Re: [lamps] CMCbis I-Ds
Russ Housley <housley@vigilsec.com> Fri, 08 March 2024 17:32 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919B7C14F610 for <spasm@ietfa.amsl.com>; Fri, 8 Mar 2024 09:32:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKXim7FfRP9Z for <spasm@ietfa.amsl.com>; Fri, 8 Mar 2024 09:32:40 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0207C14F5FE for <spasm@ietf.org>; Fri, 8 Mar 2024 09:32:40 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id C0A06106096 for <spasm@ietf.org>; Fri, 8 Mar 2024 12:32:39 -0500 (EST)
Received: from smtpclient.apple (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id A1AF5105C1F for <spasm@ietf.org>; Fri, 8 Mar 2024 12:32:39 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F3BB0E65-D9F2-48C2-A1F2-CC25C81BE7A7"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Fri, 08 Mar 2024 12:32:29 -0500
References: <EDF4C297-7DDB-4957-8251-1BDFD5E2D9A1@sn3rd.com> <DM3P220MB11460AFD189457A7D9776BF6A4222@DM3P220MB1146.NAMP220.PROD.OUTLOOK.COM>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <DM3P220MB11460AFD189457A7D9776BF6A4222@DM3P220MB1146.NAMP220.PROD.OUTLOOK.COM>
Message-Id: <23814C31-AA12-41AC-ACB1-0C89A35FA538@vigilsec.com>
X-Mailer: Apple Mail (2.3731.700.6)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=from:content-type:mime-version:subject:date:references:to:in-reply-to:message-id; s=pair-202402141609; bh=8NpwFyKnG/r1TzX/mb/yR6LjXghPc4HkXgGvaAqBWgM=; b=WcVtB3X1naZiu1/m31NWGEjVnjX1zoRxBe7x7q8jmV33OQ77aMiyVEuIkplhJ78DqY0JxRhknshG0rr50qZeV1AteHA71Zw0Ip11f3enIYohEkFaUdmnTjaq3DVevFwWJlmRxXp03q9+izXOvEN8KStqvDyJ6DWncI+wyoWAdVPhOS6L0Q/FPxT38ZOTKhkC1zc7XaXxPEAdzoQIpH51H9KodXd2apLEbIA3mgUxhI9/6QoYE6TS5zl47prerjmdgH+RbhMH1/2OFhPdDJKKxB46Zsvxgr6FZc4Y1pWosj8rk3kRVIlbyH4J+f77gMSkPGFXjmEpEPGWvt9bptF3ZA==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1jrows2x70qcYH3OLGUcYLSkGFg>
Subject: Re: [lamps] CMCbis I-Ds
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2024 17:32:44 -0000
It seems to me that we need to adopt some documents in order to support KEM certificates in CMC. This seems like a good start. What do others think? Russ > On Mar 5, 2024, at 5:48 PM, Joseph Mandel <jmandel66@gmail.com> wrote: > > Hi all, > > Sean and I posted new versions of CMCbis I-Ds with links below. We have added a module to support new HMAC algorithms in PBKDF2, replaced TLS 1.0 with TLS 1.2, and updated the overview of RFC 5274bis which lead to minor changes in section naming and numbering. A few items we would like to include in the next version, with support from the WG include management of KEM certificates in 5272, consider AuthEnvelopedData in 5273, and updating the Cryptographic Algorithm Requirements in 5274. We would like to ask for WG adoption and time on the agenda to discuss the open issues. > > Thanks, > Joe > > > A new version of Internet-Draft draft-mandel-lamps-rfc5272bis-02.txt has been > successfully submitted by Joe Mandel and posted to the > IETF repository. > > Name: draft-mandel-lamps-rfc5272bis > Revision: 02 > Title: Certificate Management over CMS (CMC) > Date: 2024-03-04 > Group: Individual Submission > Pages: 99 > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5272bis-02.txt > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5272bis/ > HTML: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5272bis-02.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5272bis > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5272bis-02 > > A new version of Internet-Draft draft-mandel-lamps-rfc5273bis-02.txt has been > successfully submitted by Joseph Mandel and posted to the > IETF repository. > > Name: draft-mandel-lamps-rfc5273bis > Revision: 02 > Title: Certificate Management over CMS (CMC): Transport Protocols > Date: 2024-03-04 > Group: Individual Submission > Pages: 9 > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5273bis-02.txt > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5273bis/ > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5273bis > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5273bis-02 > > A new version of Internet-Draft draft-mandel-lamps-rfc5274bis-02.txt has been > successfully submitted by Joseph Mandel and posted to the > IETF repository. > > Name: draft-mandel-lamps-rfc5274bis > Revision: 02 > Title: Certificate Management Messages over CMS (CMC): Compliance Requirements > Date: 2024-03-04 > Group: Individual Submission > Pages: 14 > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5274bis-02.txt > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5274bis/ > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5274bis > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5274bis-02 > > > From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> on behalf of Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> > Date: Monday, January 8, 2024 at 1:23 PM > To: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>> > Subject: [lamps] CMCbis I-Ds > > Hi! > > Joe and I have posted new versions of the CMCbis I-Ds; see the forwarded messages below. We’ve incorporated all the errata and updated to the ASN.1 from RFC 6402. The remaining major items to do like adopt the KEM POP mechanism that’s currently in CMP and tweak the requirements in 5274 are things that should probably be done under the auspices of the WG. In other words, we believe we are at the point where we’d like to ask for WG adoption. > > Cheers, > spt > > > From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> > > Subject: New Version Notification for draft-mandel-lamps-rfc5272bis-01.txt > > Date: January 8, 2024 at 15:52:09 EST > > To: "Joseph Mandel (editor)" <joe@akayla.com <mailto:joe@akayla.com>>, "Sean Turner (editor)" <sean@sn3rd.com <mailto:sean@sn3rd.com>>, "Joe Mandel" <joe@akayla.com <mailto:joe@akayla.com>>, "Sean Turner" <sean@sn3rd.com <mailto:sean@sn3rd.com>> > > > > A new version of Internet-Draft draft-mandel-lamps-rfc5272bis-01.txt has been > > successfully submitted by Joe Mandel and posted to the > > IETF repository. > > > > Name: draft-mandel-lamps-rfc5272bis > > Revision: 01 > > Title: Certificate Management over CMS (CMC) > > Date: 2024-01-08 > > Group: Individual Submission > > Pages: 97 > > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5272bis-01.txt > > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5272bis/ > > HTML: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5272bis-01.html > > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5272bis > > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5272bis-01 > > > From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> > > Subject: New Version Notification for draft-mandel-lamps-rfc5273bis-01.txt > > Date: January 8, 2024 at 16:10:02 EST > > To: "Joe Mandel" <joe@akayla.com <mailto:joe@akayla.com>>, "Joseph Mandel" <joe@akayla.com <mailto:joe@akayla.com>>, "Sean Turner" <sean@sn3rd.com <mailto:sean@sn3rd.com>> > > > > A new version of Internet-Draft draft-mandel-lamps-rfc5273bis-01.txt has been > > successfully submitted by Sean Turner and posted to the > > IETF repository. > > > > Name: draft-mandel-lamps-rfc5273bis > > Revision: 01 > > Title: Certificate Management over CMS (CMC): Transport Protocols > > Date: 2024-01-08 > > Group: Individual Submission > > Pages: 9 > > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5273bis-01.txt > > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5273bis/ > > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5273bis > > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5273bis-01 > > > From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> > > Subject: New Version Notification for draft-mandel-lamps-rfc5274bis-01.txt > > Date: January 8, 2024 at 16:15:10 EST > > To: "Joseph Mandel" <joe@akyala.com <mailto:joe@akyala.com>>, "Sean Turner" <sean@sn3rd.com <mailto:sean@sn3rd.com>> > > > > sion: 01 > > Title: Certificate Management Messages over CMS (CMC): Compliance Requirements > > Date: 2024-01-08 > > Group: Individual Submission > > Pages: 14 > > URL: https://www.ietf.org/archive/id/draft-mandel-lamps-rfc5274bis-01.txt > > Status: https://datatracker.ietf.org/doc/draft-mandel-lamps-rfc5274bis/ > > HTMLized: https://datatracker.ietf.org/doc/html/draft-mandel-lamps-rfc5274bis > > Diff: https://author-tools.ietf.org/iddiff?url2=draft-mandel-lamps-rfc5274bis-01 > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org <mailto:Spasm@ietf.org> > https://www.ietf.org/mailman/listinfo/spasm > _______________________________________________ > Spasm mailing list > Spasm@ietf.org <mailto:Spasm@ietf.org> > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] CMCbis I-Ds Sean Turner
- Re: [lamps] CMCbis I-Ds Joseph Mandel
- Re: [lamps] CMCbis I-Ds Russ Housley
- Re: [lamps] [EXTERNAL] Re: CMCbis I-Ds Mike Ounsworth