IETF Logo Mail Archive

Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt

David von Oheimb <David.von.Oheimb@siemens.com> Tue, 05 April 2022 16:47 UTC

Return-Path: <david.von.oheimb@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF063A0B21 for <spasm@ietfa.amsl.com>; Tue, 5 Apr 2022 09:47:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uiyQcI9_WBeX for <spasm@ietfa.amsl.com>; Tue, 5 Apr 2022 09:47:14 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0626.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::626]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 903523A0C1F for <spasm@ietf.org>; Tue, 5 Apr 2022 09:47:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W7TFTmYgcloYxR2l3jSwekKkQw4MekeBFOr0eQHm5mkq482neKo4J7MWS8gTRFXC8Z8EGMTd6A0HAaSWQdw2w8ccRSfl9GLCoaR4K9zk1csC1sJRWpWwel7oPLdKD9TuTzEaox5GnlNVruu/CORyj/PRDgSWZaI6/099kAR5gSflsKs0AQha6F2fMXaXryplJwIaM6fREDBLc9DiZ60TGqjsNk4hu7PA1vX08CpQuuZfT24iUHWX4ACZmzfGn890yu/LvE1+nBSHAOyPIXGhHjJoeKF3yR/hy0GuPkWGwJtQW2wOsqRzu/ekE1S7M/Rs8WFwIWPuzP7I5svtq6bo2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fZSsvdLLzgdhXGyUjs5U1SnKxG+JhZppk4lNNo5AKiY=; b=hxXv1Hi8DuHV0T/bTnCfOZhgYXQqOAIczfD5HFOkQsLrqghFkL2adPhOACfFx26sUvAI5WkgCuoLYIEKbkYiNcKR2El03Xp+b5UNIWbNI0jjMLVLTJjIDX8ir54X4UZYusG89CO3dNuAgjstTUPO9yIW7+s5ePfx5LXYEBX3/pPnzVOgpndoL8ar+/38om3oo7Wj7vCLeCtqpDRrfc7WxSRN/bs+bDfx2CPi4qRHwZ+PSTMOKKiD0/wOKi2QQgL0sFQ1A6XG2Aq9ULmZvAI9bczTcKa6zahFWkS0SWmc6XHuMSl+Zpt1peTErlvauq9BixNs4LVMeDj2+x3R6N2mJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.73) smtp.rcpttodomain=vigilsec.com smtp.mailfrom=siemens.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fZSsvdLLzgdhXGyUjs5U1SnKxG+JhZppk4lNNo5AKiY=; b=LsSXdBy3a299JqXZm7jLziL5c/bRM50w2c8ZLBOU5Dlfn2pFA/4aIpaRMItwFChEJ/KnW6MnIm85BB/OfVG6AfSFJsub7ln+g6ikzsekBUSFohoG0pfzWoaF3yvMwFWkPGcH/Mduby0lCniUn6LjPSNicEFQ2AQuCfyz9PyiN2alsLQKESoD6rbxLTxno9LuUzWQRMxisTlNmfbF1XmZUJXc9YAjk5e7hWO6b0/0zefaKLzK0taKsyJpCCPcLwLVHfDuMx25WFfqBXqD4cmFeRGt1Qk0ut6VrTFHcp5dvZa4m2wi+Ag1p3dQY9AlnL2tkdioXUw1i1s5Ll7vk6++2Q==
Received: from OL1P279CA0061.NORP279.PROD.OUTLOOK.COM (2603:10a6:e10:15::12) by AS8PR10MB4775.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:33f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Tue, 5 Apr 2022 16:47:08 +0000
Received: from HE1EUR01FT049.eop-EUR01.prod.protection.outlook.com (2603:10a6:e10:15:cafe::c5) by OL1P279CA0061.outlook.office365.com (2603:10a6:e10:15::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.13 via Frontend Transport; Tue, 5 Apr 2022 16:47:08 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.73) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com;
Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.73 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.73; helo=hybrid.siemens.com;
Received: from hybrid.siemens.com (194.138.21.73) by HE1EUR01FT049.mail.protection.outlook.com (10.152.0.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5123.19 via Frontend Transport; Tue, 5 Apr 2022 16:47:08 +0000
Received: from DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) by DEMCHDC9SNA.ad011.siemens.net (194.138.21.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 5 Apr 2022 18:47:07 +0200
Received: from [139.22.40.199] (139.22.40.199) by DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 5 Apr 2022 18:47:07 +0200
Message-ID: <39d4e94a2be2b1a22317b9821f331bb8bca06971.camel@siemens.com>
From: David von Oheimb <David.von.Oheimb@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS WG <spasm@ietf.org>
Date: Tue, 5 Apr 2022 18:47:06 +0200
In-Reply-To: <997A2058-20B5-4B95-AFFA-22FB145D798D@vigilsec.com>
References: <164667410940.12091.15394112688281514126@ietfa.amsl.com> <15416.1646681868@localhost> <D095D84D-9633-44BB-AA6F-440B8BC00F68@sn3rd.com> <5cfb6e20b225da072695a4f13088a8065203ca4e.camel@siemens.com> <9649E03B-99A8-420C-8D56-CC0CD0E5F8F8@vigilsec.com> <230008b3fdb35674f01eb37145a9e979d35a74b2.camel@siemens.com> <997A2058-20B5-4B95-AFFA-22FB145D798D@vigilsec.com>
Content-Type: multipart/alternative; boundary="=-+YQIHBaQ9Ao1OBW8DFtZ"
User-Agent: Evolution 3.38.3-1
MIME-Version: 1.0
X-Originating-IP: [139.22.40.199]
X-ClientProxiedBy: DEMCHDC8A0A.ad011.siemens.net (139.25.226.106) To DEMCHDC8A0A.ad011.siemens.net (139.25.226.106)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 79282219-4c21-4d85-707c-08da1723ec3e
X-MS-TrafficTypeDiagnostic: AS8PR10MB4775:EE_
X-Microsoft-Antispam-PRVS: <AS8PR10MB4775F145A7192E40A95826B4D2E49@AS8PR10MB4775.EURPRD10.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: uX+qOg190DjYfsB0ioPaIJTwXtVpUNR/0BP8J0P8jmaGKY5aEYm/3d1XfF8TpCMMVOf13jgVQ9J7jq8yN5ohSx1l6vamcnu8HvIN+BF2xAWNErkDLVgPrcg3riTEy2GJVKWVdrq9vFDyX0ho3cH2KRaj4Eodh1nN7inwsWOV3Y2xBVD93Qqn5MQNTeb0xGnjwOjBaeopIzU8PfBNDfCkSpXmlAuAqehz0DbfGSXqyI7nbUvpjwANeaYffo3VJd+XDgRrPbEcsW/5bUv845SVy2+IpmAx7aldyAbS2aLb2kzlhDa2VB+H6u+ap1db2UXWdaHEHSHlxZrWPA/7ew90vz5K45p2lIj7py+7G8n/xulabq2iUUTnTDfr5snOKogpq3dz/CJdg0VnXOPYQLXBCPACXdlVLdCeoZgaPVsCj4c6dmgIJRFiDzIkf3VIiq65599WGyJTkWW2MV07YYjtFLsG2qTLl3SGKYtb94afjJ/u3ht9qBoPwW0Z0cgkfM3eabe+QdVZuL0cP+9X1QyzBbv6Hpd+Fx1/wSw/7HLUv3apgtQU7nIu84/swncBQFe34kfcP9urRdvfFXbnZ4oYc9rZ9vcF5o7QakL/6QHqtJnAhcXLii7rcb4dDXHItm6W3ZlmEmAL+TetFmzJrW4c/CbGsqOLqhsG8eLgt1+vouqnf8Bh4ABkp8/VznPtJkBAIQlgdj7j33Pmc7lzoL6WqJv4cjuheWiimbzJt7Jwj4ADjW0JQB7m/5CafUEmkAhThbZgTWSLWyIi7RcedHZInJO5YppeU8SKcwlDtdoALdWEssOfBuB6HMC8WZ3BafAg
X-Forefront-Antispam-Report: CIP:194.138.21.73; CTRY:DE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:hybrid.siemens.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(4326008)(508600001)(19627235002)(70586007)(6706004)(6916009)(86362001)(956004)(966005)(16576012)(336012)(16526019)(36756003)(186003)(70206006)(26005)(83380400001)(8676002)(2616005)(47076005)(8936002)(2906002)(81166007)(5660300002)(82310400005)(316002)(82960400001)(53546011)(356005)(40460700003)(30864003)(33964004)(36860700001)(166002)(3940600001)(36900700001)(579004); DIR:OUT; SFP:1101;
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2022 16:47:08.0374 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 79282219-4c21-4d85-707c-08da1723ec3e
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; Ip=[194.138.21.73]; Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT049.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB4775
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GQK6HYav36PFdZmWMwiHhC3Onno>
Subject: Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 16:47:19 -0000

On Tue, 2022-04-05 at 11:57 -0400, Russ Housley wrote:

> I do not understand why my approach leads to a backward compatibility
> concern.

The problem hides in the part

> the values indicating the particular attributes desired to be included
> in the resulting certificate's extensions

and essentially is the same issue I also addressed earlier today:

> > The question is which kind of values (of type
> > ATTRIBUTE.&Type({IOSet}{@type}) ) should be given
> > in case the OID  (of type  ATTRIBUTE.&id({IOSet})) is
> > 1.2.840.113549.1.9.14 extensionRequest:
> > Is each such value supposed to be 
> > 1. an OID of an X.509 extension, such as 1.3.6.1.1.1.1.22
> > (macAddress), without a value, or
> > 2. an actual X.509 extension of the existing type Extension (or
> > Extensions) as defined in RFC 5280 section 4.1,
> >     for example the OID 1.3.6.1.1.1.1.22 followed by the 'critical'
> > flag and its actual value encoded as an OCTET STRING
> > 
> > Note that for syntactic and semantics reasons you cannot have both -
> > either 
> > 1. the example given in RFC 7030 was correct, then no X.509
> > extension value can be given by the server, or
> > 2. the example was wrong, and a value must be given by the server. 
> >     Yet the OCTET STRING could be the empty string to indicate that
> > the client should fill in the real value.
> >     [...]
> > 
> > The latter option is obviously more expressive, but note that this
> > contradicts the example of RFC 7030, 
> > and thus chances are high that (most) existing EST implementations
> > chose the first option, which is not compatible with the second.

I agree with:

> Only if the same OID is being used in more than one way by different
> implementations is there a concern.
> If we can list those, we might be able to just document the preferred
> approach and note the other things that are seen in the wild.

Yet as I wrote, I fear there are EST implementations that take the value
of each extensionRequest Attribute simply as an OID with no value
provided by the server,
which is not compatible with the goal of being able to express for each
extensionRequest Attribute, where needed, an actual X.509 extension with
a value provided by the server
(each being a structure having an OID, the criticality flag, and the
encoded value).

I also agree with most of the points you wrote earlier today, except for
this one:

> - the EST server requires POP information

There is no need for the server to specify this, simply because the
PKCS#10 structure to be sent by the client anyway needs to be self-
signed, yielding the POP.

 David

> 
> > On Apr 5, 2022, at 10:31 AM, David von Oheimb
> > <David.von.Oheimb@siemens.com> wrote:
> > 
> > The problem space is a little more tricky:
> > 
> > * Backward compatibility is an important aim.
> > 
> >   In case it turns out that compatibility anyway needs to be
> > abandoned,
> >   I'd suggest the following straightforward fully to-the-point type,
> >   which does not require any (direct) OIDs:
> > 
> > CsrAttrs ::= SEQUENCE {
> > subject Name OPTIONAL,
> > extensions SEQUENCE OF Extension, /* use empty extnValue for those
> > extensions to be filled in by client */
> > challengePassword BOOLEAN,
> > keySpec [0] KeySpec OPTIONAL,
> > hashAlg [1] AlgorithmIdentifier OPTIONAL
> > 
> > }
> > 
> > 
> > * The ambiguity between the server specifying required X.509
> > extension OIDs or actual X.509 extension values needs to be sorted
> > out, on a per-extension basis.
> >    That is, it should be made possible to specify a set of
> > extensions to be included in the CSR, where for each of them the
> > server may provide the value or not.
> > 
> > David
> > 
> > On Tue, 2022-04-05 at 10:00 -0400, Russ Housley wrote:
> > > I would like to up-level this discussion.  Since the CrsAttrs is
> > > flexible enough that more than one way to use it has been
> > > described for the very same CSR information, I suspect that what
> > > we need is to specify conventions for the CSR information that
> > > people are actually using.  And, we can add more in the future if
> > > needed.
> > > 
> > > Looking to RFC 7030, there are several cases that are discussed in
> > > Section 4.5.2:
> > > 
> > > - the CA requires a particular crypto system
> > > 
> > > - the CA requires use of a particular signature scheme
> > > 
> > > - the EST server requires the linking of identity
> > > 
> > > - the EST server requires POP information
> > > 
> > > And, for some of the above, it includes guidance:
> > > 
> > > -  Requests to use a particular signature scheme (e.g. using a
> > >    particular hash function) are represented as an OID to be
> > > reflected
> > >    in the SignatureAlgorithm of the CSR
> > > 
> > > -  Requests to use a particular
> > >    crypto system (e.g., certification of a public key based on a
> > > certain
> > >    elliptic curve) are represented as an attribute, to be
> > > reflected as
> > >    the AlgorithmIdentifier of the SubjectPublicKeyInfo, with a
> > > type
> > >    indicating the algorithm and the values indicating the
> > > particular
> > >    parameters specific to the algorithm
> > > 
> > > -  Requests for descriptive
> > >    information from the client are made by an attribute, to be
> > >    represented as Attributes of the CSR, with a type indicating
> > > the
> > >    [RFC2985] extensionRequest and the values indicating the
> > > particular
> > >    attributes desired to be included in the resulting
> > > certificate's
> > >    extensions
> > > 
> > > So, can we list various CSR information that people actually use
> > > or want to use, and then specify conventions for each one.
> > > 
> > > The convention should say what the EST server puts in this
> > > structure, and the expected result in the CSR if the EST client
> > > understands that OID.
> > > 
> > > Russ
> > > 
> > > 
> > > > On Apr 5, 2022, at 8:30 AM, David von Oheimb
> > > > <David.von.Oheimb@siemens.com> wrote:
> > > > 
> > > > As I wrote earlier, the way CSRattrs are defined for EST in RFC
> > > > 7030 section 4.5.2:
> > > > 
> > > > CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
> > > > 
> > > > AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute
> > > > }
> > > > 
> > > > Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
> > > > type ATTRIBUTE.&id({IOSet}),
> > > > values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) }
> > > > 
> > > > is 
> > > > 
> > > > * pretty incomprehensible, at least for ASN.1 non-experts
> > > > * very ambiguous: how to interpret bare OIDs and attribute type
> > > > OIDs that the server my throw in is not really defined, apart
> > > > from a few hints and examples,
> > > >   and it is left entirely open which values are allowed for
> > > > which attribute type OIDs
> > > > * not fully expressive: at least subject DNs (or parts of them)
> > > > cannot be specified
> > > > 
> > > > Moreover, as recently discussed here again, the example given in
> > > > RFC 7030 for the macAddress extension was pretty unfortunate in
> > > > the sense that
> > > > it seemed to preclude the case that an actual extension value is
> > > > given by the server, while I agree with Sean that the above
> > > > weird ASN.1 syntax should allow for that.
> > > > 
> > > > 
> > > > On Tue, 2022-03-29 at 13:31 -0400, Sean Turner wrote:
> > > > > 
> > > > > So that base64 blob turns into the following (this is not
> > > > > actual ASN.1. I trimmed SEQUENCE -> SEQ, OBJECT IDENTIFIER ->
> > > > > OID, etc. to make it prettier)
> > > > > 
> > > > > SEQ (4 elem)
> > > > >   OID 1.2.840.113549.1.9.7 challengePassword (PKCS #9)
> > > > >   SEQ (2 elem)
> > > > >     OID 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key
> > > > > type)
> > > > >     SEQ OF (1 elem)
> > > > >       OID 1.3.132.0.34 secp384r1 (SECG (Certicom) named
> > > > > elliptic curve)
> > > > >   SEQ (2 elem)
> > > > >     OID 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via
> > > > > CRMF)
> > > > >     SEQ OF (1 elem)
> > > > >       OID 1.3.6.1.1.1.1.22
> > > > >   OID 1.2.840.10045.4.3.3 ecdsaWithSHA384 (ANSI X9.62 ECDSA
> > > > > algorithm with SHA384)
> > > > > 
> > > > > What I am saying is either:
> > > > > 
> > > > > a) The PKCS #9 via CRMF extensionRequest attribute should have
> > > > > had a properly encoded attribute when it was sent to the
> > > > > client. I mean strictly speaking the extensionRequest does
> > > > > include a type/value where type=extensionRequest and value=OID
> > > > > for macAdddress. BUT, the macAddress attribute also has a
> > > > > type/value that should have been included. This is how the
> > > > > attribute is defined (loosely):
> > > > > 
> > > > >         ( nisSchema.1.22 NAME 'macAddress'
> > > > >           DESC 'MAC address in maximal, colon separated hex
> > > > >                 notation, eg. 00:00:92:90:ee:e2'
> > > > >           EQUALITY caseIgnoreIA5Match
> > > > >           SYNTAX 'IA5String{128}' )
> > > > > 
> > > > > We really shouldn’t have just dropped the value part of the
> > > > > attribute/extension carried in extensionRequest.  We could
> > > > > have said set the macAddress to “00" and then the client could
> > > > > include their actual mac address. But alas, we didn’t.
> > > > 
> > > > 
> > > > The question is which kind of values (of type
> > > > ATTRIBUTE.&Type({IOSet}{@type}) ) should be given
> > > > in case the OID  (of type  ATTRIBUTE.&id({IOSet})) is
> > > > 1.2.840.113549.1.9.14 extensionRequest:
> > > > Is each such value supposed to be 
> > > > 1. an OID of an X.509 extension, such as 1.3.6.1.1.1.1.22
> > > > (macAddress), without a value, or
> > > > 2. an actual X.509 extension of the existing type Extension (or
> > > > Extensions) as defined in RFC 5280 section 4.1,
> > > >     for example the OID 1.3.6.1.1.1.1.22 followed by the
> > > > 'critical' flag and its actual value encoded as an OCTET STRING
> > > > 
> > > > Note that for syntactic and semantics reasons you cannot have
> > > > both - either 
> > > > 1. the example given in RFC 7030 was correct, then no X.509
> > > > extension value can be given by the server, or
> > > > 2. the example was wrong, and a value must be given by the
> > > > server. 
> > > >     Yet the OCTET STRING could be the empty string to indicate
> > > > that the client should fill in the real value.
> > > >     The Lightweight CMP Profile also employs this trick of using
> > > > an empty extnValue
> > > >     in its section 4.3.3. (Get certificate request template):
> > > >  
> > > >
> > >
> >
>   https://datatracker.ietf.org/doc/html/draft-ietf-lamps-lightweight-cmp-profile#section-4.3.3
> > > > 
> > > > The latter option is obviously more expressive, but note that
> > > > this contradicts the example of RFC 7030, 
> > > > and thus chances are high that (most) existing EST
> > > > implementations chose the first option, which is not compatible
> > > > with the second.
> > > > 
> > > > 
> > > > > b) We picked the wrong kind attribute to request macAddress
> > > > > from the client. I cannot remember if it’s supposed to be
> > > > > naming component or an actual extension?
> > > > 
> > > > 
> > > > Apart from the two possibilities I just gave, I do not see how
> > > > else, given given the CsrAttrs syntax, 
> > > > one should have requested a macAddress X.509 extension where the
> > > > value is to be filled by the client.
> > > > 
> > > > 
> > > > > 
> > > > > >   As an aside, why can't the RA just rewrite the CSR and
> > > > > > include the
> > > > > > particular name it wants to impose on the EE? Yes, signature
> > > > > > will be
> > > > > > wrong but the CA shouldn't care because the RA is vouching
> > > > > > for it.
> > > > > > Right? Why won't that also fix this problem?
> > > > > 
> > > > > In most instances, the RA could amend the CSR by
> > > > > adding/changing values. The CA would trust a valid sig from
> > > > > the RA to vouch for the changes.
> > > > 
> > > > 
> > > > As I commented earlier,
> > > > PKCS#10 requires a self-signature within the CSR structure,
> > > > which that RA cannot provide, so there are basically two
> > > > options:
> > > > * cheat and give a bogus signature to be ignored by the CA, or 
> > > > * switch to a more expressive CSR syntax like CRMF, which
> > > > supports popo=raVerified
> > > >    (i.e., the RA vouches for having checked the original proof
> > > > of possession by the client and does not provide a new one) 
> > > > 
> > > > 
> > > > On Fri, 2022-03-25 at 07:35 -0400, Sean Turner wrote:
> > > > > Sorry if I wasn’t clearer before about a “fix”. I think the
> > > > > examples in RFC 7030 could be fixed and maybe make it clear
> > > > > that you either send the “oid” if the server is saying hey
> > > > > send me a request with a value that you (the client) supply or
> > > > > “attribute” if the server is saying he send me a request with
> > > > > a value that I (the server) supply. Right now, RFC 7030 s4.5.2
> > > > > includes an ASN.1 blob for the following examples:
> > > > > 
> > > > >        OID:        challengePassword (1.2.840.113549.1.9.7)
> > > > > 
> > > > >          Attribute:  type = extensionRequest
> > > > > (1.2.840.113549.1.9.14)
> > > > >                      value = macAddress (1.3.6.1.1.1.1.22)
> > > > > 
> > > > >          Attribute:  type = id-ecPublicKey (1.2.840.10045.2.1)
> > > > >                      value = secp384r1 (1.3.132.0.34)
> > > > > 
> > > > >          OID:        ecdsaWithSHA384 (1.2.840.10045.4.3.3)
> > > > > 
> > > > > We can expand the examples to:
> > > > > 
> > > > > 1. Include a challengePassword with a value (caveats included
> > > > > about making sure it is protected when in transit) using the
> > > > > Attribute option.
> > > > 
> > > > 
> > > > It would make little sense for the server to provide a
> > > > challengePassword value - this is to be given by the client in
> > > > order to authenticate itself.
> > > > 
> > > > 
> > > > > 2. Modify the extensionRequest example to include the right
> > > > > attribute value:
> > > > > 
> > > > > ExtensionRequest ::= Extensions
> > > > > 
> > > > > Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
> > > > > 
> > > > >    Extension  ::=  SEQUENCE  {
> > > > >         extnID      OBJECT IDENTIFIER,
> > > > >         critical    BOOLEAN DEFAULT FALSE,
> > > > >         extnValue   OCTET STRING
> > > > >                     -- contains the DER encoding of an ASN.1
> > > > > value
> > > > >                     -- corresponding to the extension type
> > > > > identified
> > > > >                     -- by extnID
> > > > >         }
> > > > > 
> > > > > Where:
> > > > > 
> > > > > extnID: 1.3.6.1.1.1.1.22
> > > > > critical: FALSE and not encoded.
> > > > > extnValue’s OCTET STRING is an IA5String.
> > > > > 
> > > > > This making sense?
> > > > 
> > > > 
> > > > Yes - using the existing (Extensions or) Extension datatype does
> > > > make sense.
> > > > This is one of the two options I also describe above.
> > > > 
> > > > David
> > > >

v2.8.7 | Report a Bug | By Email