[lamps] Robert Wilton's No Objection on draft-ietf-lamps-lightweight-cmp-profile-16: (with COMMENT)
Robert Wilton via Datatracker <noreply@ietf.org> Thu, 01 December 2022 12:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BD2C14CE29; Thu, 1 Dec 2022 04:00:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-lightweight-cmp-profile@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, housley@vigilsec.com, housley@vigilsec.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <166989605927.51656.11967886597730716693@ietfa.amsl.com>
Date: Thu, 01 Dec 2022 04:00:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/CXveVPS0d2TenkWkW71E3x8IfKc>
Subject: [lamps] Robert Wilton's No Objection on draft-ietf-lamps-lightweight-cmp-profile-16: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 12:00:59 -0000
Robert Wilton has entered the following ballot position for draft-ietf-lamps-lightweight-cmp-profile-16: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-lightweight-cmp-profile/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi, Thanks for this document. I just have a couple of comments: (1) p 7, sec 1.5. Use of CMP in SZTP and BRSKI Environments In Secure Zero Touch Provisioning (SZTP) [RFC8572] and other environments using NETCONF/YANG modules, SZTP-CSR [I-D.ietf-netconf-sztp-csr] offers a YANG module that includes different types of certificate requests to obtain a public-key certificate for a locally generated key pair. One option is using a CMP p10cr message. Such a message is of the form ietf-ztp-types:cmp- csr from module ietf-ztp-csr and offers both proof-of-possession and proof-of-identity. To allow PKI management entities to also comply with this profile, the p10cr message MUST be formatted by the EE as described in Section 4.1.4 of this profile, and it MAY be forwarded as specified in Section 5.2. Given the MUST statement above, should this document "update" ietf-netconf-sztp-csr? (2) p 7, sec 1.5. Use of CMP in SZTP and BRSKI Environments In Bootstrapping Remote Secure Key Infrastructure (BRSKI) [RFC8995] environments, BRSKI-AE: Alternative Enrollment Protocols in BRSKI [I-D.ietf-anima-brski-ae] describes a generalization regarding the employed enrollment protocols to allow alternatives to EST [RFC7030]. For the use of CMP, it requires adherence to this profile. Similar to my comment above, should the "requires adherence" be "MUST adhere", and should this document "update" (BRSKI) [RFC8995]? Thanks, Rob
- [lamps] Robert Wilton's No Objection on draft-iet… Robert Wilton via Datatracker
- Re: [lamps] Robert Wilton's No Objection on draft… Brockhaus, Hendrik