[lamps] Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 05 December 2022 12:54 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7901BC1522A3 for <spasm@ietfa.amsl.com>; Mon, 5 Dec 2022 04:54:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LV5tN2qAjtN for <spasm@ietfa.amsl.com>; Mon, 5 Dec 2022 04:54:35 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B45C1522C5 for <spasm@ietf.org>; Mon, 5 Dec 2022 04:54:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mq8tU4HSErQb4g+uK8xUak+Rr4SU/FNVICT37O7XYiJv+kBjbn3Q3oJSiCHzqQjKrkD6LrgBfbIF7MG0HgRw4yy9/wqhR+1ueZMUwgsVJc19c0s9BzabrWjR2lYFjd2vgK0S61sUDMhFTc5p1lNc2bVZXHUmoy3O3KdiOS6oephELJg86WWePdxdKXwVKpCGzfTDlEcpjS1cDmBmW1eXBqA0Ydeo04vl2txWw1XsoJUHEz7ViuP6F9jk9Xmpp9x/l6o7ssK8MqlEoA7/g0HrkO2FB+r4omo2pECg640smThX9KA3pxSV1tEUVO0Z9tROGRd0dOQ3Q/VwBZtRcpRsVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jwBH3xYJSA/4cG2RvwaAELezPdr+Dg5yEoUeQGiYLdw=; b=RQGFi2c7uIl50yFP+q+UTfVCe/XgR66Q7Nu3b95ajliHoYtr0J+M0TgcxY1chWjaltMrS1KQRu5FTv8Kut/alQvQiuYtsJo8TBdHt/ljQtnIaq904ZWads1oR1WWC9U/WYB2ZIsAqRLAn0C3cQeBZot/pNwOMKALtlkd11Z9kUQdmNignyXXd/BbArgtYIddyZ3s4SVGFVdhAgycNAefni4yFuTHRXWgnUyXKuIpen3OfmhpZ4M7vR//bQKtiwLfseWkIqcKMGgtTUedYONFcktqMt+lz86ID2Rqynasf/Yzn7znWSntjlIOD53yjJ6MoGJkm6pPeo126TwpS8Wu/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jwBH3xYJSA/4cG2RvwaAELezPdr+Dg5yEoUeQGiYLdw=; b=zmk/ZBHpbPV7hcF5y+NcCXWnPOHn4SAL1am9a/GonUpxFlilZVlx/w9LJsuA3UpuM7fCpc1xH21HDwRtMIN66hflj+/FvPG6gfQgMA4NL53RPoj4YhTbtD6xw7Xy9yWvuyZfFhdFl0STgc3TE72JKv65A63exAP/t4aki/+P9RCMuRJkSgz3F7LZCjBW/kFhbSCumI45oN1w4V6v84xteiQxli/8sIsMQ5Zwriixx4bTohMFOMvEh+TapxVVeC45LszWUNhvvfUTW6gy4grK14lmiq7bFjUubCuIwk3Qne+Fz2xJsbntzK1CQ4BWrKewp+SqakfCDJFeUDZVdF6PTQ==
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:7d::8) by DB4PR10MB6286.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:382::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Mon, 5 Dec 2022 12:54:28 +0000
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b]) by GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b%3]) with mapi id 15.20.5880.013; Mon, 5 Dec 2022 12:54:28 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>, Roman Danyliw <rdd@cert.org>
CC: "von Oheimb, David" <david.von.oheimb@siemens.com>, "Fries, Steffen" <steffen.fries@siemens.com>
Thread-Topic: Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
Thread-Index: AdkIqLTTNnlfax/pTA6WyrjMqro6zQ==
Date: Mon, 05 Dec 2022 12:54:28 +0000
Message-ID: <GV2PR10MB6210F2A1F525357D74D825CEFE189@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2022-12-05T12:54:26Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=1812b7e1-45d0-4331-8341-a142c7207274; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV2PR10MB6210:EE_|DB4PR10MB6286:EE_
x-ms-office365-filtering-correlation-id: ecdea718-9fe4-4ba0-6f25-08dad6bfd869
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6AxvoDPvnWMww84cUlkkAQmf93RiIx23mLOyhk2K2yXQDKVNE0PSPbHDWkyZUBIAPBxAfQWqXGdj6mr1n+zBEhjHdSJd0qHKgonRfSO1GEEnT01ffzsCxmtc5xYaT1trLpq6xsnt78ZOwMjHCHNBcPZzWFcOHNQ0VqRPVyQZVBX+bz/Blryovqfkg1efZVXtmBVzp0p3AxA/YQeT+V11UI/jCnU1VH7ElKB343AYYNxAToi/Q+boPDQp5sXZNv0Fjdk6zxC3Ppz5kQNjedxA4we2NrlyRM/CNvTnltb8x/nCkgXuYPmnDB/+w4TlLoL7zK211aoprFPRqgzjhX/bNQ6vdN1KH8LJJdrC1sh/Ge1S14r/C9Tiiiq6P/BE46dR62szgizX3pYLpLJHp83YLe/fWhZPpknsJeQz2NUGh57qhwSWH5NPBuhd/4HsxvDTwhqYMZe49cpgQhO7baWkmTR3VwUPB25AuJrrNJkVYtZQbszUgg78jOhxnVwUmlsv2W/14FlfVV3m/DhKTIBWn5rVc2hvL/6TOtfh+lFks92C+VuGIOt2BpRRRgRKNdXCB8/o9uRQfNqetP7zWZazXR+vcT7GFnehbKALSBsxFYeXIDOt5y/4ihXirqeLF8a/C1O6PfllmKLyxO1OX70XiYlhN/UFT5EN2p/PtH5Awvi6+jGznkaPIJ8Na0PFITe0tMsiBos40gnJeNerf/dGzuhWYLM/vxwgcbNvy05NjNBe4siR/CpjUj03oDjpNux+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(366004)(39860400002)(396003)(346002)(451199015)(9686003)(110136005)(86362001)(38070700005)(66446008)(54906003)(33656002)(122000001)(316002)(55016003)(71200400001)(8676002)(41300700001)(66946007)(15650500001)(66476007)(5660300002)(64756008)(66556008)(2906002)(76116006)(8936002)(52536014)(4326008)(7696005)(38100700002)(6506007)(478600001)(107886003)(83380400001)(186003)(26005)(82960400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qk9x3Ej9L8M93rPtkd6WN77KG3r8zXluVxtQOTkILcagS9gA4HYVBB/VSdiu3pljM2fiYMQMDCy/p+GdSB2VOu6SeUDtli89lMFcoYLKuZWDJ7AUfdT4ajdxUCTcKZtHw+bA2DwPikE8Ixj6eqgaeN1nMz32xD3bfLevVseuv042TD4X1iiz9q9USA9n3pjyNyoFHh3k9Mqa+Ci8IRGco+0u58EXKWIMcdX4Pzfh0tgHYf/NHolywW3EkyjmVVwKbq5l27u3gPYJEFIdhuvRoHFClZMLhvvWJXgIU61lXLFl5DecfOMHctqaThmo54Q/nTidCbrsDPc2KZdZf296mViD+uaBAxpThta+IS6qW70Pp34/G//dM7yEBm/53dWd2varTlM2t1w9UUiOFn/TbRe1/KQiBhnbMG9JVivG7Iv/hE52szuU0OzcATZnig7j/7rrdI13AKrDcAIhzT7tadAm6uPpORUjNaWP2kFYB1M3g53pL6xLjLwHClVfN4a855bOPsbq/d5YwnT98dC5WIRwIUAriD26FO16ehY1laNALZH3SFgYhfJSVrzEKWhKIL+uWkoUn2w/utKWpXl8zi6Ujf3b9wzZQO3qtt+d8vT/6Wh/Of1uqOazKBDjyrTBtrGX7UnHqW0mn8g+1/vLifXsBtq5NhHayArXQ4W7GtbN79L5BVFo+3Ui1j0vYa+7L+5Fcej+FX3eLdxOg5edlwYL3f0FYYaaDmOpz6MLDMrjtcB8D0A/IeKAj6mg2JaUzHc1DASARATLuN8xSG+i2A47g30U7utYjN5hKRgFlUR47/LPZpMEJhdGTzk89RqRaQt1ufPplWPCV3/SmuE5sr07Aml1iG6LHkWcf3lJRp8EO5jeh+Gqke4jpKThEqgCCsclJMk4Cw55nFDfxv51sIi/lkjE7hjS0wR42Sthlv8109dV7DiaohiXomczDZBD2524nDLyS/YaC2usJt53B8ypbUewxUBFGGs+oHWZgKqMpGlBhvVGqZz5GQLUy4q05wIXMhPl7MDa12tGuxxn0K2rGlHxIm963UnJicFK6QYLXST4HLnIjij2ntB2d1XUAp8eczGagNYi4lnXkmIhezHn7XgYdQIgWSOtArpTC8E971uE8I9xJchUqbR6EHBMk4rPucW+fHSO9VDKeEE8vK5RA2sV0P3PMDlXqTyb3S2cROZPn7LPemXLWREgO1IaX+3qIBwa4+bfsk5YikHFN7jcl8ZQIMTTqnd0o45ECWpjQQndTdiFd3wYWeBKCHUff4O8nlWF5OJv3KLek4HI4ZTph65RwAdFrVpdQr7Eegk2vzOPV+37tIpZQKJjNf3p3VgSWNlKWCrtOnG+n57dENgkGYNDk3s9hYcjen8L0mrYvac4G5iK000K2nztWsjIuxcI2VYuVSwSYZ4bjMhfkuJYIa8FDhA5EJk0XGmndxYdD1BQTDVfcF+G57I87tFClEHoBBoeWRp9pwn1u+qXQn8xIhj4uPDRnFGa6Y7R2FX1Z3SqouFnTnBCgm16HhJnsWE/2bCfBYTc4wxbV5HIIebbu50f4vZapfPwhDafZ5rvJKYPFuQrG9o/M8NRJ1+n/4G6ueeWLcXuzt+XU9kjPg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ecdea718-9fe4-4ba0-6f25-08dad6bfd869
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2022 12:54:28.4076 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5FXf/t32bYAQwHqPboGB2XU8398ecEF8CK1ZJkqNu8B18y4PyKv3fCx22LyOpCYTnzZkwFZfeaucZSnxtC5tuZBwZXWAiBQZ8XKxwmnSD9M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR10MB6286
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/N9nGKvN1D1OHw_V5UpwGIdK2Jk0>
Subject: [lamps] Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2022 12:54:39 -0000
Roman, Russ, all
During implementation of the support message it-crlStatusList in OpenSSL
one minor correction and a clarification was proposed by David.
@Roman, Russ, is it OK to implement this change with version -18 of this
draft? If this is too late, or if we need more time for discussion, please let
me know.
Hendrik
This is the proposed clarification:
OLD
The EE MUST identify the requested CRL either by its CRL distribution
point name or issuer name. The CRL distribution point name can
either be provided from the CRL distribution points extension of the
certificate to be validated or from the issuing distribution point
extension from the CRL to be updated. If a thisUpdate value was
given, the PKI management entity MUST return the latest available CRL
if this CRL has a more recent thisUpdate time. Otherwise, the
infoValue in the response message MUST be absent.
NEW
The EE MUST identify the requested CRL either by a CRL distribution
point name or issuer name.
Note: CRL distribution point names can be obtained from a
cRLDistributionPoints extension of a certificate to be validated or
from an issuingDistributionPoint extension of the CRL to be updated.
CRL issuer names can be obtained from the cRLDistributionPoints
extension of a certificate, from the issuer field of the
authority key identifier extension of a certificate or CRL,
and from the issuer field of a certificate or CRL.
If a thisUpdate value was given, the PKI management entity MUST
return the latest CRL available from the referenced source if this
CRL is more recent than the given thisUpdate time. If no
thisUpdate value was given, it MUST return the latest CRL
available from the referenced source. In all other cases the
infoValue in the response message MUST be absent.
This is the minor correction:
It is in line with the syntax specified in CMP Updates Section 2.17:
GenMsg: {id-it 22}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep: {id-it 23}, SEQUENCE SIZE (1..MAX) OF
CertificateList | < absent >
CRLSource ::= CHOICE {
dpn [0] DistributionPointName,
issuer [1] GeneralNames }
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
The first element to mention in Section 4.3 is always InfoValue, here
followed by source.
OLD
CRLSource REQUIRED
-- MUST contain a sequence of one CRLSource structure
NEW
InfoValue REQUIRED
-- MUST contain a sequence of one CRLStatus element
source REQUIRED
- [lamps] Minor change to draft-ietf-lamps-lightwei… Brockhaus, Hendrik