IETF Logo Mail Archive

Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-12.txt

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 13 May 2022 11:22 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67583C15E6D7 for <spasm@ietfa.amsl.com>; Fri, 13 May 2022 04:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S00RacstFt7S for <spasm@ietfa.amsl.com>; Fri, 13 May 2022 04:22:50 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2062f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74B50C14F745 for <spasm@ietf.org>; Fri, 13 May 2022 04:22:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CRsxUbgc3umdqWni7HXGx39uaS39NcWK1GNMjlnLzBXaVtEbY/HtioAc5F7dLCKLhHNAWUEUYl5pn5XD4jcJnYd9Gm+gVoooPk5I0xYZJXjxNfgeYfXjAWfPVHC5pPOuKALebshUMjd9D1nFGefVeMryey4KRGfLKCePg3jtoKkl2YgHdlMgVqllGmJjSEhk/jCCmih4E/VPruVX/52GuuLp2mSYiyppyYphSrN4EGxFisvRBWYQdpExF9elBSTOT38YkVfNaaEYdPH7JrhvcU03q/ZOpkvjCz3DI895GYaOW+lofB/yQ+I8A2Qf1CM6a6ts6ZEtuw7xvrDGuIyCLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zgjo4BJPabYPmsVQ9Sy/Ln2HI2XRV6y/1boe77IsDS0=; b=nD1pnX/mDc0gZzWsdFIjMpMWY1Tsh2DFzB99roT2G0X87E2yFeeHailnKGeaYu2GZeNM2BkrjAKWgxQOivyuug0gyTBpBPL//mBNBi4P/RWr6eSTw+RPATM/YG7oHxaWZqXWWEClyxAD7YUnLwd1AwEFFJILWqqm2B8N68rH3b8QCso7QuwzIKktsXpmt6+toraDUP+sx/V3iB1Nh37LQhi+9W9bIa0euJXs7ELa8i6i18BiF8ktzIf9cqTiqNC49vUMZWqtT5Ral6il68+m/ttC2DT1GUot4FGVORzGqSA21fx5URrb5kslPrE64XqP78TyKdovvxSrPYFbSyNVuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zgjo4BJPabYPmsVQ9Sy/Ln2HI2XRV6y/1boe77IsDS0=; b=v7TDMEzV3oyy2O4FFYNMjGdT6pNHQrWrvcNlYhyQWT8TD1GSbI97uGxQWqq4hozlOX/5Fm1557a4uRRJGR4DPyJxRLBLlm5T840VenVljbI4iaGkuGWn57lROCUyOeGI1TpL71Ql9VMEJ36/FHAVq8lV8EmNXhwrX2WfCaelIC4cQUQsuy3kAKSNb+ouib/k6c6DPid4LtOEk4xnUUvynukcnRQlv/73Upn7ZUxGUYbRG5GmdqhXT/Z9j1F5YkxVM2aLWhIjtveZ0xLG/5XV4mVl/Regpj58d2JhnH21d3aBRRAOO+EXI0p9M22qpJoSCnsBA2hk8NxgGhMP3ZnMnA==
Received: from DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM (10.171.76.18) by AM4PR1001MB1361.EURPRD10.PROD.OUTLOOK.COM (10.171.88.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.22; Fri, 13 May 2022 11:22:45 +0000
Received: from DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM ([fe80::ed10:9fc:bb3f:bbb1]) by DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM ([fe80::ed10:9fc:bb3f:bbb1%12]) with mapi id 15.20.5227.023; Fri, 13 May 2022 11:22:45 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>, Roman Danyliw <rdd@cert.org>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-12.txt
Thread-Index: AQHYZrtrTPlSArctL02p+ncl5YVRhK0cqWxQ
Date: Fri, 13 May 2022 11:22:45 +0000
Message-ID: <DB6PR1001MB126941FF9CC124B9D2B26E16FECA9@DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM>
References: <165244076339.57467.9323059218474504637@ietfa.amsl.com>
In-Reply-To: <165244076339.57467.9323059218474504637@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2022-05-13T11:22:43Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=7da123bc-6a48-492a-b70b-0bc4b8421740; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ff0a8c4c-b52b-464b-b2a9-08da34d2e751
x-ms-traffictypediagnostic: AM4PR1001MB1361:EE_
x-microsoft-antispam-prvs: <AM4PR1001MB1361CD394A76457E12B4D873FECA9@AM4PR1001MB1361.EURPRD10.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3GlEG+c6wPyBzQelAosRa15CMjGuJPlk8kpqbEbu1MPGSOKBbN4/vf6luTvr6lShR3xx9ZLagClAL4ZINVJ1/krsnuA58of17+/dtmPYnzHHYf0VvWA04FBZauaFFPJajbzvWoSVL7fdEuYcpeQHwf8pxmdg4FUs0aqvuqMLw7fABQbP6nl60Qv+OGYwDep30XQdhS80Q/pKlpuG13TUeCl1Pp3zIxCcTxnFOt7LW8+VHXm2DxFlNGUmt5UilOY9BUhCZ5796SX8USBCxDw8KQH8aHfr4Zm956O56u5E2MwvR5QIv1WymbLApkgnV7EGU8o9suNxbBrebn6m63SbVZMGbjvBopx+c6Uxj681jIasW9IEs+p8WFPrqDonnBFH4x5OyFh9FfjN4UsD6qsJ+GHR+VOtPspybuEZSgXEfPYSL2Da9GQcwJbnItLMwBfsnlxAXsvzNLgwzhm+DvRIm6KpdAf6yrEG8yGTxTnjW7oOhh/6f1jVOV4VqOuUaXCq2QyHSmikCrHHMnJQD1kH4FfPiPKLDxEGArAArvBKt8VjLF9r5o/VJrOFuYxAra6NJ8v14HZpkqhNYnIeLo75yoPvr5xDcrev2MuMk/N/s19hGiGmTMibShvtKvNHqvp/cuDmFftzRU6jrcW2i+1LAqL493ojaVV8fsNJs7fR7N8UOnxB3H84mv69VUZVl/vzHvlI7fNfow0o6NE18t3yGmdNwNXTdIC0HW+ndO6aIZhl5sJ52MMnDCLmRS3/9d2wSqfhQYe177Z+m8gmLe5+b5ydtkANOkfuGlheNkm1yRcyGdJSfrIo1Y8Hq73bwGUny5GeSNj2fNl1TBC6+kXjkA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(110136005)(71200400001)(33656002)(76116006)(55016003)(66946007)(966005)(8936002)(7696005)(66574015)(52536014)(508600001)(8676002)(186003)(64756008)(66556008)(38100700002)(6506007)(316002)(66446008)(66476007)(9686003)(38070700005)(5660300002)(86362001)(2906002)(26005)(82960400001)(45080400002)(122000001)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IrMMDIcNoFLbj7dpr7b97wWP85vwyZguQ4cZeAB4B51ykM8sH+809Wa5pcwJmPfATRfowcVJr+g2imuYohHvJZsT1f6Y8xisAjFcllDNy/GodQ52XhvNQuNCqcP8QTcUDgxLvKS9nXiqv2UxFTeK17/kxbneJVENtThI2+FuJVXaoq0JxYYML1QeHClIV8h7SYNl9yz55Jp23iz/Mzt9g8jvoiLDmj77EK8JPtW2/n5+pNsAbavgtQd2wmMD801qM70v7neENMfj0+1HcqxFHHfcpCuZDqJPy04Dg6p2/0G2ZqGecOyoYvovL3nRarIdmrgEGUgC5IzRacVK7f3CdI0KYEyEY3DqL3V3nYrrcaYofZrklhXt/gkX8GxrjWDG3fcCGKB4IPZKPkFJIZcdQHpJD0U9XbjGD1/0awLIbOPpCI2WDw6r2B0OwImj5RQTbP/OO352R1NNAAih52yd6er6SJ5k1aS5rmwccGeREWsmqFCc000HtDox0U4mEgagv3NVIqGtJ3NwRu4PSIfAGlr5iQ8GlgkcEurtT0QA0DOriz6FQiK6LHXcpFZDPvE3HbXRMrXkMw1TkStslW9CUhi8wSpfqqogVWlyz3bq6shHSJqXqZ0l7ucBewTYDEsIJUFPgKrIBUxuPcgHBI5Tj4XnUZim2+SiR36VkC+A/qDt9jrVI0iyB6FXVIjVc2d5wfLS5Hjw1CQ+2Qe6D4Wlygd/0GJ8b6SDrSiVko5VuaPQL/+rPjod0zv1EwKJQnfazFPwFZE8zEAvFGs1B1tRGcAbNXmCS3il13E5p843i54svkyaDPJBdLM6C6As7+CW5aVH7H5G2Q9Zy3eInJ484MrqzMRK3iMnYxVuTOAzHXy8JRMLg8Axv5+mqgFJ1wCT/gFDtQGKXYs7W9XpcnnZSECMJtGq2MYehxUBGM1DxSmtzJpicAUOJd0w3WinBxeEmsrdjyIPbxwlvb8uL1IImEeDLM60hHmaa4nLDL+gJhJbsgSGMEI/gFs7CfEmOVlkdvjJr1Vf4BtdZX718ex2hLgJgGdFktFpdLzdclYjTAGWVYgBvaluTjjQmVfAvH+MLxvL48AbA19SikFfof9wnzlIzxLL/FmrnUaFYGslE0EhCaPxVNDZ7o5D6uekkRcZEUgu+rTeC7cpgoc7hK/6xayP2gmPRzDVHgF1zw4fKUvmrfIqQ3EVZ9E9oKu8azvN2CDdsAh2llx6U9dAgEBHM9vTtbSn5hmG+yYW5Rsb0/5UMeJSMNccY5dBcYt4C9aA3wvTYNAnIViq1IrgCaRw9bSPRC1PfSW/zTpWbY5GIwpFng1TrUFLb/htXsLbEXfAggoxosKyyCBFsCxC9TfxMAQu40weSzBd2J7orLQiw55ipx9BQQLgIcFKcVMz0gPlkRHNxZYedgMBWlzQuuwRAoJfzw19AIlti5aqYl+yyfH+HyvqnC9+NytIDej4QALBaWsnwH2F/q5QVZii2/klRrX65I1TXnWFL5k61HnncKHt6KwIuZJKEcq9n9wbVYTuVXMKGPVFarS7af66WsbVXnHUIJ0TRQ9QzwsOkl0A7iPt3gMWnHHYwqS+EpxQwPnR6hzJm2xtwCN+XU2ksrJTeLNU6cukNASIqj3e8fzNHGlZwUSSZRFQkDcNLOg2G+HoIhMWF2heV02zHmRfywtq07A2co9hD5V0lS5rJMvI/fiAqPcGUggL8EhhB2TabMPea3LxYeMBHZjgcTn7pzLNarbCzPQmz3FhC3LKKibI2cc=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ff0a8c4c-b52b-464b-b2a9-08da34d2e751
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2022 11:22:45.4545 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1WLGJUkwMxscaM/Hl8JDR6VIlb5IsPQJVjpihxgw/kUMhSmWCZ/yngzIEnK9hrbKoiVqdE32tkhEp94RHmLr4YbCN5ekmLIvKIhxyqGgKro=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR1001MB1361
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/NuXdDM6umgZIHeUWKqddaIFOtZ8>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-12.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2022 11:22:54 -0000

This update provides some minor clarifications and corrections.

   From version 11 -> 12:

   *  Added a note to Section 4.1.6 to clarify the combination of
      central key generation with certificate update
   *  Updated Section 4.3.4 for clarification that only one CRL per
      round-trip is requested
   *  Updated Section 7.1 to fix a wrong change from the last update in
      the first two rows of Table 3

Hendrik

> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-drafts@ietf.org
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Limited Additional Mechanisms for PKIX and
> SMIME WG of the IETF.
> 
>         Title           : Lightweight Certificate Management Protocol (CMP) Profile
>         Authors         : Hendrik Brockhaus
>                           David von Oheimb
>                           Steffen Fries
> 	Filename        : draft-ietf-lamps-lightweight-cmp-profile-12.txt
> 	Pages           : 100
> 	Date            : 2022-05-13
> 
> Abstract:
>    This document aims at simple, interoperable, and automated PKI
>    management operations covering typical use cases of industrial and
>    IoT scenarios.  This is achieved by profiling the Certificate
>    Management Protocol (CMP), the related Certificate Request Message
>    Format (CRMF), and HTTP-based or CoAP-based transfer in a succinct
>    but sufficiently detailed and self-contained way.  To make secure
>    certificate management for simple scenarios and constrained devices
>    as lightweight as possible, only the most crucial types of operations
>    and options are specified as mandatory.  More special and complex use
>    cases are supported as well, by features specified as recommended or
>    optional.
> 
> 
> The IETF datatracker status page for this draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrac
> ker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-lightweight-cmp-
> profile%2F&amp;data=05%7C01%7Chendrik.brockhaus%40siemens.com%7Ceaf
> 2e83f3c6e4f1d364108da34d28c98%7C38ae3bcd95794fd4addab42e1495d55a%
> 7C1%7C0%7C637880376157357743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> C%7C%7C&amp;sdata=wUuv%2B1U66%2FpLfDZANGXRLVuzk%2FT8FdE9LaYE4p
> gwrFU%3D&amp;reserved=0
> 
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Farchive%2Fid%2Fdraft-ietf-lamps-lightweight-cmp-profile-
> 12.html&amp;data=05%7C01%7Chendrik.brockhaus%40siemens.com%7Ceaf2e
> 83f3c6e4f1d364108da34d28c98%7C38ae3bcd95794fd4addab42e1495d55a%7C
> 1%7C0%7C637880376157357743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C
> %7C%7C&amp;sdata=GVhkq6YFoqjs2891HpB4D5tmbAqKSewgBRb2gBaUcRk%3
> D&amp;reserved=0
> 
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Frfcdiff%3Furl2%3Ddraft-ietf-lamps-lightweight-cmp-profile-
> 12&amp;data=05%7C01%7Chendrik.brockhaus%40siemens.com%7Ceaf2e83f3c
> 6e4f1d364108da34d28c98%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C
> 0%7C637880376157357743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%
> 7C&amp;sdata=sni4qJzHIGYCPyGjGsJmsPAZXmGxaPH1C4x57ZRwkvo%3D&amp;r
> eserved=0
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Fmailman%2Flistinfo%2Fspasm&amp;data=05%7C01%7Chendrik.brockha
> us%40siemens.com%7Ceaf2e83f3c6e4f1d364108da34d28c98%7C38ae3bcd957
> 94fd4addab42e1495d55a%7C1%7C0%7C637880376157357743%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
> XVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=M5BR2VJxBAvpRsncrgCEHd%
> 2B%2FO%2F%2FMzG2QA6kFKqNAk64%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email