[lamps] WG: I-D Action: draft-ietf-lamps-cmp-updates-09.txt
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 30 April 2021 17:11 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 529583A1FE8 for <spasm@ietfa.amsl.com>; Fri, 30 Apr 2021 10:11:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LAi0Os7Ncbx for <spasm@ietfa.amsl.com>; Fri, 30 Apr 2021 10:11:00 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2047.outbound.protection.outlook.com [40.107.20.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AEB43A1FE7 for <spasm@ietf.org>; Fri, 30 Apr 2021 10:10:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NpEuy2x+M4/pzp1qYCrknCp4j6tFIcsNlLqtmv/kBa6vFnjOQ0P83PPfWkabkRKLxoUH4RdzSiOV9Kuz22BkOfj4jYcEcgTjA1XXeS7bbmEq8VZnnle4hWcl6Y1CHyxjVo+VGu9gRGmYOpZXMuATFR773qY4kAZ9tUPGTfGDF153L2wodYmTAPkrClWFS+wDW34piAmijozN/6Z7Q+qvAY59nPAONNC26YO5FgSZ9/LLq2SKK/Dq7qO7/1tM8ODaYpyKuT5VHGzxoApUIl74eNR/KuL7KK8HAzTdm4eNRtRJN8/WK3+MY5h6ijXFXy9qrn3E4toyii02VwFiAPvbpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8FhlOj4isx87MIRFR3w54J4aPouh1YWCJAelKgkA4Gw=; b=CKSFkQK672qirOBzSvgZpAX1NFMXKZtqH5jeE0qsTBpdmcSIp9aQi//WueOvjYt03YS7sDNht9hkffvI/8+evg9uEL81e9GmbzLItXBU+c7NGztVgqNq4PYz1AAEjmETX62vD7Ll1LJihawc6Nn3BxRop2RSzSCY75r1uhv75z8GO9IvIfiYAWcxbn8cdbHToFZUDy5QfGIXApOFvzMVuJZ8Ee+Mxcyl+BkxKPj8Qz8eGRmN/+5/n+r1c7D7iGioKzfRHFAE/rGTL89hzGnmJu9al6c1SICqXKVwxRqlUZZpevu95BoXBMZCAPCM3ouUckqIGGcYBovvtYnY3cXMfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8FhlOj4isx87MIRFR3w54J4aPouh1YWCJAelKgkA4Gw=; b=BSTEkf/of40E3Oql6O3ciO4mR5GMhKSSGcSih7KwivrbA3I7UA6jqNWBbo/bbH62nrNFad7YcEBhpauDGC1H+Pl7+JdgDzR6YUEPW7/jrl4NcPrAhjMCI9HPcWYkWCEewkr4mGH+D+0PQyxMSXzd7fqqFGR2hIRdoIkWD6j0go8=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB1857.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:48::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.28; Fri, 30 Apr 2021 17:10:56 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c%7]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 17:10:56 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: LAMPS <spasm@ietf.org>
CC: "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, Tomas Gustavsson <tomas.gustavsson@primekey.com>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cmp-updates-09.txt
Thread-Index: AQHXPeMH1fqJriNaB0OewkJFf66nEarNSvqA
Date: Fri, 30 Apr 2021 17:10:56 +0000
Message-ID: <AM0PR10MB241885AB7EBD0D1DAD51E126FE5E9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <161980226679.27531.12027377558854779227@ietfa.amsl.com>
In-Reply-To: <161980226679.27531.12027377558854779227@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-04-30T17:10:55Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=80891e04-dec9-47c8-abbe-b550bb667562; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.171.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 71adabea-208a-48a9-59a0-08d90bfaeb51
x-ms-traffictypediagnostic: AM0PR10MB1857:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB18570DC49124B13B83EA2E54FE5E9@AM0PR10MB1857.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zjF6IY52VjoNb+Sz4ielN5WfSEtzzObvLs9TLw1DyUq3+pYquZ7/lgf5J79HJSpA1HuLN7lYXlz2Azy48KMdfAO7e4E398WC5LMuJve90M26fmbi5wL2cOnbv4TtCYEA10aHggsPpMwbAUTiSMptcfJ+gy/rk4XBlWhKJSHsTyWWtErF6N7EzuVUv1YZbDbbbkD2PjIcNtDVP6CZRbId6vYIjYGlh9pvshoDyMvOPojX6Ftc25FCKna9nWlx0ZX+PDryWE2hMkvXr20j5KEM4ti+cZ5X3pDC8alYsfPFC7rZcXU3ZNCtiKLqbLejxjV0D3FbRCquyXNJoxIVaImj62jyBMvSLIFKoAQGHgE1bRj5IrFxOGSwnwJjUzFqVBpWNOkyQRXs8EY4qEizB/Hb4laCuZ/5puIFdwgUJ5LY+Id4m4tKEN9DSHyhTOvoC8kw7fkOsSXU3tPZnwQTlOy6LjCETHEvkGE8Zm8y6VY4zUOaztEX3E+j81cbT/Z68ZoLLAAOIJlNXy41Y2eK9voRFtpO+K+mbKj6U8tLX1jdHqwWGA3C0c3hgrFv19ZaL9xdPynPTWa2T0YPq7CZxFcV1ky+dvQFKc1Asc9HZlWsV+Tc7mlvEcyRpn/BD9qw+B5QmLb5jknyfREZYqrdb7qmiJ5v0yIUE5YcjZ+bSQDDa49QiQtUqLCq521K5WCpvY2G
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(366004)(396003)(346002)(39860400002)(38100700002)(26005)(186003)(66574015)(8676002)(64756008)(478600001)(33656002)(9686003)(83380400001)(966005)(86362001)(55016002)(54906003)(316002)(122000001)(15650500001)(66476007)(4326008)(45080400002)(7696005)(6506007)(66446008)(66946007)(2906002)(71200400001)(8936002)(52536014)(6916009)(5660300002)(66556008)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: lOXKVdSDaHXN2GVQ0EDJNaOcrQJtxGzHP1k5PC5FtK4DYRWMMEU09RJ4V5aTzxpkjjEZS+LMeiL9+Wn+XyZfteiBXV21CSxORMR6oIwc/NV8fTlxDUwl0RUoXzIy54UMAzlLMkC0Agex6XwewUVguGFzoFnjYpqy/S02dDU8QacW/BGrfIDOVmi33Epp9IgxXLS/8gaRd9AKG7vTJuEU0ObBQ3029e0mVz/1YGSNc1p+EqKCmGFF2guZ/9ixTwv42axG1oIk80WI9/Z3r9nR8qvOIBZ6AkYHG6fvVRaMrjeLBgBcfb05TIuxyNHJ2j2Rh/yy1I4h6rD5rJZMH4uz1dvzFyW8eaeAvW+45nSEQiOr8f5DTqkkPNmbVImCth+Rnxczs3WVMdWagbJyqghN7cziNqtRof6VHKa6suNKITbI8I5d990YHuFyb/AMAEa+fMSwfBRfRQJpj3yVSAYfc7/bo/V8uFW8MIySh5TNUV/6pob1XcgTgyYyh30XCxKd7gjuWmMYQuuLtDh+QCSFeQtx4uL1GEF2Bn4sVG/Muk23jxp1crklDTL1TRUMm346p/BCCSNDofR0USZyUcN5mPS68xTMwMMDFbIuCg6djtsWg8QvBX/u371NMQrMruQcPd3gwWVuF6Gc4apB03JoI9pDpVwR23AfYnGAO+G0SDHLTqayRoLO4wSjXQqqiJhNfSYjFiapPMummZhIM1zo/e+pWGPj35/Ct4QHuh9OAnVzHvYNPU1KW7HkxkJbXV8CWn7M3RUoyP2SATTuNVaF7OC8wzRxtDq5AeXmG7hd8amV5cHx32Vq9tPqtAGkbJYw7N7+b1EDuvpVKvDe63SfvmQ7voY0b/lRzdx6hlBKwOqDZGHrKpNKLFybjId3Q5y6yAJ2jhUrc33IfzGCBYYfu2PaPOgoFwBKncXHMDEhu63zmwd4fWDDsSSEqxi6QU3rutmEo12F82NdafcPJBhHX1KerUwWWhtgZrDess0FvCAMqFZFGpETDPXYhVIUJEH4Ipv56D2xRPT9/tgEb8FaN27b2SpwA9kaVJJaYMtvfFrZLke9nHQXwIGccsserHz2UJuiB/YdJOwNLbebIk+7xtU8uAjuTW606TCJKippbh7Cns25AqSloK9BEdSMDKqc3od0Y5kh+1N4FVz21sv/A0249xqOzPzQ+ClffxySqMBkgXb1ct+PedC2nWPCH7+9iOFENiu0gMVcjMC6Zgyu8YovDJFmIRqRXaf5+i9Pr8umVAXq0VCsBOBCOU9gpgaoOpgzflpbefDQHDW9e8EOB473tNlk7BDoGFTnTDs0X+Qn8xibZ9zSv9nX//oOSJJ0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 71adabea-208a-48a9-59a0-08d90bfaeb51
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2021 17:10:56.6183 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 28KAnbWkDqeTDyuuxzed1bSlj/3F8jPvv32bClc4o/QkAyHnvjt/8gHNf2uWt8zCDvSJTKsmyaTFwXyO378rHjyDy6T/3LGDNjnaLUol3F0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB1857
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Kc3CQ7AQ3YlL5jVYYik0AoV81P4>
Subject: [lamps] WG: I-D Action: draft-ietf-lamps-cmp-updates-09.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 17:11:04 -0000
Changes from version 08 -> 09:
* Deleted specific definition of CMP CA and CMP RA in Section 2.2
and only reference RFC 6402 for definition of id-kp-cmcCA and id-
kp-cmcRA to resolve the ToDo below based on feedback of Tomas
Gustavesson
* Added Section 2.4. and 2.5 to define id-it-rootCaCert and id-it-
certProfile to be used in Section 2.14 and 2.15
* Added reference to CMP Algorithms in Section 2.8
* Extended Section 2.14 to explicitly indicate the root CA an update
is requested for by using id-it-rootCaCert and changing the ASN.1
syntax to require providing the newWithOld certificate in the
response message
* Extended Section 2.15 to explicitly indicate the certificate
request template by using id-it-certProfile and on further details
of the newly introduced controls
* Deleted the table on id-kp-cmcCA and id-kp-cmcRA and adding id-it-
rootCaCert and id-it-certProfile in Section 2.19
* Adding the definition of id-it-rootCaCert and id-it-certProfile in
both ASN.1 modules in Appendix A
* Minor editorial changes reflecting the above changes
>From the perspective of the authors, the content of the I-D is complete.
Any feedback of course is more than welcome.
Hendrik
> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-drafts@ietf.org
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Limited Additional Mechanisms for PKIX and
> SMIME WG of the IETF.
>
> Title : Certificate Management Protocol (CMP) Updates
> Authors : Hendrik Brockhaus
> David von Oheimb
> Filename : draft-ietf-lamps-cmp-updates-09.txt
> Pages : 53
> Date : 2021-04-30
>
> Abstract:
> This document contains a set of updates to the syntax and transport
> of Certificate Management Protocol (CMP) version 2. This document
> updates RFC 4210 and RFC 6712.
>
> The aspects of CMP updated in this document are using EnvelopedData
> instead of EncryptedValue, clarifying the handling of p10cr messages,
> improving the crypto agility, as well as adding new general message
> types, extended key usages to identify certificates for use with CMP,
> and '.well-known' HTTP path segments.
>
> To properly differentiate the support of EnvelopedData instead of
> EncryptedValue, the CMP version 3 is introduced in case a transaction
> is supposed to use EnvelopedData.
>
>
> The IETF datatracker status page for this draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrac
> ker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-cmp-
> updates%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cb
> 493aff2bdd947002ad908d90bfa2889%7C38ae3bcd95794fd4addab42e1495d55a
> %7C1%7C0%7C637553991321989188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000
> &sdata=rOUznRx2FXcKl%2Fg%2FvxLaT8IHsUZPWpkxlZ59SPB4JAs%3D&
> ;reserved=0
>
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Farchive%2Fid%2Fdraft-ietf-lamps-cmp-updates-
> 09.html&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cb493a
> ff2bdd947002ad908d90bfa2889%7C38ae3bcd95794fd4addab42e1495d55a%7C
> 1%7C0%7C637553991321989188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&am
> p;sdata=nW9O%2FdAY%2BbY0hD9kM0fm%2BCARVdEB3p73F%2FU8Fq1nGQM%
> 3D&reserved=0
>
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Frfcdiff%3Furl2%3Ddraft-ietf-lamps-cmp-updates-
> 09&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cb493aff2bd
> d947002ad908d90bfa2889%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C
> 0%7C637553991321989188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sda
> ta=JpSbjp6SwlwUnrSaQ5roOaRd32GTM4zU2j4kGTgnmmc%3D&reserved=0
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org
> %2Finternet-
> drafts%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cb49
> 3aff2bdd947002ad908d90bfa2889%7C38ae3bcd95794fd4addab42e1495d55a%
> 7C1%7C0%7C637553991321989188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&a
> mp;sdata=zQWezhgoeKXt%2BLd9h1lv7jmv3JsMWTp9fY%2FNG6ZvAp8%3D&am
> p;reserved=0
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockha
> us%40siemens.com%7Cb493aff2bdd947002ad908d90bfa2889%7C38ae3bcd957
> 94fd4addab42e1495d55a%7C1%7C0%7C637553991321989188%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
> XVCI6Mn0%3D%7C1000&sdata=aLbQtyaBSHrhtQ0uFJrIgg%2Bqk7BKXas9lk
> %2FL%2BRn80KE%3D&reserved=0
- [lamps] I-D Action: draft-ietf-lamps-cmp-updates-… internet-drafts
- [lamps] WG: I-D Action: draft-ietf-lamps-cmp-upda… Brockhaus, Hendrik