0ynV2gBSrIms918DkbMgycueAkedQ73YOixlgJOE4DeFNt6KEvIHdZgYUtvqtaWlB/6d4m1EEIORs3v2IoWnel+RzSaFjltahpShtr3SqFUJFuG76StGpWMASa3yu0bXDeeiMhdK/qjyvDd3LI2NL2pvZ2NaMQ1dEDYQEapdJD0D/X6CVAURQOs3jHSfrXGt4M8CIge+SQ4zpB5DaSvgFKjKgCfWl9ZEtbhVVNWtWnphn9OVchiH14BVaucmquOvQal
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR07MB5493360C958292A80FB88E53E3B40AM6PR07MB5493eurp_"
MIME-Version: 1.0
X-OriginatorOrg: kone.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 110b5cb0-6190-4c1c-d1a6-08d7fe3e9808
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2020 10:55:08.7887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2bb82c64-2eb1-43f7-8862-fdc1d2333b50
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vKuXlLXINM6J8RMb6dYismf92uRjLcKND17Zm9dlGPYTVXaVMK9zNMux1pRnUfm4mff9/vREJFwVm3qFHeFIdg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5432
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/KZXJqYF9TxmNP2sNoyIEuhRWACk>
X-Mailman-Approved-At: Sun, 31 May 2020 22:21:36 -0700
Subject: [pkix] Question about RFC 7030 - Enrollment over Secure Transport
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 11:13:37 -0000

Hello

We are looking at RFC 7030 - Enrollment over Secure Transport.

Is there a reason or thought process in section '4.1.3 CA Certificates Response'

   'The EST server SHOULD include the three "Root CA Key Update"
   certificates OldWithOld, OldWithNew, and NewWithOld in the response
   chain.  These are defined in Section 4.4 of CMP [RFC4210].'

why SHOULD rather than example MUST was used in the specification by the authors?

James

v2.23.0 | Report a Bug | By Email