IETF Logo Mail Archive

[Rats] Nonce-based freshness for CMP/EST

hannes.tschofenig@gmx.net Sun, 03 March 2024 12:23 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F759C151549 for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 04:23:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vd3zkXe7vc15 for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 04:23:44 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AA48C14F602 for <rats@ietf.org>; Sun, 3 Mar 2024 04:23:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1709468618; x=1710073418; i=hannes.tschofenig@gmx.net; bh=GF683Oa1eOGn23GuIcm9qep/rAqgHEpxzIRUoqeBfys=; h=X-UI-Sender-Class:From:To:Subject:Date; b=lIMnoSqW+P09kohnJkE+3JfLms7oaOCODtl8h2a0MoVTSfSitUIM/KOPKcfuwWvx nmE2feQVv/KzxH1oj7/APy7/KxADMDQ4eAU0qHgfo8srhjGBsoO3pXlNr6sQ2hcFZ s57PzEBR/Uh51KIdkD/AdlJ7x9pzjQWcPB+8suz/VCzXib5evmqsNEmUiH/43GvuS 6ExYK2RwYlrHvk4IjVPvJ2ZOTl8kONLL2v4ZojaePaUcFacQkdJReOEwCmJmLIZuy Dd6nSq7cHlIS+Snb2q22uWBJGb98fBvPR/Wx3AgjKd+1Twaq7KOZno7nfF+fZSoej TtorD08b2J5IeYagfQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([213.162.73.184]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mnpns-1r615v3p8M-00pNHa for <rats@ietf.org>; Sun, 03 Mar 2024 13:23:38 +0100
From: hannes.tschofenig@gmx.net
To: 'rats' <rats@ietf.org>
Date: Sun, 03 Mar 2024 13:23:36 +0100
Message-ID: <023701da6d65$9e9c0340$dbd409c0$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0238_01DA6D6E.00606B40"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdptZIPbX6wkdfrRShCVY+EluN0X0w==
Content-Language: de-at
X-Provags-ID: V03:K1:1brE1+rz3Ys705u6t5j52+RBn2CZfR6qGsH9lR+7aWHxzmTKjEa CFnOm0WDVwDvoltd0nbLKydc5PLbkGXJe2xx7FwV1cNZNkrADNm00T7NxtCROVi1hPFQjxK au3fbEDNymemOnj273E307oW5XjsBotPIJvSoQOoCvmpfVcRK/K5WbEUOJJ2iVpBG8pku6G sBgFeUp5+qBZXMQOpuJdw==
UI-OutboundReport: notjunk:1;M01:P0:aX1/t4uzADI=;k4bUCUzAGRGrBoJxIHFrhBMPImk V9gEAEjuSfUGTK/KsCWR3VohUUXy6KynZLbb0mzLN4P4Nv28jV/Y2izyfzJj3QXiUTLSxa0d1 yy3T9RQbRrjHs8XDRYPd6PRrAFR1BbNNGlzHGnpL0Hg0xt2vzr1RkuRQdT6ij9oVorrFUGTSW HnRhiJIqFr3ZN3FnFPWl+FZuQFYXeJgvwRUUPkN7Ej0dVAWZATCwBLULxylZY7xFYyycntFCL jRBvURqbQuJndm+aPRREvBtX7GINXdyYNCDwfrppAPWGsmuc1ZEFVj50AnAk9CgypI1j1NKJq AidU4xJWqVSeFEeeI/7LecdG9Z7Az1BNAYYHPUw2KdQ8v6z3W/VPnrioJhuWKVFsVyr2BiMiV 3NeRjER9tudPa8rke33oaBYXLgm1BjIbAEO3xt56xgHfzheeAiTdLipLV6Ld5CBE0Quh39wbr ikH2oo5obpM34t6iViaBIgE3cxoqOYiefLMb0q+ONUb40BLwwF6zUqzLGHKpfO9YkjvBRKN9R Fa9fC1pFjEBgB7u4LHo9oVTQLiXX+Gv6fvLE5LOGtxo9+TQy1z4I+dAarqep0XfGzU6kxfogq VopFqblh9aS49k3L3sFMGd/MsXf5g04W9wDmrugX+Vn+0p+QjhMRczfKM62XFRmKtJga7XN7H 5kbxShEm/5tVvMTIr+z5I3P3P5WaZ6+y/eAukfpmycrOvFMCs307ve5ernNkRza68URXJh4do 1qVHl1g7UG2NCFHuqCROWB1bBhqMGXOqR1ntmzu6utU1ZB4ZJQnJnDM6EreAQmbFJ7AGgrf2K nPckCdZ1RgoVx/QM3+ET1+7vq7Zyf5FBfBZzb8iXisi0E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dJ7g_LKLZs3M02efbGpywm8Fy8A>
Subject: [Rats] Nonce-based freshness for CMP/EST
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 12:23:45 -0000

Hi all,

 

I have just submitted a new version of the draft that describes how to add nonce-based freshness for certificate management protocols like CMP/EST. The solution relies on the CSR attestation specification.

 

Here is the updated draft:

https://datatracker.ietf.org/doc/draft-tschofenig-lamps-nonce-cmp-est/

 

As the recent mailing list exchanges have shown, there is room for more discussion about this freshness topic. FWIW I have requested an agenda slot in the LAMPS group.

 

Ciao

Hannes

v2.23.0 | Report a Bug | By Email