IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesting a current CRL

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 08 October 2021 15:19 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 566403A00E1 for <spasm@ietfa.amsl.com>; Fri, 8 Oct 2021 08:19:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaoBa8sYBU13 for <spasm@ietfa.amsl.com>; Fri, 8 Oct 2021 08:19:42 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70059.outbound.protection.outlook.com [40.107.7.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17E333A0475 for <spasm@ietf.org>; Fri, 8 Oct 2021 08:19:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KIDGOVacAgdL52fQG/gahtfGajntQ+I4Tvkam+/iLyva8Zl95wRo4YooukHwhGn3EjXjCcjKbnjFeMCB1SQW8WwzqbdhDGe32HY2QfiaTZRkDF5szN3slIezBb6+3xvpjSfWep/q+si2yJbK9vMgX8ZgzAXwun+yX31CqD1ccnvCCUYYNOoL5H4L2feceE0mqmCUPdzn8cdNdpOQyQrbieUh46Ktfz6jxT76ULJuE14Ox5P1kUD5eOV4YyqtNIBqxcEmeIYXdDXNeyXAtSeGyAY+wteJdBu+CVgn/s1zCbR6Nx0TNrIfcj2H9MJkDW72yRapI6d30ksH+2xrctgwmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tZn+0vbwzE92oRra/M6eitP7jIJ8GBqrgYcdwDWvbYA=; b=iqx0UuarxtThMPLEzc+DIHQrMBfhvRZyRsH/kftKanTKcbbHBObiCY9qDZYujpNSFfkiNR+MmJYJ3NZ0d6UKwfQSY3xPcQKaJq4XqpGdJM+4hHpIEagNnv3y1gvRmu2slo3rXZWa2+A6UI36RRCI6z6JSQx1RWScjxcUKync9smGpq1EAGD26xxM122hkqqF4rDSnPqr+Q5oCblc6kJkhW3JYOy/pvIueMQZKeoOJdt/IpVyIl3jG96aFxNXi92Y+gnylkLDvhDuC6Ln+YYLTHvrdvp2aNohvC58O300obGNGyNla8xU46fhPZFLkGY49FT1xlUl3OKD6QNqE8SwYg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tZn+0vbwzE92oRra/M6eitP7jIJ8GBqrgYcdwDWvbYA=; b=V8lpNlgu8QrZ2jJKztwNAXOBXR2zkNs1XBYUyCNWZ7PTgWw+SPVkFMMPCgrDW8tODppl0OGTmYUnp8kAra29tC4d7ClKSl+T2H8CT4r5MjphR136x/uILucKTzviSXsn9cXDne9wOEAlobvaUertvFKxbj0jh/kspKHewxgzmBg=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2291.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e0::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Fri, 8 Oct 2021 15:19:37 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::dd30:5800:70a4:8b29]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::dd30:5800:70a4:8b29%5]) with mapi id 15.20.4587.020; Fri, 8 Oct 2021 15:19:37 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: "spasm@ietf.org" <spasm@ietf.org>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, John Gray <John.Gray@entrust.com>
Thread-Topic: [lamps] [EXTERNAL] Re: [CMP Updates] Requesting a current CRL
Thread-Index: AQHXu59CGogx/PCmf0qwFmmBtFhi4avIj6JAgACiGYCAAAShwA==
Date: Fri, 08 Oct 2021 15:19:37 +0000
Message-ID: <AM0PR10MB241887D39072B393C56FB28AFEB29@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <AM0PR10MB24181E0CB7F13C5969337F56FEB09@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <C81D6269-EA75-4A0F-9C47-63ED46BA43E0@vigilsec.com> <DM6PR11MB25853662F94B5B12933C23F9EAB09@DM6PR11MB2585.namprd11.prod.outlook.com> <VI1PR10MB24298128902B438BCAF406D4FEB19@VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM> <FD4EBC6E-77CE-4D96-8D9E-D929C27159D6@vigilsec.com> <AM0PR10MB2418E1DE7004C868C0E3AEA2FEB29@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <EDA2ACBF-E745-430A-A13F-A144B08125AC@vigilsec.com>
In-Reply-To: <EDA2ACBF-E745-430A-A13F-A144B08125AC@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-10-08T15:19:36Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=d9b5eed9-b2ab-4a78-831d-34eb7b9c09e8; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 03456cf7-52b4-46c5-6291-08d98a6f0ae8
x-ms-traffictypediagnostic: AM0PR10MB2291:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB2291E4C9AAC60D91C488D605FEB29@AM0PR10MB2291.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9X+32A8oIR2nW7NCko61h5UXzB3s2z0oXS/iaC3DkskHPPgMFMXjHVs+QugxKKEuOf2BxEQoiiKgaK2Okw10MyzALd61U41ipfeJJ972JJIMUyBXvxfscauktNP5kl3o4rtcKxVLeXWrlx8HV7cAz17NpOwrmDp7qx/rjfxIPUtJUDzNs9FItJCJ1A7uq73L52HEhCFBNnSOVVdlASFwF0Z6DoH1ue4pFaW45b1b2/+THtj0tInUH6F6ZbLcC8X+cfdUiUFN5Ydh/rSqo48uigw8DgesBpSATmpvrrqmq7MVEmrKAFZ0KSNimMT5GUUVM4DG4P3X7b9RulLYFpC0UoKmApZDORxd+95UOoZwJwj3PzyeHy8F1BsFZINzOGn2KS9gxduBfnBv9EueozBtWB5LYu2OZ0n2JJkQq64IgSmYMsCf/c/NqUTy30FZiZ6sdzC740KZwR/lYQAVCNqzmwkep97Oj9J95Wuw94lBRTgC6jvcuBoUScKy9R0SR5PwjWPSLbxZhmvCO4xPw9DEjwQlR6DvS5GPZ4iGgT+No52Kzu5jIe7AgJejpapLW5JLhACYEXkbKIozgk+As54WThTUjuVb2L0Odj44gh/JYWI7/OZXIM08F4UBcLkRIycz2usZ8sKg2oRe6WXxrmdbDg6foe6bPYHvhdMlNu+vG/y+pvOI9wl8MM6DcedrBvkkBXBPX8EakHNdtcDpVIX+E6Nqf9GfFK0kOOVr5pqRlc6dp4RuLo+pl8NTgFRhrT7erPmbxM2JEI0+9n6XClpIMK3u9/0/fqquhm2f3XK+e49B7mNbFV1voJqN8I2QyaopBg+WiXZ4v8XjFeDZdI1XHg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(30864003)(83380400001)(26005)(86362001)(66556008)(53546011)(7696005)(8936002)(8676002)(55016002)(54906003)(66476007)(66946007)(66446008)(9686003)(64756008)(6506007)(15650500001)(316002)(76116006)(2906002)(33656002)(5660300002)(6916009)(966005)(186003)(19627235002)(45080400002)(4326008)(38100700002)(508600001)(122000001)(71200400001)(38070700005)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Euv1/rNldLHGxPWd849053X/P8fT8Gs30A63ARK1O04BONzOn25NvXk3cMkG0nIb0KUC5YK6Co1f6NLjUnHJRnNNPuhOyvhREYmgza4WejF4lzv/zExdnaaSU7n4NohM61tITrydzvcrPHN/3okKUGYQsguMzaHrYSb5Zj44z1mdVm0zhdfC4vGb3EOq1HM+AlSYg3mwja9XeSzjDHUF57NQvFx+p06q/yngiSobxqWxFAanI6Ple2YdpsZtlAxmjM4BgOOm3mmu88k338G89NQcTFjDOoAj0g/46DYv8MQmi7huzBx6lvb3yT/pIvm0RcbSR28aQJq56fXOXDYLpYK/GH1u5wYzSUQn4VzgsTK13lAgzgOpmXohkPiStaY8d54IcEOhxolooNK+mpfyudsmI5POglk7pHUHEwDGlZSlISoSJZIN4E67IkYwaQOoFY3kpfsZJEvyUxpetHc92lvktnL/VGRNrly+i7XIGxby/38+ZyP32W+DFgt9+fbqQeDIgeli3CcBBAWlU/jgQBUT1uGPeK0EKhXiLufqMXxfjjQNqRKcgm0vvTB8mCqjRmMrYR9hyJ7CDYzS8uSa6JmsApf04CJXFfpS+LhWwMe0OCh6wyIUxr1zC4h+9uccpysyZECdYdVGDYpZDN+CLQo/9Y7qfEwmnbrrePj3/cot0IHBo9EPgBgfnYnyaOjbQ2BaLGlE0F3OtzyEcLRfgY4kkYhw4CEGXznbhG4mwkkFRqhIcv8lUtFtKa29SU9n6GyHGPo9fxiRcEsRzXA9RAfbQVDJsiuePg3u6fOd+xJkQw6KzvOXxNIX7ugINU+CDNGeYDz2LKJeJEVrIBAvRR4hQpc4PTV+qi7RYFeribEB628IqgnPMFv3ZAb3VoXPVKUZKuOXrHIqVo808h0KPQ76kGMgpbGWurQWLANftOEAPolGElydAfe3xKaQ1ufs39btOxDRY8lHmJutN1JGqRPG8M7Z8tHu8rhrNQe+ryYWA5vnSu50dDxNzmnw0+Pi2iIVGHUcSMn057ceRT9l5WxkUAT+X+en7reMcxP+65Fojbd0YB1TjbhjtaL17sFMkrN7B8KnYTuHQJNJ0eU7IOtWjwDVm8x5zvjKqx8k5/EWofuuwr6goaqVp1NSsxOTiqnWVOWpG8p+RsCb0R2Kle7acaH05SN7CxqXYsszQDYXP0i9Fc5Q7ZDDpDpe1GNT5kdDWOL3MNzSTVxmAzirbcPlntiod3RbM7h3Htn4NvDcYE/Ub/Sqt6sqnRwozk+hZkQSJOIC/FDvVCjBDyF+POWJtgl0gnf/U0qU999lA/cIloofBKdVvWWM9r6Zcmn2
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 03456cf7-52b4-46c5-6291-08d98a6f0ae8
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2021 15:19:37.7141 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CeeGlsNpfcBw1fQAOMvGrW9nArpHyx6MDu9s41KIk68Ff7n74CD1ThTkGIOuMrBWJZv/mWnE5I8qcNKR7fbCIXxbmXsU47HBLLkRWHJ0V18=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2291
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DSm7jpWcf3Ys-y50Lycrxe7Rvs4>
Subject: Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesting a current CRL
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 15:19:48 -0000

Russ

Thank you for this explanation.

> Von: Russ Housley <housley@vigilsec.com>
> Gesendet: Freitag, 8. Oktober 2021 16:55
> 
> Hendrik:
> 
> It is clear to me that either one will work.  The better approach to me depends
> on the better impact on existing code.
> 
> In Option 1A:
> 
>    if the client does not send CrlThisUpdate, then the server acts exactly as RFC
> 4210.
> 
>    If the server responds with <absent>, which is not permitted in RFC 4210, it is
> unclear to me what a client implementation will do.

The server should only answers with <absent> in case CrlThisUpdate was provided in the request. In this case the client indicates that it knows the updated syntax. Therefore, I thought it is backward compatible.

> 
> In Option 1B:
> 
>    Section 5.3.19 of RFC 4210 does not offer much assistance; it explains the
> syntax, but no real help about when <absent> is acceptable or unacceptable.  I
> do not know how CMP implementations really handle this.  So, defining a new
> InfoTypeAndValue should avoid concerns with the change:
> 
> 	OLD:
> 
> 		GenRep: {id-it 6}, CertificateList
> 
> 	NEW:
> 
> 		GenRep: {id-it 6}, CertificateList  |  < absent >

I tried to find any indication in the ASN.1 module, but it looks like the ASN.1 module dies not differ if <absent> is allowed or not.
Your proposal is to define a new OID with this update, right?
Finally, if you think we should do this to be on the safe side, we could also use it together with CrlThisUpdate.
I just wanted to prevent to define new ITAV if not necessary.

Hendrik

> 
> > On Oct 8, 2021, at 1:37 AM, Brockhaus, Hendrik
> <hendrik.brockhaus@siemens.com> wrote:
> >
> > Russ
> >
> > You are right. Chaining general messages is not the intend of RFC 4210 Section
> 5.3.19. Therefore, I agree dropping Option 2.
> >
> > Option 1A and 1B both use a single general message transaction. The
> difference is how thisUpdate time is provided by the EE.
> > Option 1A uses the generalInfo field. As I understand you proposal, Option 1B
> uses the body of the GenMsg.
> >
> > RFC 4210 Section 5.1.1 specifies the generalInfo file like this:
> >
> >   The generalInfo field may be used to send machine-processable
> >   additional data to the recipient.  The following generalInfo
> >   extensions are defined and MAY be supported.
> >
> > CMP Updates already specifies two new ITAV to be carried in the generalInfo
> field in Section 2.4 and 2.5. Theses new ITAV are used in the Lightweight CMP
> Profile together with general messages. Therefore, I preferer Option 1A using
> the same approach for requesting CRLs.
> >
> > Hendrik
> >
> >> Von: Russ Housley <housley@vigilsec.com>
> >> Gesendet: Donnerstag, 7. Oktober 2021 19:16
> >>
> >> Hendrik:
> >>
> >> After a quick skim of Section 5.3.19 of RFC 4210, I do not see any
> >> other uses of PKI General Message Content where the value provided
> >> with one request has an impact on the response provided by another.  For
> this reason, I prefer Option 1B.
> >>
> >> Russ
> >>
> >>
> >>> On Oct 7, 2021, at 10:27 AM, Brockhaus, Hendrik
> >> <hendrik.brockhaus@siemens.com> wrote:
> >>>
> >>> Thanks to John for his support and to Russ for his proposal.
> >>>
> >>> I had a slightly different approach in mind as Russ described. So I
> >>> would name
> >> the approach presented by Russ Option 1B and mine Option 1A.
> >>>
> >>> Option 1A would work like this:
> >>>
> >>> New Section:
> >>> 5.1.1.X.  CrlThisUpdate
> >>>
> >>>  This is used by the EE to inform the CA  about the thisUpdate of
> >>> the  most recent CRL it knows.
> >>>
> >>>        crlThisUpdate OBJECT IDENTIFIER ::= {id-it TBD}
> >>>        CrlThisUpdate ::= Time
> >>>
> >>> Updated Section:
> >>> 5.3.19.6.  CRL
> >>>
> >>>  This MAY be used by the client to get a copy of the latest CRL.
> >>>
> >>>     GenMsg:    {id-it 6}, < absent >
> >>>     GenRep:    {id-it 6}, CertificateList  |  < absent >
> >>>
> >>>  If crlThisUpdate is contained in the generalInfo field of the
> >>> GenMsg, the  CA MUST only return a more current CRL.
> >>>
> >>> Are there any preferences in the WG?
> >>>
> >>> Hendrik
> >>>
> >>>> Von: John Gray <John.Gray@entrust.com>
> >>>> Gesendet: Mittwoch, 6. Oktober 2021 23:45
> >>>>
> >>>> Yes, that is exactly what we are suggesting.
> >>>>
> >>>> As you know CRL's can become very large, and it would be a pity to
> >>>> ask for the latest CRL, only to find out we already had the latest
> >>>> CRL.  😊 We had also discussed possibly using a hash of the CRL
> >>>> instead of the time value, but that would cost an extra hash
> >>>> operation and we agreed thisUpdate should be good enough.  I
> >>>> wouldn't expect a CA to be fast enough to issue updated CRL's
> >>>> within
> >>>> 1 second of each other (thus having the same thisUpdate date).
> >>>>
> >>>> Cheers,
> >>>>
> >>>> John Gray
> >>>>
> >>>> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> >>>> Sent: Wednesday, October 6, 2021 12:23 PM
> >>>>
> >>>> RFC 4210 says:
> >>>>
> >>>> 5.3.19.6.  CRL
> >>>>
> >>>>  This MAY be used by the client to get a copy of the latest CRL.
> >>>>
> >>>>     GenMsg:    {id-it 6}, < absent >
> >>>>     GenRep:    {id-it 6}, CertificateList
> >>>>
> >>>> I think you are suggesting something like this for Option 1:
> >>>>
> >>>> 5.3.19.X.  Conditional CRL Retrieval
> >>>>
> >>>>  This MAY be used by the client to get a copy of the latest CRL if
> >>>> a newer one is available.
> >>>>
> >>>>     GenMsg:    {id-it TBD}, Time
> >>>>     GenRep:    {id-it TBD}, CertificateList | < absent >
> >>>>
> >>>> Where, Time is the thisUpdate of the most recent CRL known to the client.
> >>>>
> >>>> If that is the suggestion, then Option 1 seems to follow the
> >>>> general design in RFC 4210.  See Section 5.3.19.1 as an example.
> >>>>
> >>>> Russ
> >>>>
> >>>>
> >>>>> On Oct 6, 2021, at 11:53 AM, Brockhaus, Hendrik
> >>>> <hendrik.brockhaus@siemens.com> wrote:
> >>>>>
> >>>>> There are situations where CMP is used on networks that do not
> >>>>> offer http or
> >>>> coap, but other transport protocols specified at IEEE or IEC.
> >>>>> In such case we use the general message as defined in RFC 4210
> >>>>> Section
> >>>> 5.3.19.6
> >>>>
> >> (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fda
> >> tatrac
> >> ker.ietf.org%2Fdoc%2Fhtml%2Frfc4210%23section-
> >>
> 5.3.19.6&amp;data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2a1f8
> >>
> 11b31124e63d01b08d989b63743%7C38ae3bcd95794fd4addab42e1495d55a%7
> >>
> C1%7C0%7C637692238717449200%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> >>
> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&a
> >>
> mp;sdata=4E9ffpU0dgD29BYAx9rqOX5tN0ObW1X7dsALJd3EABI%3D&amp;reser
> >> ved=0) for requesting CRLs.
> >>>>> Currently the CMP server always send its most current CRL,
> >>>>> regardless if the
> >>>> CMP client already has this CRL.
> >>>>> To avoid sending the same CRL multiple times, we would like to
> >>>>> extend the
> >>>> mechanism sending only more current CRLs than the CMP client already
> has.
> >>>>>
> >>>>> Together with John Gray from Entrust, who we also like to add as
> >>>>> co-author to
> >>>> the CMP Updates Draft, we discussed mainly two implementation options.
> >>>>>
> >>>>> Option 1:
> >>>>> Define a new generalInfo field to be provided in the request
> >>>>> messages header
> >>>> of the general message specified in RFC 4210 Section 5.3.19.6. This
> >>>> ITAV shall contain the thisUpdate time of the most current CRL the
> >>>> CMP client has. The CMP server shall return its CRL if it is more
> >>>> current and otherwise with an empty body.
> >>>>>
> >>>>> Option 2:
> >>>>> Define a new general message type. Sending this new general
> >>>>> message, the
> >>>> CMP client requests the thisUpdate time of the most current CRL the
> >>>> CMP server has. If this is more current than the most current CRL
> >>>> the CMP client has, it requests this CRL using the general message
> >>>> specified in RFC 4210 Section 5.3.19.6.
> >>>>>
> >>>>> The authors would prefer option 1. What is the opinion of the WG?
> >>>>>
> >>>>> BTW, this is the last open issue of this draft. The authors hope
> >>>>> that the next
> >>>> update will be the last before WGLC.
> >>>>>
> >>>>> Hendrik
> >>>>>
> >>>>>
> >>>>> Siemens AG
> >>>>> Technology - Research in Digitalization and Automation Security
> >>>>> Architecture mailto:hendrik.brockhaus@siemens.com
> >>>>>
> >>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> >>>>> ur
> >>>>> ld
> >>>>> efense.com%2Fv3%2F__http%3A%2F%2Fwww.siemens.com__%3B!!FJ-
> >>>> Y8qCqXTj2!K3
> >>>>>
> >>>>
> >>
> &amp;data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a53f27
> >>>> 42e2
> >>>>>
> >>>>
> >>
> 6fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63
> >>>> 769153
> >>>>>
> >>>>
> >>
> 5123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> >>>> V2luMzI
> >>>>>
> >>>>
> >>
> iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Wzag2sbqWIEuWaJ
> >>>> 4tUuNi
> >>>>> VokUg6Bb%2BdDq7OyXroN43k%3D&amp;reserved=0
> >>>>> 2dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05-
> >>>> FtMawTzDIEdSOymuy8K9aaZnA$
> >>>>>
> >>>>> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
> >>>>> Hagemann Snabe; Managing Board: Roland Busch, Chairman, President
> >>>>> and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P.
> >>>>> Thomas, Judith Wiese; Registered offices: Berlin and Munich,
> >>>>> Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300,
> >>>>> Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
> >>>>>
> >>>>> _______________________________________________
> >>>>> Spasm mailing list
> >>>>> Spasm@ietf.org
> >>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> >>>>> ur
> >>>>> ld
> >>>>>
> >>>>
> >>
> efense.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo
> >>>> %2F
> >>>>>
> >>>>
> >>
> spas&amp;data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a5
> >>>> 3f27
> >>>>>
> >>>>
> >>
> 42e26fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%
> >>>> 7C6376
> >>>>>
> >>>>
> >>
> 91535123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
> >>>> QIjoiV2l
> >>>>>
> >>>>
> >>
> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=sWEzRWabxIrH
> >>>> U2Ry4
> >>>>> 2sy2YZewT7kDNOq1lIMP9ymOAE%3D&amp;reserved=0
> >>>>> m__;!!FJ-
> >> Y8qCqXTj2!K32dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05-
> >>>> FtMaw
> >>>>> TzDIEdSOymuy8xYOrR-E$
> >>>>
> >>>> _______________________________________________
> >>>> Spasm mailing list
> >>>> Spasm@ietf.org
> >>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu
> >>>> rl
> >>>> defens
> >>>>
> >>
> e.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsp
> >>>> asm__%3B!!FJ-
> >>>> Y8qCqXTj2!K32dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05-
> >>>> FtMawTzDIEdSOymuy8xYOrR-
> >>>>
> >>
> E%24&amp;data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a
> >>>>
> >>
> 53f2742e26fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1%
> >>>>
> >>
> 7C0%7C637691535123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> >>>>
> >>
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;s
> >>>>
> >>
> data=mZrMYo45HQGV0FLd8f6TfQKNLgeS0s420sJpXUvaVVM%3D&amp;reserve
> >>>> d=0
> >>>> Any email and files/attachments transmitted with it are
> >>>> confidential and are intended solely for the use of the individual
> >>>> or entity to whom they are addressed. If this message has been sent
> >>>> to you in error, you must not copy, distribute or disclose of the
> >>>> information it contains. Please notify Entrust immediately and
> >>>> delete the message from
> >> your system.
> >>> _______________________________________________
> >>> Spasm mailing list
> >>> Spasm@ietf.org
> >>>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> >>>
> >>
> ietf.org%2Fmailman%2Flistinfo%2Fspasm&amp;data=04%7C01%7Chendrik.broc
> >> k
> >>>
> >>
> haus%40siemens.com%7C2a1f811b31124e63d01b08d989b63743%7C38ae3bcd
> >> 95794f
> >>>
> >>
> d4addab42e1495d55a%7C1%7C0%7C637692238717459201%7CUnknown%7CT
> >> WFpbGZsb3
> >>>
> >>
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> >> D%7
> >>>
> >>
> C3000&amp;sdata=XdAzbm5lVFFCWz0bC0FmrwJT3APVOChsXe4SAZa5LkE%3D&
> >> amp;res
> >>> erved=0
> >
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> >
> ietf.org%2Fmailman%2Flistinfo%2Fspasm&amp;data=04%7C01%7Chendrik.broc
> k
> >
> haus%40siemens.com%7C20647c6817d644d3bae008d98a6ba4a6%7C38ae3bcd
> 95794f
> >
> d4addab42e1495d55a%7C1%7C0%7C637693017805521807%7CUnknown%7CT
> WFpbGZsb3
> >
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7
> >
> C3000&amp;sdata=4bcIohNWsDgGugoLRr59S7G24wo0fvUjSrJ4HIhdfmw%3D&a
> mp;res
> > erved=0

v2.23.0 | Report a Bug | By Email