IETF Logo Mail Archive

Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-19.txt

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Wed, 11 January 2023 16:23 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6918C159A24 for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 08:23:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yF2wghYczAzP for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 08:23:26 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2079.outbound.protection.outlook.com [40.107.6.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDDD1C152705 for <spasm@ietf.org>; Wed, 11 Jan 2023 08:23:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E+mpweehkNQdSVPipzo31GW+p6sM1z9uyOTD1fFVQrrw8pT8GP7Gva4WKe8Eb3K1UUBVyzekFD0sIyRFy0egkKSuSyTXqrcM+tE4bLth9oDznZL32A27Gbitwq61ofC7MJtZzeiQRHu0kjc8MbYzVJkFD+xhRzBAPEgi4V7T1X+jz30vlhqikiHOOkWoYxZ0JdLK/i/U/7aAlxp8a18fFnO3hpEb1CNfl0HoDni0osDaWTE6m6GaQkpN7wC4RmFnvjJDvBVM131UT/RuSIU4fG9nVD9IqbDrVoa05Enjy+y6tuWK3J0P5ETgtatcPQEuImF1vm4zxxFsHHxusYbc9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YCiVXXEyW07SUYGpd2TXF4WO3UxeoW93rKLWC4F5snM=; b=iR/MW5Mwq8AlCwl/5MkyFVzl5PKFpnpJGCU+gm0CjIU1P8WE43eHMPwYgK5u9uLYGWccpkiNZpyQHdiIyhw5BxEUcUbI9K2hbNKxURZ/4yXQfGXj7z0PmEFO4WcsW0hQilqUgU11/cClrM4GvfY+9KXmPPxn2ba1n/LbhsfHskhvHOI9rlnsLl3SJW4dwDpGon5HGbu4Bp+70k13oC9EQSLrVjB5iL6D2TDXQe58gPgh8f9RQ0e7h34st2LenahiseXq0Dih2JR94yeam4a/MNiYq7pcP2JmCvOuz9DtdpIOUY+q5gphsmT/2yYv0Cupgb71vBPPQ6TN6ai+bIk4mg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YCiVXXEyW07SUYGpd2TXF4WO3UxeoW93rKLWC4F5snM=; b=KFXQO0c4varwcucE6EQQCVVLcRDcPB8t7aODo69j4XdYWCI3OmKXlC4QLx4AKqaDGkE485dJZWwKDHFqTX7/rZfT0MkCCErjoy+iB2LAw+lKw4Wg4ZpKuwz2saJKC+/Uu0840DXpXaIBE3QGFX5V2GOlpXB1mpmvV8a2u0wO1OrQ8S+4O6+8ClcLolNRBbsFmvgaCCfzQHcqmnTTXTD9AFtKEAviRMXecdDa3fkn0JqoIEl5aymE34Mitv3KnMncGXIqon7ovjgmovetcc4qoSKsuGSCybJvanIFwEbXqdhxJ8ajbP1odxvVJUeNuDuqDUM0Dq1SbWudI1sUvJU7QQ==
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:7d::8) by AM0PR10MB3297.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:182::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Wed, 11 Jan 2023 16:23:23 +0000
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b]) by GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b%6]) with mapi id 15.20.5986.018; Wed, 11 Jan 2023 16:23:23 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
CC: "von Oheimb, David" <david.von.oheimb@siemens.com>, "Fries, Steffen" <steffen.fries@siemens.com>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-19.txt
Thread-Index: AQHZJdiq/+66vMMHdUOhi620pRhfCq6ZZd3g
Date: Wed, 11 Jan 2023 16:23:23 +0000
Message-ID: <GV2PR10MB62107A12E3716B025035472CFEFC9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
References: <167345404236.15272.17793921593759025933@ietfa.amsl.com>
In-Reply-To: <167345404236.15272.17793921593759025933@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2023-01-11T16:23:19Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=fe7771b3-2ea7-4265-a88c-7b25722bbe7e; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV2PR10MB6210:EE_|AM0PR10MB3297:EE_
x-ms-office365-filtering-correlation-id: a0f82cf2-5327-4f9b-4242-08daf3f02936
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QB6NtjXzmp3+iMl/ll/snr5ViH8bIlGIH41iLc89wESHoDJESuC0tNCFmfhwdMJWZvL+8n3eP23j1vrbKSBHG6AHMznV94NhmXe5N2SZZ2RXwj0TI8nIPP2rUnMYWMxgJi/vV5O+W84AtuPA7w+eJAg88Z4EE4vrQAemlNb8vyOcFe45OPCU5j36QMVz4RBBAhK/iAyRkTtKkTJMcpFVLmkJyoWKE5gX7hB9CMYyM4J4AALJyxucBjj/iNItLftLPy6RuiOErQrMZIp4/YORr8tOOMQkLvE7Qy5VL6nMbY+OM76T4g01ykidczaGmBsRAwjU5zezC8E23mOQQvg5xUGzeI1RZCcGx5Ub2Vn77MJJirKhlMJFov0u/RUTYQZptIXD9jPwuQOvdYrzqjTcubVwBvvtC2+QrBkn0IMHYr72TSzUSbnNfkK0RoGu464Bf6xKAvQE4p3NqC27udF23ctS8mRxHvSqVu2ivrnZAKNf0bXrkzUPJXPclOutXUEv/fdkvdkqho4gd8sZ9h7orbfqnE/Qzoh2Sz/7/J9eP53tPWMNpH78YEvEUK9DLT/kbwNRu4MRm8xQUTHWytSCph5MfOkIVVxW7z8yISBQVd0Y5KvMK1Quk9Yg5tnrAQeG5OTrvXC8oqot6bjT4YmOFcmZSBRAgg9RtJFu2YZK4a6/JuZbb/4COrEokkGvCGSNbHCLNuHmAbIuu48YZz0Kd9vu108HvYk4YmzcYvu38CiLYLU5i8hXF5Eqd9a0xHTkmG6YZfauFiz+nWOB9unUOA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(376002)(39860400002)(396003)(136003)(346002)(451199015)(8936002)(2906002)(52536014)(5660300002)(316002)(41300700001)(8676002)(4326008)(478600001)(66556008)(6916009)(54906003)(64756008)(66476007)(76116006)(66446008)(66946007)(45080400002)(71200400001)(966005)(26005)(107886003)(6506007)(33656002)(55016003)(66574015)(7696005)(83380400001)(9686003)(122000001)(38100700002)(86362001)(82960400001)(186003)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VrfHcxHu67G0eYe6UJ6yYegyRo+wuXcbvPKC7lyxzNqsdw7cF1kuvaoSGMJcsiKauvwW83Tl5JqYig9rB7AgWQ1nmTyXcXZgrM8boUOITdpw4sbCusKGUAuJ+Vu52kw/igBo2Mi1lG8E+SkIlalXLQwKXLfsLJncIMiOYiTorTDplofiwZLmG23y5znTFTtrQl2Tban3kK8AgIoiwXDnGJYFj4sNZC/QhD1u1nawpZoRSqgtMKKy9yLli8+3bGLt/x+Y3ItuOB8HyypmCf+HJ+XlUJmvsFLcWXp3NMFlzAMDIEcumPEBp5LENRLZHwUZujFUPbrwaNaQwO0/ebqE4eJif5d3kaguu0yoG1kWv80xTdBpDYZwUukvb8jW/ir7yOJBaaGJfj7a6SZ/NdTo/aFli178jkaD1DOwutaZzi+ftYCtHHybzhtIwaY5Gfl0KVozgZ7WHYaDd4JX2iUz/NxgfDJGbpyfBlIMmx+niLJKjVUdD7zd8/uO+nyBO7wdbjdXjo+MyCjD/NEKkpyEohtios899FIt53SKmr5Sj6kz3iNgja05/A1N5hAi3u9F8qRUExOcskDVBJiu6DQiMSpd7MIAVCLCk7XvEJATIkMPrBqR5qc90W9+YQzhD4XVtJdrj0Zf7jeMJie0r/zbKwUtnZtbSYa04jvrIRMXvatCsksfn3zmGI3HVT/GJwQrnWDeu6GLRZMrIb59CCywTBX8z6Odytif2oAeOEPsWuYED1FLTI2uP36ZIi8NZnLrpbAiQ7dE3HSDnPVJKe5DFVrCIvbRpU7nAADtIwN68HPSgEVWntf/3rKmgtohhoVEqYMr/i9av7qa4mz5tbOX6l4qNrShSLCUqwB6QhL4cBzd7T7wlznPj8kARxiC2a9YqmHc85CQcBTVLz23Xgv1FOGUVzj+OQOQeD81ESJkSmjmSdpsseMqJY/VOMfBPQe918IBk2Dm0g0sHWDQoCI+ZAWgQokSQ7S9bLlfwsVskDXf60l23NOB709mMyq2OTTL/iBPVePxsWQMmqBZ9jnnOl7WflA+Ajme2u6txfdSHJ9EgYqfOiQUkj36oxLOTf3MhM4/ZoLlPvqL/d3683c05NPYepdANVEYpa3fqC4lloSPjN8UtPPN/0d472DWtYglfaUYwx0FXANEqXWyEkkdI7Z4D9YyXxMN0q/c/ETdSL5zAgBFrIRpeewlNz8fU3Ox+XduS6X21pFxBPOC8hbsjoswdkiTDGhrkXx1IsWcD2Y2Flkli6I1PGougOXHVZjwrS1/O51urT6pD5qMv0Wul2k813kMOqh0S4h1mqh8vWrLvS5blEN8HdKdf/cAosuaVUBrNbtXvv9yHhOCllr7KEtDCNHHeJ3wLc3Qyiqr8Pciefo2hLxaA7wLHlwn3SYdx0bT5BgZgZdv0bCethfHuU5J1aRlLpn2tu7Ze9uwJMC0MR4MOVAYoJAL+2Ga8e4N8ODdxa84zSWy5eToAzIEdhd4Miv1nsOOUP2x2Mcit9F86Er+t97ooG15YGdtrRab/AdRArfJEJrAGFylcuqUHqXZjfUeMrLF6C+UmMJhVfAKU2ouLRN2/i6RrYNQl6tNP5AoPtoEOCTRCQcNXWIGlw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a0f82cf2-5327-4f9b-4242-08daf3f02936
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2023 16:23:23.5156 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wuvztV08Hm9ih4dmAh2ej9tJ5uo6+0a3j4MZIR8NioITU0sLgWqg2DqeIqv8vRndg5lCBnRrTq6iGJYUYtSGsWyZr376FYp3m4ejwUUQi9Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3297
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/0NLFcn6c_2ElUZ3dSBqrG3LCX9U>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-19.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 16:23:30 -0000

This update contains the following changes:

   From version 18 -> 19:
   *  Addressed comment from Murray, moving section 'Convention and
      Terminology' after Section 1.1 and adding a paragraph on the use
      of key word "SHOULD", moving section 'Compatibility with Existing
      CMP Profiles' right before section 'Use of CMP in SZTP and BRSKI
      Environments', and adding a paragraph to section 'Scope of this
      Document' also clarifying the use of key word "SHOULD" (see thread
      "Murray Kucherawy's No Objection on draft-ietf-lamps-lightweight-
      cmp-profile-18: (with COMMENT)")
   *  Updated Section 4.1.6 to reflect the changes to CMP Updates on
      guidance which CMS key management technique to use with central
      key management (see thread "CMS: selection of key management
      technique to use for EnvelopedData") and removed normative
      language regarding which key management technique to support

Hendrik

> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-drafts@ietf.org
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Limited Additional Mechanisms for PKIX and
> SMIME WG of the IETF.
> 
>         Title           : Lightweight Certificate Management Protocol (CMP) Profile
>         Authors         : Hendrik Brockhaus
>                           David von Oheimb
>                           Steffen Fries
>   Filename        : draft-ietf-lamps-lightweight-cmp-profile-19.txt
>   Pages           : 106
>   Date            : 2023-01-11
> 
> Abstract:
>    This document aims at simple, interoperable, and automated PKI
>    management operations covering typical use cases of industrial and
>    IoT scenarios.  This is achieved by profiling the Certificate
>    Management Protocol (CMP), the related Certificate Request Message
>    Format (CRMF), and HTTP-based or CoAP-based transfer in a succinct
>    but sufficiently detailed and self-contained way.  To make secure
>    certificate management for simple scenarios and constrained devices
>    as lightweight as possible, only the most crucial types of operations
>    and options are specified as mandatory.  More specialized or complex
>    use cases are supported with optional features.
> 
> 
> The IETF datatracker status page for this draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrac
> ker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-lightweight-cmp-
> profile%2F&data=05%7C01%7Chendrik.brockhaus%40siemens.com%7C36e3cce
> 1cf284358c30e08daf3efcc3b%7C38ae3bcd95794fd4addab42e1495d55a%7C1%
> 7C0%7C638090508492681414%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C
> %7C&sdata=44RS%2BnGPZvPeQOUeU0vsU0drAmztpVFceePV6y5x5H8%3D&res
> erved=0
> 
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Farchive%2Fid%2Fdraft-ietf-lamps-lightweight-cmp-profile-
> 19.html&data=05%7C01%7Chendrik.brockhaus%40siemens.com%7C36e3cce1cf
> 284358c30e08daf3efcc3b%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0
> %7C638090508492681414%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7
> C&sdata=W6MXdisv9UtkmSPTAMFMyevGfj%2F0M2sGuhrDPTP3vsw%3D&reserv
> ed=0
> 
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-
> tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-lamps-lightweight-cmp-profile-
> 19&data=05%7C01%7Chendrik.brockhaus%40siemens.com%7C36e3cce1cf2843
> 58c30e08daf3efcc3b%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C
> 638090508492681414%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> data=If2aUG49dGy8VrnoXYNIFY1HpGEbIuSTcVUirZfeeTY%3D&reserved=0
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Fmailman%2Flistinfo%2Fspasm&data=05%7C01%7Chendrik.brockhaus%
> 40siemens.com%7C36e3cce1cf284358c30e08daf3efcc3b%7C38ae3bcd95794fd
> 4addab42e1495d55a%7C1%7C0%7C638090508492681414%7CUnknown%7CTW
> FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI
> 6Mn0%3D%7C3000%7C%7C%7C&sdata=C6QvGrIKu6zv7PAs2NRMwV3vUgvOh0
> TQI7YWSxSSehU%3D&reserved=0

v2.23.0 | Report a Bug | By Email