IETF Logo Mail Archive

[lamps] [CMP Updates] Requesting a current CRL

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Wed, 06 October 2021 15:54 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD6D3A1E59 for <spasm@ietfa.amsl.com>; Wed, 6 Oct 2021 08:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwPksCeGnuPy for <spasm@ietfa.amsl.com>; Wed, 6 Oct 2021 08:54:13 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2077.outbound.protection.outlook.com [40.107.21.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0A033A1E5A for <spasm@ietf.org>; Wed, 6 Oct 2021 08:54:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IRc64dmd+s92rewWY2v7YQ8LeBqOHRK3cPN++clu8Xp9YNxGuidMoLm0AoKpW0PuM0Zh4s2uG4O2kKqvJnss+dmmkRPuH8BtOfxVH8pubzm/R9Rwm+prnE0SbnSkZcFvxSeKhCYN+j4Xoyp6EymG9rYuVAMkqCCNKc1vFwqPfY6A/NdKtzaABDs+POhEWOoxAqQbx65i+92BiCAdFXWrzZhcE4XYbzIojewCkooAbGK5tBYgt78Xd7oxCERuPipWphtgqPoD2LbwEjrt9QGgQNFDsYOC+VUYbzw+QxwrBvUh2fam6kOC/5Xa6j8eT7JkZkP4giGpisjI+JNSo7iWoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3DQJp718Mgq6QX4Xnn+sxIaFBXML5fFcdCnAxw1FoQs=; b=JO9qIvErO4WhQ5iY/VMt1aVm7aR0jmAEhib1mR5FmFYJO00H62VnyogC0n1RWbLj68+uiEUfINs3rWX5rCrzRHIsfbaqq5k91SBeSHdWCB76X1cWmWtBiFBbEmfLeW3v/4pEhfts3tMhsHazu2Vg/EXJNMykm80VCtEtQqB0T62XmrQn7cOU6tVSlw3KR9/XtAOFAdhD2tvh8BbPpWRDInJI5y/A8a0GsuDqF03r0RcAl3OCrsNTTTI3N/8HJDEHNCpKeplrjoZhdjzAN3v6UiAErzELRQb6Hz4ynbuWHOTpoaVPjp1kchV7ZQiVSHzRFdh1v4ZRx1u158p82uL3qw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3DQJp718Mgq6QX4Xnn+sxIaFBXML5fFcdCnAxw1FoQs=; b=SaAi27er9BBx8FmScQtJWhtPzuTS41+lG15fOKrEk4TILtiGhu16fHjjriJkruodsbaFBL44cPEy6OokWquElTs9yE7CNqspRxXEvpitNe5apm/7tpwhv33JfOXJFJtTgxJVfl8ahICtlNV5gShEBRWvzfq5ArVGDwbfWn+H+0A=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB3665.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:157::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.22; Wed, 6 Oct 2021 15:53:53 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f%7]) with mapi id 15.20.4544.026; Wed, 6 Oct 2021 15:53:53 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
CC: "john.gray@entrust.com" <john.gray@entrust.com>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>
Thread-Topic: [CMP Updates] Requesting a current CRL
Thread-Index: Ade6xq1Zr0mYiftjThSrgvJihCAOJA==
Date: Wed, 06 Oct 2021 15:53:52 +0000
Message-ID: <AM0PR10MB24181E0CB7F13C5969337F56FEB09@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-10-06T15:53:51Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=96365c60-be70-4c08-9d90-b8dec767374d; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2765ef60-575a-48ef-3aa1-08d988e17f0f
x-ms-traffictypediagnostic: AM0PR10MB3665:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB36652BA2A9872EB523842B7AFEB09@AM0PR10MB3665.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +DqJrKj/AAvk5EMGgPEpGd6Q+j3z8RDxZgIFjTVWgO0Lb13hiZCpKNBND1EKBaf6lxdAUazL98AnKh1kzmG+S9a6HulWX+s7BysLXMDWvnxTRu95ajctyNX4C90HkxfIopP7CQ6ZjOgdb6CvXF3G0KCaxJzZ0HEH/zJYeTuOxUmzWFOFOL1Z21Rd+5/UQIEEaxDc1o34sRscKJQ2rJr8tNo34Zj38jJHvfRKMNdqrX2vNUkjZw2NxmhKr42SsfT+BcH08h9WY4xE/Lnb83RmTsNjQUY+YBqKAKAy2gqeIZEtH8pPJnOkUy9XebZdVCTidsVoPwB3yEq3ZGMfsvhaINd0qhckYGfvPO8vamEjMPc0c64LGy1BPBUKHB3gwpviIiEuijwQPKGfXhsTxppqatpb7Xm4HJN6/3eRAL9/NAjiN9PqpnxLJbyVf5Kb80C3l3v+3qJDojH2V0hkwqVLO9Hr6E8lVJr9xgi7NlCXGf1RQ/04dvh+98VV9YF92cz0Rk9jXl9bm7X7jDXmRIhIm8fXm/tSIMiV/IG2eEfXxcI4CI9TuvZXdQVOX6by77h25C3eu3VXEhy9mDKTTch7rQ1yyq31P0NfRVsnriq5SmoYzXlCzc9ZJgELDJ+PbMuhxh9QwrBGCv4RdQWLuEad+vTWZczJG90RhIOROzz90kgqV2nuMTeZd8ul6J2w9Oe62u2XuNVTuQElNL/r4b/pKPD9njVw1rfhvUTBlZvIE1kRwU3rCgY4GLP8bYPnPuQBNnD+sV4GOg3C5xKMv2wUdPVcFQMjuYtlY6UUnO9Ced8j9jiohAx7W4EExB3zgX+J
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(15974865002)(38070700005)(316002)(6916009)(508600001)(52536014)(54906003)(26005)(38100700002)(122000001)(76116006)(5660300002)(186003)(6506007)(83380400001)(8676002)(66946007)(2906002)(8936002)(15650500001)(4326008)(107886003)(9686003)(33656002)(86362001)(7696005)(55016002)(71200400001)(64756008)(66446008)(66476007)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BolLGCCeOuDSPDmaG0ghVHxvK+GBpxpzc2fdqpEyDaOF9gBK1hLkvv8pjEeLh4uNiK4YQ22IjjShY8I5IST8HCc782gID1WKlogA14GefyiYnXIyY3qHn4nBYWZ6Zv86OHuGza3J3DaKeNqtPBPlmXOf8nD/Ruu0pzQuTATt+zV29ZdF5/C+yzCTtD1M9maz3NLPwP9lJ2qmySTWSTTgGNavo41qEViHbHBOn8+KodeCb2EHGKeFae93fWIyCmFJ8bjZETypWuuFQVeAYUv9qV2cZHaiSfFepnspFJbfR7k1uMRL9OHL3I1F1rgEd0u12Mc0erMHIGRvgQtjy47RysB1lfpn+iRJU1HNRNojAfjU1FOZ9knZRxwPkUe+phIttz0VR/f+3kizBgMQT2565q4t918beMfiUlmQezBXdu5l/Z4+JFFYUT5kPWyqHCvWDqUS3G82bMG0K+9TCCQZHZ7JZr0LltuBYtyQcbsizf7UeXypD1b5LMRHqunaYDTIYfp1jOxM2Ve+kyLIBi9IJ2mh2SSgX9hNMeBlQ8JI7Y95VARCFeUsmWhC6N0yalFf5iSBEebRRzbj1EbIehC0jUVjbWEHd9fP9+F5QD09qd42SVQ4lpbv0Oc9y1MK1XK9MpgqWSaFmungXyjqfadxwlj++tnO64vvn1quTkiqOh10J7h1W+hfgbvperltG+J+PIUdktY30TmoagN/xjrGY3U7jAilcclN3z3KzbABcnq/X6gWt9W4xUAKTn0AHxhz0+/8hGj2MMowzSvkRIZ5NnmDfnpKyk1pQRKyi02vwRo0VNozQNpAOEc9+KCQmRxk8ISgqJvKtB9zX0Fr5F6Cd9ef0dKoL3+RjpRcDxHGolAkZ6MqNm08z2Dg/b/ti5stbJ0e9HW/e0RuTVljIk9W+FV8asN2kyIjABm08QAzORIEW3Nwi5t9DtL7aunom+utfSdGW66gjMVzBpMonsW9ji6EStLbkKnxHCPjYhsYGb5klHA58Uhq4Vjc0FjXAhNj8thc9R3PEkfV6tpE8XfRnMfBuoeGuLMCx1JDcXUHw8hlD4iA3Fg4l0ESpJP+TqzxGThkYtXBmZ+75yKaIPQxNLYlZ/kUueuXeogYSiwwL6E153uCzkSnAmsGQBP4UXjSpjsdSxPzr9QLSP0ko0LzHTTUvJb91A49gj6giRVHpXc83sSzcz24T5OMgka80Pg9chK+ttBjPZzM9wb8Vw4PbQ5BGgQo12ktbuqPa/IECPHMML5uIP9V01ei15A3lcISqoUSMBLknfpj1+z4B6qiznHCmuDvqdBds1nfzje2USI4IffKAgR3lgS7Y9M4qctb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2765ef60-575a-48ef-3aa1-08d988e17f0f
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2021 15:53:52.9340 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wepij6IGBIw3WHua6y/oJA9+dFJ+WKRXbohossy3zc9vb/5O5vv8wfJq5IKLzk2kaW7lMuOLRL8QG+TZGYg0Qy3m1QJn8JD6WZgFx9hEA6Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3665
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/NihUOUbPoBQ6iE7Bkjc0glfKB88>
Subject: [lamps] [CMP Updates] Requesting a current CRL
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 15:54:18 -0000

There are situations where CMP is used on networks that do not offer http or coap, but other transport protocols specified at IEEE or IEC.
In such case we use the general message as defined in RFC 4210 Section 5.3.19.6 (https://datatracker.ietf.org/doc/html/rfc4210#section-5.3.19.6) for requesting CRLs.
Currently the CMP server always send its most current CRL, regardless if the CMP client already has this CRL.
To avoid sending the same CRL multiple times, we would like to extend the mechanism sending only more current CRLs than the CMP client already has.

Together with John Gray from Entrust, who we also like to add as co-author to the CMP Updates Draft, we discussed mainly two implementation options.

Option 1:
Define a new generalInfo field to be provided in the request messages header of the general message specified in RFC 4210 Section 5.3.19.6. This ITAV shall contain the thisUpdate time of the most current CRL the CMP client has. The CMP server shall return its CRL if it is more current and otherwise with an empty body.

Option 2:
Define a new general message type. Sending this new general message, the CMP client requests the thisUpdate time of the most current CRL the CMP server has. If this is more current than the most current CRL the CMP client has, it requests this CRL using the general message specified in RFC 4210 Section 5.3.19.6. 

The authors would prefer option 1. What is the opinion of the WG?

BTW, this is the last open issue of this draft. The authors hope that the next update will be the last before WGLC.

Hendrik


Siemens AG
Technology - Research in Digitalization and Automation
Security Architecture
mailto:hendrik.brockhaus@siemens.com

www.siemens.com

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

v2.23.0 | Report a Bug | By Email