[pkix] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 24 April 2020 07:24 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E4F3A0E08; Fri, 24 Apr 2020 00:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01gc1RqSRo57; Fri, 24 Apr 2020 00:24:23 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80045.outbound.protection.outlook.com [40.107.8.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5060B3A0E06; Fri, 24 Apr 2020 00:24:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BKyGnUtbqFZPDf2E5FakhCSK8lkPZa27xyxEJRrkoZT46Xv3udW3v8Xy572BclGNb/JV155VJO7d7gDd+QcA1dDO8N9aEPK+QV+96jKdgDnJYujkjQJuRN6CASnEgHqe4xRjXzfNkDq1tbNpFeIVbz7unlRp4a0cBFuEapaAhrlPxxh3LyzMhk/1pqJB9aWs31E52G5o1fsns88pe3NIIdvroEzz0ThEhE588hlLaMS7MV62noPJFJWutBAfShJaVIMaqPq64pI6dCHPMCy+BePnH/X1YRhAsq9r17rXOqiFH5Xgo64vQCSRHU4nl70+2YwwVcX1I0ynUUoZmJR42A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dm/uqOTEBzc+Z6eS+DHlAjhlKLyA4233V43d26da9/k=; b=jy1YGPVBpQe5QguWIGryF+6YvREp/oppLnSirHKQrUDAh9pS8lZ8hsQqpvdMqfGf6/boeisun+FizSma5smzh7cFNQhPG7d1Uv6aDwv2+H8eWi/MLj4w09ztWXU//dGNeeQSlwQwHL2Dq+LX7bwkxcEIv0xydZqMvmMJLSSq2stkqChYtPsPBGH61ix+IBLDgVj2nhw/6+9p0vy3e7HJ07I1zoE+FMcI9lk+KNSuWOCducyg8qeZ9AvMchwpwm1WPJzFdUNTnsGZK1ZM9cnw0Nd+w5T3hzOIAtbmtTgjLBZqHO8wXg88Y820QxspKBJZ3MozWKuHBZskATkQMp1v9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dm/uqOTEBzc+Z6eS+DHlAjhlKLyA4233V43d26da9/k=; b=Z+fbQxM8min2wfFYITPE/ENfopEMhcwiLFHG++q/b9JyEJye3LMbK4P6veznXyEF4kdUPG8IghXWcI7UBcnTDxQGIZxBk8tdKdZlSapxmp39H1x7h3pDpi+Hxd5KEMgo/IOM5WzCIHOy6p5Daom6t8cT4ALGMIrdvWTVfiycOAY=
Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB2147.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:d7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Fri, 24 Apr 2020 07:24:21 +0000
Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2921.030; Fri, 24 Apr 2020 07:24:21 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: LAMPS WG <spasm@ietf.org>, "pkix@ietf.org" <pkix@ietf.org>
Thread-Topic: draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4
Thread-Index: AdYaCB2PEbEcCf1RR1Sfxy7I94Cd0w==
Date: Fri, 24 Apr 2020 07:24:20 +0000
Message-ID: <AM0PR10MB2402704929935043797A8F08FED00@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com;
x-originating-ip: [165.225.200.174]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 2ec18448-5589-4eab-2da8-08d7e82081cd
x-ms-traffictypediagnostic: AM0PR10MB2147:|AM0PR10MB2147:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB21475E4A97C2D7B4798B1B66FED00@AM0PR10MB2147.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 03838E948C
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(39860400002)(366004)(396003)(136003)(55016002)(26005)(9686003)(186003)(478600001)(2906002)(4326008)(450100002)(8936002)(71200400001)(52536014)(110136005)(64756008)(66476007)(66946007)(5660300002)(66446008)(76116006)(316002)(55236004)(107886003)(81156014)(86362001)(4744005)(8676002)(7696005)(6506007)(66556008)(33656002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u0m3I8Mbt/qXFz8rOa9UgVBDdIlv4OLD1edpZqLXhCfyUsfxDT9/9XvSFsrdD+S1/Zc6lEOeDLYgh2KJU1o+ElcNqmsZX+/3RvH56ZBnUHB9EPDUbDeT+F5lbzHAj4j+Csgp8flKrYU9N/zF982NSQocbLRCTsVDN4h4Vw5tIMtbS+P4Dv7ZT+g/i7aXQ/B50C2tSQpj1ByvdyKURUIOON7GA7vKrGX2W5OYQ1rl4GmQYwrGzO6oAIYHZOhlGSYt0DhwOGwHegGFt5HU/2fPqNmLqKssjgpC8RChxKCwZG7BdjfpJUMcw/ybMpuAXyAngGBwx+zTzc4ZdGwNbSfp9cWGXVxOT70+y++wZAwkorHfcXB3pvXG2TlWsqSqWw3o2zruG5l7aYkHyLzBAFUr4oyDvWNmVZ2uo8f8usirIhlHH6iczhelhzGGR30AXSWp
x-ms-exchange-antispam-messagedata: sWESZq8hB/jyVBDJY4dCExTMEeqCqc7y668K/fQt8kZw4h1yfze3Q7r90bBSst1c9BKZeUrrPom9ml/F2ispT70RfxtHBMGPVqxSbgE1hXQYZ+L6qPDzxbetGdy6xJuSiIIXUPdDYqB0qk5wUt0mYWxJbDg+BD1DW8DxfUop+0SV1KBaZuS79ji0l8U2pBVt4ZW8p3I2BhIzBlpojOFIekfifIq9bh0XQyUz+wDCk2ydxlyq4IYIQAyEXW4bKGwr5fTc8Orjk1mJC0D2KpzN9BHtMpB6NMJKiS9kHETK3IiP2ND6LiA7AUTPbygmlGbVIK6v3UAWXQAWG2RDul6i3sgc6ha0OTw3aGE+DBzQMzZhuytSqOkLc3QYHz7v2U4TLTmn+1hMUhwfqa57f40dBn6z9m5n4MPKy9w3uTGB7mcNhJGI9O629c2/FMX5HWpfu9iT9coaPOVdGER6OfIGZ5uqUVEwCToMBMIlfIaqspKxqYUuHRJivgDyzm8/TLahfP9Lzq49RaR5OQYNVg+rtF8m/m0x9Um/qoMobe4sVso4vhysAyUHzpLOPvBIGyd76HfgfHdqx5JuLDYsl+Uuk4cdH/zLUXAKJLwhnARBTJ9qM6ETVXplfd4ycHCTkI45CNR9dkl51x3JU5BTDIl5bwE8rGHl/XQquKDKMZU5SpP+3f0GIcDdEXg5F3sihRyZtcDCALzmEx3GMawwTiSJ9mgmgb6GwQxHrLEV6+hKO1xSWO171kWSnPsuGWG3P44r58JokYcSx1AigGisGzsrr8/zQ8aq2R2Ku77RCrUhCOy+23iX08Afwifc8WR1FG+Z
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2ec18448-5589-4eab-2da8-08d7e82081cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 07:24:20.8840 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xIFTpUwKsFfdCJJuADY9HtCfbJPB/QEc8Oq94QC9VRP31y++FdqGYiwqDIv0wsJKf0tcuBzoKUbm8BveE/zmfGm2sErr7FEZZ2MbZ9GSP1c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2147
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/hjAyFaJVaZRyD_xyRnVMzMqm-u0>
Subject: [pkix] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 07:24:26 -0000

In section 5.4.4 a general message is specified to request requirements for an upcoming certificate request by the end entity from a PKI management component.
During IETF107's LAMPS meeting the rsaKeyLen parameter as discussed. Currently the rsaKeyLen field is specified as a single INTEGER. The question was, if a SEQUENCE OF INTEGER should be specified instead to offer a set of allowed RSA key length values.
During the meeting no one was in favor of this change and I would also tend to stick to the single INTEGER, as the certTemplate also offers only single values for the different attributes and extensions.

Is there anyone voting against specifying rsaKeyLen as single INTEGER?

-- Hendrik