[lamps] Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 05 December 2022 12:54 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7901BC1522A3 for <spasm@ietfa.amsl.com>; Mon, 5 Dec 2022 04:54:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LV5tN2qAjtN for <spasm@ietfa.amsl.com>; Mon, 5 Dec 2022 04:54:35 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B45C1522C5 for <spasm@ietf.org>; Mon, 5 Dec 2022 04:54:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mq8tU4HSErQb4g+uK8xUak+Rr4SU/FNVICT37O7XYiJv+kBjbn3Q3oJSiCHzqQjKrkD6LrgBfbIF7MG0HgRw4yy9/wqhR+1ueZMUwgsVJc19c0s9BzabrWjR2lYFjd2vgK0S61sUDMhFTc5p1lNc2bVZXHUmoy3O3KdiOS6oephELJg86WWePdxdKXwVKpCGzfTDlEcpjS1cDmBmW1eXBqA0Ydeo04vl2txWw1XsoJUHEz7ViuP6F9jk9Xmpp9x/l6o7ssK8MqlEoA7/g0HrkO2FB+r4omo2pECg640smThX9KA3pxSV1tEUVO0Z9tROGRd0dOQ3Q/VwBZtRcpRsVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jwBH3xYJSA/4cG2RvwaAELezPdr+Dg5yEoUeQGiYLdw=; b=RQGFi2c7uIl50yFP+q+UTfVCe/XgR66Q7Nu3b95ajliHoYtr0J+M0TgcxY1chWjaltMrS1KQRu5FTv8Kut/alQvQiuYtsJo8TBdHt/ljQtnIaq904ZWads1oR1WWC9U/WYB2ZIsAqRLAn0C3cQeBZot/pNwOMKALtlkd11Z9kUQdmNignyXXd/BbArgtYIddyZ3s4SVGFVdhAgycNAefni4yFuTHRXWgnUyXKuIpen3OfmhpZ4M7vR//bQKtiwLfseWkIqcKMGgtTUedYONFcktqMt+lz86ID2Rqynasf/Yzn7znWSntjlIOD53yjJ6MoGJkm6pPeo126TwpS8Wu/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jwBH3xYJSA/4cG2RvwaAELezPdr+Dg5yEoUeQGiYLdw=; b=zmk/ZBHpbPV7hcF5y+NcCXWnPOHn4SAL1am9a/GonUpxFlilZVlx/w9LJsuA3UpuM7fCpc1xH21HDwRtMIN66hflj+/FvPG6gfQgMA4NL53RPoj4YhTbtD6xw7Xy9yWvuyZfFhdFl0STgc3TE72JKv65A63exAP/t4aki/+P9RCMuRJkSgz3F7LZCjBW/kFhbSCumI45oN1w4V6v84xteiQxli/8sIsMQ5Zwriixx4bTohMFOMvEh+TapxVVeC45LszWUNhvvfUTW6gy4grK14lmiq7bFjUubCuIwk3Qne+Fz2xJsbntzK1CQ4BWrKewp+SqakfCDJFeUDZVdF6PTQ==
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:7d::8) by DB4PR10MB6286.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:382::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Mon, 5 Dec 2022 12:54:28 +0000
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b]) by GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b%3]) with mapi id 15.20.5880.013; Mon, 5 Dec 2022 12:54:28 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>, Roman Danyliw <rdd@cert.org>
CC: "von Oheimb, David" <david.von.oheimb@siemens.com>, "Fries, Steffen" <steffen.fries@siemens.com>
Thread-Topic: Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
Thread-Index: AdkIqLTTNnlfax/pTA6WyrjMqro6zQ==
Date: Mon, 05 Dec 2022 12:54:28 +0000
Message-ID: <GV2PR10MB6210F2A1F525357D74D825CEFE189@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2022-12-05T12:54:26Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=1812b7e1-45d0-4331-8341-a142c7207274; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV2PR10MB6210:EE_|DB4PR10MB6286:EE_
x-ms-office365-filtering-correlation-id: ecdea718-9fe4-4ba0-6f25-08dad6bfd869
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6AxvoDPvnWMww84cUlkkAQmf93RiIx23mLOyhk2K2yXQDKVNE0PSPbHDWkyZUBIAPBxAfQWqXGdj6mr1n+zBEhjHdSJd0qHKgonRfSO1GEEnT01ffzsCxmtc5xYaT1trLpq6xsnt78ZOwMjHCHNBcPZzWFcOHNQ0VqRPVyQZVBX+bz/Blryovqfkg1efZVXtmBVzp0p3AxA/YQeT+V11UI/jCnU1VH7ElKB343AYYNxAToi/Q+boPDQp5sXZNv0Fjdk6zxC3Ppz5kQNjedxA4we2NrlyRM/CNvTnltb8x/nCkgXuYPmnDB/+w4TlLoL7zK211aoprFPRqgzjhX/bNQ6vdN1KH8LJJdrC1sh/Ge1S14r/C9Tiiiq6P/BE46dR62szgizX3pYLpLJHp83YLe/fWhZPpknsJeQz2NUGh57qhwSWH5NPBuhd/4HsxvDTwhqYMZe49cpgQhO7baWkmTR3VwUPB25AuJrrNJkVYtZQbszUgg78jOhxnVwUmlsv2W/14FlfVV3m/DhKTIBWn5rVc2hvL/6TOtfh+lFks92C+VuGIOt2BpRRRgRKNdXCB8/o9uRQfNqetP7zWZazXR+vcT7GFnehbKALSBsxFYeXIDOt5y/4ihXirqeLF8a/C1O6PfllmKLyxO1OX70XiYlhN/UFT5EN2p/PtH5Awvi6+jGznkaPIJ8Na0PFITe0tMsiBos40gnJeNerf/dGzuhWYLM/vxwgcbNvy05NjNBe4siR/CpjUj03oDjpNux+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(366004)(39860400002)(396003)(346002)(451199015)(9686003)(110136005)(86362001)(38070700005)(66446008)(54906003)(33656002)(122000001)(316002)(55016003)(71200400001)(8676002)(41300700001)(66946007)(15650500001)(66476007)(5660300002)(64756008)(66556008)(2906002)(76116006)(8936002)(52536014)(4326008)(7696005)(38100700002)(6506007)(478600001)(107886003)(83380400001)(186003)(26005)(82960400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qk9x3Ej9L8M93rPtkd6WN77KG3r8zXluVxtQOTkILcagS9gA4HYVBB/VSdiu3pljM2fiYMQMDCy/p+GdSB2VOu6SeUDtli89lMFcoYLKuZWDJ7AUfdT4ajdxUCTcKZtHw+bA2DwPikE8Ixj6eqgaeN1nMz32xD3bfLevVseuv042TD4X1iiz9q9USA9n3pjyNyoFHh3k9Mqa+Ci8IRGco+0u58EXKWIMcdX4Pzfh0tgHYf/NHolywW3EkyjmVVwKbq5l27u3gPYJEFIdhuvRoHFClZMLhvvWJXgIU61lXLFl5DecfOMHctqaThmo54Q/nTidCbrsDPc2KZdZf296mViD+uaBAxpThta+IS6qW70Pp34/G//dM7yEBm/53dWd2varTlM2t1w9UUiOFn/TbRe1/KQiBhnbMG9JVivG7Iv/hE52szuU0OzcATZnig7j/7rrdI13AKrDcAIhzT7tadAm6uPpORUjNaWP2kFYB1M3g53pL6xLjLwHClVfN4a855bOPsbq/d5YwnT98dC5WIRwIUAriD26FO16ehY1laNALZH3SFgYhfJSVrzEKWhKIL+uWkoUn2w/utKWpXl8zi6Ujf3b9wzZQO3qtt+d8vT/6Wh/Of1uqOazKBDjyrTBtrGX7UnHqW0mn8g+1/vLifXsBtq5NhHayArXQ4W7GtbN79L5BVFo+3Ui1j0vYa+7L+5Fcej+FX3eLdxOg5edlwYL3f0FYYaaDmOpz6MLDMrjtcB8D0A/IeKAj6mg2JaUzHc1DASARATLuN8xSG+i2A47g30U7utYjN5hKRgFlUR47/LPZpMEJhdGTzk89RqRaQt1ufPplWPCV3/SmuE5sr07Aml1iG6LHkWcf3lJRp8EO5jeh+Gqke4jpKThEqgCCsclJMk4Cw55nFDfxv51sIi/lkjE7hjS0wR42Sthlv8109dV7DiaohiXomczDZBD2524nDLyS/YaC2usJt53B8ypbUewxUBFGGs+oHWZgKqMpGlBhvVGqZz5GQLUy4q05wIXMhPl7MDa12tGuxxn0K2rGlHxIm963UnJicFK6QYLXST4HLnIjij2ntB2d1XUAp8eczGagNYi4lnXkmIhezHn7XgYdQIgWSOtArpTC8E971uE8I9xJchUqbR6EHBMk4rPucW+fHSO9VDKeEE8vK5RA2sV0P3PMDlXqTyb3S2cROZPn7LPemXLWREgO1IaX+3qIBwa4+bfsk5YikHFN7jcl8ZQIMTTqnd0o45ECWpjQQndTdiFd3wYWeBKCHUff4O8nlWF5OJv3KLek4HI4ZTph65RwAdFrVpdQr7Eegk2vzOPV+37tIpZQKJjNf3p3VgSWNlKWCrtOnG+n57dENgkGYNDk3s9hYcjen8L0mrYvac4G5iK000K2nztWsjIuxcI2VYuVSwSYZ4bjMhfkuJYIa8FDhA5EJk0XGmndxYdD1BQTDVfcF+G57I87tFClEHoBBoeWRp9pwn1u+qXQn8xIhj4uPDRnFGa6Y7R2FX1Z3SqouFnTnBCgm16HhJnsWE/2bCfBYTc4wxbV5HIIebbu50f4vZapfPwhDafZ5rvJKYPFuQrG9o/M8NRJ1+n/4G6ueeWLcXuzt+XU9kjPg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ecdea718-9fe4-4ba0-6f25-08dad6bfd869
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2022 12:54:28.4076 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5FXf/t32bYAQwHqPboGB2XU8398ecEF8CK1ZJkqNu8B18y4PyKv3fCx22LyOpCYTnzZkwFZfeaucZSnxtC5tuZBwZXWAiBQZ8XKxwmnSD9M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR10MB6286
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/N9nGKvN1D1OHw_V5UpwGIdK2Jk0>
Subject: [lamps] Minor change to draft-ietf-lamps-lightweight-cmp-profile-17 on Section 4.3.4 CRL Update Retrieval
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2022 12:54:39 -0000
Roman, Russ, all During implementation of the support message it-crlStatusList in OpenSSL one minor correction and a clarification was proposed by David. @Roman, Russ, is it OK to implement this change with version -18 of this draft? If this is too late, or if we need more time for discussion, please let me know. Hendrik This is the proposed clarification: OLD The EE MUST identify the requested CRL either by its CRL distribution point name or issuer name. The CRL distribution point name can either be provided from the CRL distribution points extension of the certificate to be validated or from the issuing distribution point extension from the CRL to be updated. If a thisUpdate value was given, the PKI management entity MUST return the latest available CRL if this CRL has a more recent thisUpdate time. Otherwise, the infoValue in the response message MUST be absent. NEW The EE MUST identify the requested CRL either by a CRL distribution point name or issuer name. Note: CRL distribution point names can be obtained from a cRLDistributionPoints extension of a certificate to be validated or from an issuingDistributionPoint extension of the CRL to be updated. CRL issuer names can be obtained from the cRLDistributionPoints extension of a certificate, from the issuer field of the authority key identifier extension of a certificate or CRL, and from the issuer field of a certificate or CRL. If a thisUpdate value was given, the PKI management entity MUST return the latest CRL available from the referenced source if this CRL is more recent than the given thisUpdate time. If no thisUpdate value was given, it MUST return the latest CRL available from the referenced source. In all other cases the infoValue in the response message MUST be absent. This is the minor correction: It is in line with the syntax specified in CMP Updates Section 2.17: GenMsg: {id-it 22}, SEQUENCE SIZE (1..MAX) OF CRLStatus GenRep: {id-it 23}, SEQUENCE SIZE (1..MAX) OF CertificateList | < absent > CRLSource ::= CHOICE { dpn [0] DistributionPointName, issuer [1] GeneralNames } CRLStatus ::= SEQUENCE { source CRLSource, thisUpdate Time OPTIONAL } The first element to mention in Section 4.3 is always InfoValue, here followed by source. OLD CRLSource REQUIRED -- MUST contain a sequence of one CRLSource structure NEW InfoValue REQUIRED -- MUST contain a sequence of one CRLStatus element source REQUIRED
- [lamps] Minor change to draft-ietf-lamps-lightwei… Brockhaus, Hendrik