IETF Logo Mail Archive

Re: [lamps] ASN.1 Module in draft-ietf-lamps-cmp-updates

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Wed, 28 April 2021 16:28 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC913A1398 for <spasm@ietfa.amsl.com>; Wed, 28 Apr 2021 09:28:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmFMdf5W-BQw for <spasm@ietfa.amsl.com>; Wed, 28 Apr 2021 09:28:21 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2084.outbound.protection.outlook.com [40.107.21.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 311113A13A2 for <spasm@ietf.org>; Wed, 28 Apr 2021 09:27:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nj56meAXqN4XMtH5j1VA6VBWAtowlMFZ4eRys76MUrqMickMUq+pvVirVYezeqWxs42Ac9w1rnefTqChReAgVY3xQ4UuHzWef/uiGcZVkrEv6QSQXVL76WJnAeEUq93+tmQrBeVe/nMdXUtXirVSXdDmNXrgs8IIsv+7BjSRs4FeNQUy54mHIxRf7vlsT1lWCjBNYt9TUuWNz+Xsj3ONc71gDs2+VGdBVksEq26RQtjRIZTdElD8g0L4QXPwrfrYypf+R5bZuN9CvJ6dHIVKFMZ1NJtpRbgbEynh3zVAYh/dQ0fzmgnn2dV5PYfEYyxqmRDQuOO1YkokCItsmwPwWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oH1iPE0Gego+NvtPoT5Hn4ZajQyHlTWbpESKDkeSaDk=; b=ic5qHzRD5CpJtf6yIGZOBCbEkSaFg/p64xrxS4QAhwviA4GbndQwcdyTwc1QPaPWN3vJxm9bLlDFbHpNnvrVgIoxIuA8cB2cEJdLJjOrpYY4XMiCrxh4RLvT4WNGiHgBEVXgXG75fscrvP6l+28j8POv/IGtoV2p5TFmnDU/wAFJnRgsqKo10564L/URvCMkrjYeAmak1wtScXqwgN+sAROc8O8T/oxi7ziYLjoQOTHtnqfBzDSK1jKNW9o7xaABcAbpmtLnSgXRdzLer/C3d7pvvSmi1VbEJncVKqmimVy11A68+fmWxGZU2H+Q7SqvBFVFJXojZa6eCKelkhyM1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oH1iPE0Gego+NvtPoT5Hn4ZajQyHlTWbpESKDkeSaDk=; b=Jh06tSjKA+YXZsj3E1qe8E85LpFbRoJVF/LiUiESFI/5GYwIkDR+It+A7VBjjGMq83SCnmaJUPLzOheLjmY/Vgjf2TcPJ9Rws0mjOrwR6w5Ymk3IN0SGSRSKQ5HJDLNnkjgpcff5s0sCQieHoPGAQjBn0QMBf9nf6km2F/0vzSM=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2932.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:15b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Wed, 28 Apr 2021 16:27:45 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c%7]) with mapi id 15.20.4065.027; Wed, 28 Apr 2021 16:27:45 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] ASN.1 Module in draft-ietf-lamps-cmp-updates
Thread-Index: AQHXOGtOazTtXb84dEuVdUfSKgcwJKrGUqQwgACDzICAA0044A==
Date: Wed, 28 Apr 2021 16:27:45 +0000
Message-ID: <AM0PR10MB24188B3EE703B9921260AE25FE409@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <A2268B02-A30E-4C6F-9C76-6BD726CA9C83@vigilsec.com> <AM0PR10MB24184DBE20BFD57CF29D90C8FE429@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <FB74A5AC-73AD-475F-80E4-336C2ECA72F1@vigilsec.com>
In-Reply-To: <FB74A5AC-73AD-475F-80E4-336C2ECA72F1@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-04-28T16:27:43Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=e2e879b5-c5e5-43ad-9875-9379f0e55cc5; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [95.115.12.210]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8339a017-33e2-4d28-7646-08d90a628dee
x-ms-traffictypediagnostic: AM0PR10MB2932:
x-microsoft-antispam-prvs: <AM0PR10MB29327FFAF01CB48E9D0645C1FE409@AM0PR10MB2932.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FU421arShxogxYbD8KRf3EXU5fWxAkmO4FjJ1jOsTTxqkSS4YUF40EZR3KLeEL36Wqr1uIjhwCJXNKaTJE2VKdx7nAG93SuJgcHpI8rCQbg2PArO0609H3eQSEAVog1IdqRmP57f6GTFmcT7CBxG7WQIFEJZk4mMKYBop9iP9zuzZBR5DXWfrGkc/ZHKIQh1vijBd5xTN6HI9pj3aCg3Mz1gshvxz3OF2u+AoO8c/BlNMx7pFPqrFKpWiZJDjixNAq5KasqNY3fr+dvfwU847v0thlc3+mTWEmbetHoEoJIYKRzjP4DKb0GCrF6vzO79pZjc2baAlze9ey+6/pnSQ7kWdW3M7r/6FC93/RXvpxah9Sl/zVvlb1SBvbATJAUtIdbv7Lx0GWKv1ieNjrase/hWmCb6PV9E4vFFItHT7Dt+22EA2dCsf1wxIp6yVzaI6MM2MwYXuOkUH3VYAmooZ/f72J4VtpEotWkP3COmCAZ5Li+9OtX2ZV66u4oQbiIWQUw8lmQLx2FmrwXMasySgpGtZzWmek7tWCZ4cHm7guVglYU/TL/JLx2vhRcyKZ1hAz00X/ZaZvsgzDJ5vjwSL0z6Tv6N0FcMEHPY3ItH2so=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(346002)(396003)(376002)(366004)(186003)(316002)(122000001)(33656002)(7696005)(76116006)(55016002)(86362001)(2906002)(5660300002)(26005)(9686003)(53546011)(38100700002)(52536014)(6506007)(508600001)(8676002)(8936002)(64756008)(66556008)(4326008)(66446008)(6916009)(71200400001)(83380400001)(66476007)(15650500001)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 4+U/4MMCYJNC/d3x5sazD1ZFo3nxHdHPXpiFy3GrxWXmgsLPxVh5F2UcKklX2x04ybtu/HdzuJ5VkqEWUaR4vIfJSv97BS0r5BSnBsnlO31PggUxMIRAHDXaWvbYJ2oFXyBkDzx/5//4uVKsDtxE8xO6kVUxjerhGA10RzoZlzJLJAok+5Vj5crUCCpwOIt5e2Z4uah0AhZrgb05hHUu3zep9joLp6RV4/b3q10ER6JcRg4YetmWv3274UySNPcWHXXv2HGIQ8b2LIDToy5AXQjc1CIvqduV5+F/DHNPr20KRUcCYW+PmtwtWlUDoXjT2mPgMFRoIgHGFYU+3oOtsm+FGuSzraYgNL6mnksURG94LKdJVFzpZqFI02Nd1mjZ1XEikTmvRUJ5ZtBkHeLRh2iSZg99toka/STs7kF2gcQexfyrVCCfUexzQNYOKvW+KnKrh54GyN6H0lzBuvR6Aen7aYXPyo6Mes3f9df3Eb7YWLXCDabl/iW6R9y944RDt61t72w8iod2gMrqfx37BA1INw/u/0GI+LaP0QYRjtF1Om1r6K7rBOHODVGBPZDksNasEh5AhNXzDRfO19xh624rAvurXN/ffhSfgbzSeBNZlYYrheAlENUxv1RM+V4xZGg1QYiuDzcrqwh52I75XwefjWLGiEh17pjrxqsE2p//GYQwy6ETWWOP8mg5lm5v9WwvXx4MKrYdo+xzDG1A5q37/xxYXyyGEjeeb2XWQaYWn9/5vQ/CMwEbaXaJ1WuB4+sgpihKdj9SBFPtJQnzRE0OhtYaE4np/uTIF+lc1ir2yjgOkt8984K+tFYrNRxRJHJLXrL16FgXQhvctRITEhf31ucga+LGwpZf2np0qFzbmEV7G9hOHTK5mhEQ4yK+/J+vaoHDzmPqROFC2FeNyN/6uaGLtytZ+iTHNAse1Sk2Y6+8e4uZE+LnNEeSonPPRzqFVAMXW0OInnjzz1I5qrL6960VMkxwaClhBNzDBddsDi5c0/TGsXkjASdxb0K6DSmXxO8+tBKxNFhKWxM+RD/rHJrGRvrnHmZYvW3oJryuxxNycXaXQsnMWLenA73YSnv+O6cj6E7jE34/uvKaXzQAmTELR+X7NJyoLz1jH7eDpnRguwGdIjo7lIppMFCojWhx4um+kHwmQwmi/+u8PN+1TvSDEOcmJPovVl5V84ATVJ2+sI8LNudhhKkRHxzzLqTCzzdV2VvaMdLp3dSYdo0mEs7KWavSNEfk2NvB1gntIgymdg+BlKmmtK/6SLOrGuDcD9a/IIgQVUyaefPUY3+Pq5nuOnJ+2jTa9BuozhNLJ9hfzPRomYnrfKvFwRVR
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8339a017-33e2-4d28-7646-08d90a628dee
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2021 16:27:45.3334 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Yl5KKZWP2khTr1nD5mMEmOjjWQngqtTGRep5dTt+wbVvSbPxjGEbrNx/U1qKf1kSFcTnlbCWmgadWQ70wItW9NjbwLp6c/05Vs1VDXypE1Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2932
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/NpthfBV2J_NipaDN7TNe61QfUtE>
Subject: Re: [lamps] ASN.1 Module in draft-ietf-lamps-cmp-updates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2021 16:28:26 -0000

> Von: Russ Housley <housley@vigilsec.com>
> 
> > On Apr 26, 2021, at 2:52 AM, Brockhaus, Hendrik
> <hendrik.brockhaus@siemens.com> wrote:
> >
> >
> >> Von: Russ Housley <housley@vigilsec.com>
> >> Gesendet: Freitag, 23. April 2021 20:06
> >>
> >> Hendrik:
> >>
> >> I do not understand how the AlgIdCtrl works.  Can you provide more
> >> text in the document?  Is it about the subject public key?  Is it
> >> about the signature algorithm to be used by the CA?
> >
> > The purpose of AlgIdCtrl is to provide the algorithm specification the end
> entity should use for generating its new key pair.
> > We discussed the concept of the new controls in thread "dtaft-ietf-lamps-cmp-
> updates and rsaKeyLen".
> >
> > The current text is:
> > 5.3.19.16.  Certificate Request Template
> >   This MAY be used by the client to get a template containing
> >   requirements for certificate request attributes and extensions and
> >   optionally a specification for the key pair to generate for a future
> >   certificate request operation.
> >
> > I could change this to:
> > 5.3.19.16.  Certificate Request Template
> >   This MAY be used by the client to get a template containing
> >   requirements for certificate request attributes and extensions.
> >   The controls id-regCtrl-algId and id-regCtrl-rsaKeyLen MAY contain
> >   details on the algorithms whose subject public key values the CA is
> >   willing to certify.
> >
> > Is this clearer?
> > More details on the usage will be provided in the Lightweight CMP Profile
> document.
> 
> Yes, but I would like to see another sentence about parameters.  With ECDSA,
> for example, the parameters tell which curve the client should use.
> 

I would propose to add the following text.

"The id-regCtrl-algId control MAY be used to identify a cryptographic algorithm, 
see RFC 5820 Section 4.1.2.7, other than rsaEncryption. The algorithm field 
SHALL identify the cryptographic algorithm. The contents of the optional 
parameters field will vary according to the algorithm identified.

The id-regCtrl-rsaKeyLen control SHALL be used for algorithm rsaEncrytion and 
SHALL contain the intended length of the RSA key."

Hendrik

v2.23.0 | Report a Bug | By Email