IETF Logo Mail Archive

Re: [lamps] I-D Action: draft-ietf-lamps-rfc4210bis-08.txt

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 01 March 2024 14:38 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3D99C14F6EC for <spasm@ietfa.amsl.com>; Fri, 1 Mar 2024 06:38:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9M9BRXgznoGv for <spasm@ietfa.amsl.com>; Fri, 1 Mar 2024 06:38:45 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2067.outbound.protection.outlook.com [40.107.22.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29E21C14F68B for <spasm@ietf.org>; Fri, 1 Mar 2024 06:38:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NMYtJks3+59UOJGLTPe9eZrKz1arGZsDfg1wgtEfj/cW32ZLSQ85FS7YoxbWHc8fZDycVQRLVtJC2Gmnj0jB8aacM1ovVcVhJgqGVQFrU1NcX5/SiEKZOde6T2Zs+cKlV7lgq8mZYaD0eF18ATuxqQxcfRbrI5Skk3VAi3hwRmQGX6ydEUJxC7RsYBA2R9mrL8Bgl63XWnSinYC0bK3rYL1S5Y6k38RqlNq7P0I3vO9n5lSJMp4HRitG56hM8FNJ6+r7pJm93OzLfu5DUM74IEpv9q0M2EIEvjJr2ZonpWgYpr6Ttgi93T5sUlg7Hd9s8sVNs5lxoPK4VCXDLDRzLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s0rmZj6vu52tEZO6dKfEbW98/ji8qGMmLixgHkFPR54=; b=Jybcjdv7Mft2KQdgUxC/HziQl8NDFJWMPU+VPSZBlwWB9jf/r3c1IQySIhwV44YPionGpFxF7uD9wTx34RTaMBmHyGlharnmxl9gqq3yuNC/PqyYWEehTfRqh+M+OdvLq7JgF2+woQE+uTyzJYeKbYti4dWx6bZNef/RMYBZk7VvgMxy+XLqDixjxIsT/M+vnjS4P0+5uJ5dsGLUxcA80RjNVlSCS6pukjfsAAys6HxiMg8V+H0ai8cFMVPTcjtamkVQV0YnOSmy7AKJ4kJ/ZhOVuNoLn9KeoiEByiVP26bl6Ch8RuMDP+1CM5bavvBgRjNbDQbNcxCqE1KzqHYhNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s0rmZj6vu52tEZO6dKfEbW98/ji8qGMmLixgHkFPR54=; b=pVzmPB6F73/qQ/h0Fo5idEPw/dH891d/K24u9ilDm84EmEQE7QWek+udl6+pCnaxlmzC0cEm6tacaIpQ0lorRLzPSGUp6Q5L/uT1Xm3DUTLgsuGDLU98jyg6q0PP2NyYR1gxJUZg/JXgESCz0abJe2Qe7/5MBOl6/pU9Ij0SSNUPCoZsq9yga6Pj4MCs+Puh1LXXH8sb6m/h9dWRX7kgY/2Hq1B9jNIRkpj1bp+fT1uTcOsggKbLjMYGI9E2NIf0YT8QLoXXl8LTu4uP4OgT8OWQo2zB37uJYY5PCf5pTXClrvWuSrGU4fFi5CRfr57SuxLKYD+ZsXCL0gNWvPBZEg==
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2ee::5) by PAVPR10MB7492.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:2f7::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.41; Fri, 1 Mar 2024 14:38:42 +0000
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::5f9d:eb29:87fe:24b]) by DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::5f9d:eb29:87fe:24b%7]) with mapi id 15.20.7316.039; Fri, 1 Mar 2024 14:38:41 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-rfc4210bis-08.txt
Thread-Index: AQHaa+UQfb7DMjF3m0eoyAUKhypXs7Ei89Iw
Date: Fri, 01 Mar 2024 14:38:41 +0000
Message-ID: <DB9PR10MB57157E5B24FCEE5806AA633AFE5E2@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
References: <170930344143.22440.1819893056997504698@ietfa.amsl.com>
In-Reply-To: <170930344143.22440.1819893056997504698@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=640f7f56-514a-4977-b75f-10ae7e1030d7; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-03-01T14:36:11Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB5715:EE_|PAVPR10MB7492:EE_
x-ms-office365-filtering-correlation-id: 394cceef-8210-4ab2-de1a-08dc39fd4a6f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: izKA7IOaUKdOyVY6tBga78RkUt3enHvSaucvccAB0o96LEDSUk11TSxjuhmE/KimsTsOBaQ3dMFPQkPISzI/tBDMENzk3Yu/SYajr3inxqFEBNFxxNExEpdn8ZO2uSmsnfjcTkcpi6H9FvzwA3pSWkTvTEJ7tKrTQJ+oW6yFZR0PVKXrle3M2zthN6vkbl0YO1kVrdKAQL002mPF2AJK1gtp2cP9YsRKQiFGXgupZQS9bQbcEbn3Jd6xJIGAMmYqduQbS9MzoLtCDFC2uyvcoiTRWF+WTVxmOWhFLZMp+no5b8/Z8lBC1Gk6Zicj5JeP4Jpqo0tgHHmhd7SJTcKRgLbnZB4bBv67lw6HJ0xOsJUCgUSinLuOqPG9qFu4PVz/J27s0h+GuupPhZH3Q4P8uClUPZyeGCapqY2dqRWMTVpmrHkbjw48o46fyNNX9RqmJjMcV7iVeRTpqlbmSslRVr4O81Cv15ALZxwQNOkQKbv+nh0SzjHJtFlQlWQIAWV3cxS3w4/5/OE8WEVBCArfeMhtrXaETuq1NbeECaBg6Xz769OdFqEESnXWEKPItKGU7jCJVb/gbac+OCWSYmhg6cT97L1tmI5+MSNVo21bFW5InvM+ZZAghHg3BtvYBu4tSdSsxi8aVmpuvX8To6/5ivFwX8A7wFv9BTDGiUPCbSQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7lUcgD+yz6rUQTWPz4ziaNNJcSl/ICMeFJzt+XV1AKSoafQhzrmPytheEo/obJTa25cFnpXB0F498rs7jVsSrX9FOE+/B7YdezFBZiZ5/QYd29wqRAfHsb/pbHOaXZVNg5YSvdlp2tYlfb1SPYYNWEe5I6N2PCwJ4k18VYpppU5MXSNnau1tNilio6/5M08TJd+owWuUywIhT4PRBdegmnGDo5wKJplzfXMAQVtAR6oT9TfrFAKZ0w0Lw9Lrapuwd2A+AGPudIKpefqY4DiKIgJ9sWFRQ9K31yhICnyueOsoymZ6DY8IesCs9jOk1lj+kQS8v3tEzNlV4H7iytEA+qhUivVFMThHFDcnY51TwjStvDGvJxcyyclbzuG2mRFZ61h+B2NKH/gT5CUWWHwLsOwScOTKR6f8kUj64343YBG0157CO9Dpo1xizvOR34Ru388eLi6htoPkxIsOL+vHrsD37XOTS5MAyTcnmaZuSxbQDkQVfXWMnQAOo5QAIYdE1AysgjUcBCa43CHB/3QGEMCLswQeA2cKnDG+RmQgVjRkwNEYXo0+rrChIRIDVzaGCKfA9y1uQtGx6rAn784BLQzp4MOVkJCR0prYnoJFBWUh9+apZG8XYXfkIis7h/clu9rF6CDZZVZYExuP/JhKblPagjWltPj0uz07E4qLYnnB4zv8KHpojJEKLlHJD+zWT7U3LdycGQz/KzoPa7s8SAjcrQw0vz54PmR39wwoVYDvjtfPcPDvB7Y9xwIOS5IIQa82nrfZNLlhvZGjrBJjolB/YPzFdhjF1pbERSRgtzvcGPZI6cgwb8lSeE+5VCjO3KR8ddUCvrCRPeG1mGYcPusOkGt8Yn/stm45IgtYTo6fW4w2VOiCnrYKoJ+yS+O+I5YNNTrBoLA6gB+Q4OFZ+JY2su2SzaIC1uxYH1AqsrfC2HTtY5NajHoQPTn++hI9n1y0IL33vg6sJl7fTCJ9BiuUVAsnq1D+OLG8vsu+wvMO2P+QaZdCPiJ+TXD5LQ1bO/Cw/Lpsd0nDURLnit24CvqM/AIxST73ck6mDieUhbK3/L7NatixAU6xuLkQbcLUPz/oKrIQfha1f9SZq5BwAh+Wi98arWXR93vz7GTg87dF3INTYBD1SKydOJFvx/MH/yiWDfm1Resh+m49slRXgmS8hNgAOFQv5wGXH4ly6wIr19Jgp3RApkBP64F8cAh5qiCBo7HxTjE9OOxO0dHTalsKVLcl1f61mar0JLxgYJz0h6/6swxc30Mz51MWQoI7dfH1OyDJrrtkniqRdBuLlMcTGKnXG6l4G8xue3l46ojzsYISDbK36nKpxCf5Wm0kWZ3H2WHp3aoYYAFpF9qTJqZwDABIkWJPCJl69cj+rBw8g4nnv1Gu7DKJ8VceYK/FIwcXr4XiVUKxNrrFxnGCvozP8QPele+gADrUoba283zg+rhDPPnNPOD6uZHYAOGn1+8iThFsdAkxXN64J7yxNm6DSsCyU1TrpHIFd0UiukIKjn3akvb6aodnkXfrX/MHoDZChA2mZkZxyu7zpdg7J7h5rwfp3272LqVbmAs1iDfQmjkzz6qGgMMnNMTcL4Z88v8pjZQQZf5G+QJ8fgtj0w==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.2"; boundary="----=_NextPart_000_002A_01DA6BEE.87395180"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 394cceef-8210-4ab2-de1a-08dc39fd4a6f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2024 14:38:41.7832 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: d4zUtRY1e7gEUeN0Yr22BcGc6txzgJa5MSY9xhDDvBulieimA6pV39XttWmT3Wlijpf3aG/MJvY4vRiwHn7U17FMm4jcYUbYiVCmFG9ao0o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR10MB7492
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/AyrfPBiV-ypF85kYPaCrXOqcawg>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-rfc4210bis-08.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 14:38:49 -0000

This update contains the following changes:
   *  Aligned with released RFC 9480 - RFC 9483
   *  Updated Section 1.3
   *  Added text on usage of transactionID with KEM-bases message
      protection to Section 5.1.1
   *  Reverted a change to Section 5.1.3.1 from -02 and reinserting the
      deleted text and adding some text explaining when a key expansion
      is required.
   *  Consolidated the definition and transferal of KemCiphertextInfo.
      Added a new Section 5.1.1.5 introducing KemCiphertextInfo in the
      generalInfo filed and moving text on how to request a KEM
      ciphertext using genm/genp from Section 5.1.3.4 to
      Section 5.3.19.18
   *  Some editorial changes to Section 5.1.3.4 and Appendix E after
      discussion with David resolving #30 and discussing at IETF 117.
      Also introducing optional field kemContext to KemBasedMac and
      KemOtherInfo as CMP-specific alternative to ukm in cms-kemri.
   *  Added ToDo for reviewing the reduced content of KemOtherInfo to
      Section 5.1.3.4
   *  Added a cross-reference to Section 5.1.1.3 regarding use of
      OrigPKIMessage to Section 5.1.3.5
   *  Added POP for KEM keys to Section 5.2.8.  Restructured the section
      and fixed some references which broke from RFC2510 to RFC4210.
      Introduced a section on the usage of raVerified.
   *  Fixed the issue in Section 5.3.19.15, resulting from a change made
      in draft-ietf-lamps-cmp-updates-14, that no plain public-key can
      be used in the request message in CMPCertificate.
   *  Updated Appendix B regarding KEM-based message protection and
      usage of CMS EnvelopedData

> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-
> drafts@ietf.org
> 
> Internet-Draft draft-ietf-lamps-rfc4210bis-08.txt is now available. It is
a
> work item of the Limited Additional Mechanisms for PKIX and SMIME
> (LAMPS) WG
> of the IETF.
> 
>    Title:   Internet X.509 Public Key Infrastructure -- Certificate
Management
> Protocol (CMP)
>    Authors: Hendrik Brockhaus
>             David von Oheimb
>             Mike Ounsworth
>             John Gray
>    Name:    draft-ietf-lamps-rfc4210bis-08.txt
>    Pages:   137
>    Dates:   2024-03-01
> 
> Abstract:
> 
>    This document describes the Internet X.509 Public Key Infrastructure
>    (PKI) Certificate Management Protocol (CMP).  Protocol messages are
>    defined for X.509v3 certificate creation and management.  CMP
>    provides interactions between client systems and PKI components such
>    as a Registration Authority (RA) and a Certification Authority (CA).
> 
>    This document obsoletes RFC 4210 by including the updates specified
>    by CMP Updates RFC 9480 Section 2 and Appendix A.2 maintaining
>    backward compatibility with CMP version 2 wherever possible and
>    obsoletes both documents.  Updates to CMP version 2 are: improving
>    crypto agility, extending the polling mechanism, adding new general
>    message types, and adding extended key usages to identify special CMP
>    server authorizations.  Introducing CMP version 3 to be used only for
>    changes to the ASN.1 syntax, which are: support of EnvelopedData
>    instead of EncryptedValue and hashAlg for indicating a hash
>    AlgorithmIdentifier in certConf messages.
> 
>    In addition to the changes specified in CMP Updates RFC 9480 this
>    document adds support for management of KEM certificates.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatra
> cker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-
> rfc4210bis%2F&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C2
> 648d19820fa414a5df508dc39fc3253%7C38ae3bcd95794fd4addab42e1495d5
> 5a%7C1%7C0%7C638449002537036120%7CUnknown%7CTWFpbGZsb3d8eyJ
> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> C0%7C%7C%7C&sdata=qWRG%2FZPq8iDPv2JIwjU8cnjLwHNkrqWdE2oc1B1fv
> BI%3D&reserved=0
> 
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ie
> tf.org%2Farchive%2Fid%2Fdraft-ietf-lamps-rfc4210bis-
> 08.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C2648d19
> 820fa414a5df508dc39fc3253%7C38ae3bcd95794fd4addab42e1495d55a%7C1
> %7C0%7C638449002537044351%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%
> 7C%7C&sdata=FtnR9czMXtLDfmENFlYK97lv7et4BRPa%2FjtMVWR73aM%3D&r
> eserved=0
> 
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor
> -tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-lamps-rfc4210bis-
> 08&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C2648d19820fa
> 414a5df508dc39fc3253%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0
> %7C638449002537049774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%
> 7C&sdata=0YO2bOJky8Ym9oqSJJFPeuuwDwnyZ9E81EXsbwpF3PE%3D&reserv
> ed=0
> 
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ie
> tf.org%2Fmailman%2Flistinfo%2Fspasm&data=05%7C02%7Chendrik.brockhau
> s%40siemens.com%7C2648d19820fa414a5df508dc39fc3253%7C38ae3bcd957
> 94fd4addab42e1495d55a%7C1%7C0%7C638449002537054144%7CUnknown
> %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
> wiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=8GDcrTjIUYByW6IOCnVvXAKW
> 7TC0qhhbPWkGPpHCEOI%3D&reserved=0

v2.23.0 | Report a Bug | By Email