IETF Logo Mail Archive

Re: [lamps] CMP Update of CertificationRequest

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 25 May 2021 14:45 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F01383A0DBD for <spasm@ietfa.amsl.com>; Tue, 25 May 2021 07:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeT07rAjbdEl for <spasm@ietfa.amsl.com>; Tue, 25 May 2021 07:45:11 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10061.outbound.protection.outlook.com [40.107.1.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0368E3A0DBE for <spasm@ietf.org>; Tue, 25 May 2021 07:45:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lu0GZiTTkEC4OxjtsJpCtAIUDe19sKa53Tw4oQmdZlrDBnn/Oyj/kGZ297xPzduTBvEIijErcYkPGEU7tiWZZvakd1ocgYusK525RObOUFvA16tPi2qQxII/1i2QiQgrf8bNTSd45cYkbdkcHDtkB/wel1snnUTJ3jSbkx30guRriDaz0QJfJfdndHk5ZN8hY3ipgsTOUTONlDWOVyb7z3MGOjcoq8MzGUQmHZ5XBpyAZJL0g/yePRymn3GdLklUM2yJ35wldQHGksskb+LmYYiQ1DZZG4MokxceKe1NEcXRp773e6/GaglsISfhTKczHvJs+6grpsaBbiuNeL5ibw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FdEi0yrUHwHvzVbTsYxXeQU+24Zm2lWUPvY6fFQxmT8=; b=f3PO05m0aambnA7TpxuU2j69fIFcAML6uVCFAaLePxmyPz1Gcl1bu/YEAj9CUmv3TCIiwBcC1HbfkVHJkRyodbTSATSp2qC5qhe0yYKwjyTyadICcK3SPcIARZu5ZdZlCIrJF2efpHY3KrEUIMkL7vLVItp5gjagrbcElp5kW/uAxVLsSj2vvLGWEM3yTz692wlNWa721o75Z3zQhaaW+nUsafyvYPdCqv/XO9j11MGNCGXInhEt40IK5ClTMPjqmJLPbofoXV2qF8QBCx2thcIqlpcCIaROZbYRxq2u/Ta8fgw9EaT4s22WMzmJc2iCtfAj0MdG7Egec8KVaBpv4w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FdEi0yrUHwHvzVbTsYxXeQU+24Zm2lWUPvY6fFQxmT8=; b=Fyvl0/h232YNNGmptLe/UT328Ohi81KUk3nN6h6hZ/eWZnfVlWJpgNQE7BhA8noaGA2PEdIiU9UoV/qP9a9R4xOV9ODDhKezcWdC9+cXETHcHUgz7oyLY2UJkRDTS4Q0iJE8sq0Bpbi01NVWDYurl5zOTPQPhl75ANZUflRVrwI=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB3713.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:159::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Tue, 25 May 2021 14:45:08 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c%7]) with mapi id 15.20.4150.027; Tue, 25 May 2021 14:45:08 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] CMP Update of CertificationRequest
Thread-Index: AQHXUAi0M5wR8FkyHU+zAT7w9uu3NqrzuDjggACKnoCAAAMnwA==
Date: Tue, 25 May 2021 14:45:08 +0000
Message-ID: <AM0PR10MB2418393BAC64A50ADBDA1B17FE259@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <25C71A2D-CA3E-44F4-B8C6-00049DB2C097@vigilsec.com> <AM0PR10MB2418FFBED75094786AE58E91FE259@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <1FF43785-E271-4C28-970D-59CCE0FD089C@vigilsec.com>
In-Reply-To: <1FF43785-E271-4C28-970D-59CCE0FD089C@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-05-25T14:45:06Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=bbd9466c-6191-4e14-8e12-2ceefa208db4; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.169.19]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d33a0287-8d14-444e-f637-08d91f8bb143
x-ms-traffictypediagnostic: AM0PR10MB3713:
x-microsoft-antispam-prvs: <AM0PR10MB3713F57FEA87C5F9FDDC5298FE259@AM0PR10MB3713.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1wDBo18itwgdTzuNu4tiaVP7FrALy2pzy4Omd2d4z1EAy9/Nr6JiH4+JfogWESxnjMqnonzlkKw3iFxI1CHBbl+ilw1rEE1a3GOH5LoZqy7djl2f4sjO/TGQs7VAKpNbgrC9xIwlK6E0Ld+G3TjvPBAw2+laaYZ09FjfxLUZNviTSQXd8v3CXrZmnS/NzEXvm2VEraIsyWLb/WB+QoSt/DptWT9P/V4GN5OJzPa3s+oQnVMMXLYNaDzwhIrRF6IhV5dyF8j23se4kJ0772cXgPWfyfNGKGPseDUY0RMDiz/usBkhBgmcdB6FDPlgVvrcF7QcdhBGq80ZdUscMTwsWnVSp69u7IuDO6KlBYEI7v+eEPgPKsV16RXDiKyxoiMmYBsOAvEzqYe1evbi9JmzNP5tuj/C05Vh+qusAPRQvJzDPE+yrfiNVROaHYqA3i6EGlDBPyu2m/pVhQ+8h8j2dx3DNvJWWwHSyDyvtjlRtauGAxAEBCPyYoFY5e6zqrqykBi2LC/HKpJ1wZsVR61FvF2BKBWC9BZeYBuXeKDZEo0lTj/8jCZz4AqAPxF7gf36UXPFXzMoZedrJCf65SMJcewwQqWBphVuLWc/tZad00M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(66446008)(66946007)(26005)(76116006)(66476007)(478600001)(38100700002)(64756008)(5660300002)(316002)(66556008)(86362001)(2906002)(55016002)(8936002)(9686003)(66574015)(83380400001)(8676002)(4326008)(33656002)(15650500001)(7696005)(6916009)(71200400001)(52536014)(122000001)(6506007)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: SV46gHhSUPKJN1mu0XynHROlM0XOIO8Uqi8d2s1Y7LKmb09eToJvNvo+53aFwchmNLaXLbowNQSty8ypgseyWAAxaKsjxsPcpcx2eB07/mmWITPECXl1Oxuqp50gcFk2qQtIKxBT3m2kVoRj6UwESew3P26KOpKaEfUqP6G6nWJHqJmfkSvRHdkpd/83YUrY6pmG8Wp4cWFPOEGqW2+fZ9llkP3sRDl+wV7THVFJ/r42IkC3+tW4KJi4M5LOU9hyL1ddsdigH5dVxzcZInHBTJNe3wEO4pPbykq/DrQbSkWcqGJHdcMJhk2BQ4mtfHQW7i3Ippsg0QHfoqQys5xGID/X9MCRcr97f4m8PZF97FVTHTAdqJH4IMjoMV4Z6iCPXJ8vETsGBwLGNGm+oPXbAR9whoO04p3aT3uwrFvxI8lXO89bgSTseoJTHPT8unrid9oAXoj0qv5T0plSyRPrXsdubL3Upv4f46oU4RfUmnorlrdn91gbPnsnOFylII0ioSgYnesYt3ApUBeMp5a/qZvM5Fa7Irl/C/IiIZ7z4bORh7Y0w7M3o07q8Xmnn/n7hWelw9DIQqJgh2n8X4NHevLem2kUl+tAehK90azugkCclAV+0PVXMdPNKGhAuVnbaCW/clSuMgqArB/2MncP0rajLYlncDtkfNCYjzyapdGIeiLMxYl3LLAlwIKMeEkKdyo+H25SL6vGVPfy+1gxpJLdisjcExRWBcWxiBSnTKY/aw8PiF9jEqB5UuMFX4ZgtXWntrUa7QFLsO+LHwo23BjLxewgFkNY2ElS4m90eV50nynwgVWFfdarRTz1HBlTkuSVnzOHAxw8PW9ck5m2o9otDDd2EqDGMqXOEJRpcj9ZaB/M2zaGLLHYdIvWh2hw2c15wnrdAtr3GX0tYEs25sf6wcIQ+Tm6+pHpt8cCOQESbqRETH66Z751XYJPFIvSiI1RMKY1YaM6G/VWgPQFsG0O1mjKnd8jQxWn7ViGxN4rgcfg5DNOED6+oe/JtRnN5ijcBAW2jYskrpreyFK+qX/WF487utaJTOEaxs3Zn9BjsPQMLLE+kfBXmxG4Yd+i4+pmHMg31SMFdA2+hb65d2hsCLXl2yvr8lyC2embFKvDeff8QplnY/Uv40L3ueDtfZGukZ/t/IjZayWKFrDOnHCMNkKnpxrvITZ5sGPekinCQ6K9MbSKqonLQmSzA+p0ftiEeKr8DxMnk5xoR6ueE9phR+lK9GcGB5EGYVCB33f4PjGvMVJhkvfvOSQoM3/2PllTNHAJIrguy6DukgF1dZ3jdCTY0InWWtkq6qnRLmtPANKNOP2DNuKW/MUlsref
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d33a0287-8d14-444e-f637-08d91f8bb143
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2021 14:45:08.4152 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z2kNzP5aJO35kWb3Sy6tHMCoy/rzbUlPXUKxS9FN3IS4n3yk8TeKLC4Fe4hDtA7u/TqZschmJVbZqWDALM8npPhBluY/sHNhl1wLLZ9Mg8I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3713
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/9rp10ckqOPN7EvXl0fYE8PUilWM>
Subject: Re: [lamps] CMP Update of CertificationRequest
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 14:45:16 -0000

Russ

> Von: Russ Housley <housley@vigilsec.com>
> 
> However, RFC 6402 did choose to locally define CertificationRequest.  I believe
> this was done because there was a place to IMPORT for the newer ASN.1 syntax,
> but not the older.  That way, the two modules are defining exactly the same
> things, even though the newer syntax could IMPORT it from RFC 2986.
> 
> Maybe we should continue to IMPORT from RFC 2986 in the newer ASN.1
> syntax, and define locally in the older ASN.1 syntax, with a comment that this
> structure matches the one defined in RFC 2986.  This definition can be lifted
> from RFC 6402, where Jim Schaad already did that work.

RFC 4210 Appendix F imports CertificationRequest from RFC 2986.

         CertificationRequest
                FROM PKCS-10 {iso(1) member-body(2)
                              us(840) rsadsi(113549)
                              pkcs(1) pkcs-10(10) modules(1) pkcs-10(1)}

         -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
         -- tags).  Alternatively, implementers may directly include
         -- the [PKCS10] syntax in this module

RFC 5912 Section 9 imports CertificationRequest from the updated PKCS#10 module from Section 5. Jim already points the used to possibly directly add the syntax here.

CertificationRequest
 FROM PKCS-10
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
 -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
 -- tags).  Alternatively, implementers may directly include
 -- the [PKCS10] syntax in this module

Do you think we should change this and directly add the new syntax from RFC 6402 to modules in CMP Updates?

Hendrik

v2.23.0 | Report a Bug | By Email