[lamps] dtaft-ietf-lamps-cmp-updates add section to introduce id-it-caCerts, id-it-rootCaKeyUpdate, and id-it-certReqTemplate
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 10 August 2020 06:40 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F7C13A141A for <spasm@ietfa.amsl.com>; Sun, 9 Aug 2020 23:40:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhpUmhZFOqnp for <spasm@ietfa.amsl.com>; Sun, 9 Aug 2020 23:40:35 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150043.outbound.protection.outlook.com [40.107.15.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 294BD3A0E8B for <spasm@ietf.org>; Sun, 9 Aug 2020 23:40:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bJhymRhZLlMU+Kqo3Khm4MO6h4MmswvcrXT+AM4YK/JM2zlmV0GUP5xfb64BxwgusGwD6AdI23ggqq7JmX8EyuIutpWRDYf4EU7YeXl52gIPNdUyuth83FxEuJit8LVztfP5xUizXMamyh+lMhEht7eGA9B6P82CsX4k5vjFNlhwCU+fNuYP7r37fPgsQqRkf6rkqb7QWGnxLCk/ZbnCFu/SiroozdKTMW6um+o88+VR1LGMCqFgdPw/V5pqB0tISTRoC0q7Z2kB1jDpRv9iezxDgoK0PmrqPo61l9iQlyAWUJa1sw6OL+m2J2ffsuvxs4F97SZOvla3fdof4B/DZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=at0GafVe6URTGXpFtK8DrAqGYmiN4wlDUBsEJtN68cE=; b=WXFVNfuP+1cW/y0LyZvRhtJoARgnWmeWuUknQzluOtYXyt4d6+0ahjPE035wwD2dsevkozHRVFNCl6whK/3+QHXiC8UvY+C4ULGC/DIlmK/2/7T16V6rx9v5vr1whC2RifHFuk29m1tSxt8IQYE8jES18DFYM5rt52DmBWSH+r0Dm8QptBTE+LAIZNeDr2Tl0W+mw11pUtL8Bimhs+eC4e/5aa3ZsDciSsp44lkeaTL/Zn4tDFS1hWxdCI7yCEDXeheiy7rhDmVxhz1PBNAmDbKezILp98qoA0SiEnHeu6OSxWynJn2x4JLwE4l76apfgpWN+IVypfLrNv5hkezbLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=at0GafVe6URTGXpFtK8DrAqGYmiN4wlDUBsEJtN68cE=; b=CSeU+lZa4EH82nCGPZzzYPVBv0dR5+LVPixwXprqgtW6RD+hHwpl+OBaNevP76bSdppMABo0/raYooaZlo5tw/lWHM2eFm3BE/9YONQtws1vrEZt6G2w2xYRQt+b6QyALT7VSXAmirYsoCG6gn+Y5rykXqlYDzk/2goirKz9sA4=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM9PR10MB4277.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1fb::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Mon, 10 Aug 2020 06:40:32 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::a163:6576:dbad:8cb6]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::a163:6576:dbad:8cb6%5]) with mapi id 15.20.3261.024; Mon, 10 Aug 2020 06:40:32 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: dtaft-ietf-lamps-cmp-updates add section to introduce id-it-caCerts, id-it-rootCaKeyUpdate, and id-it-certReqTemplate
Thread-Index: AdZu37UrzuTLe9cMQ0eLmTYUQSgPxQ==
Content-Class:
Date: Mon, 10 Aug 2020 06:40:32 +0000
Message-ID: <AM0PR10MB2418651EF480383C1FBAD448FE440@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-08-10T06:40:30Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=214113ab-a5ef-46cb-ae19-1ce5d4eb75f0; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.147]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 4c6b253a-904d-4ab8-3972-08d83cf847cd
x-ms-traffictypediagnostic: AM9PR10MB4277:
x-microsoft-antispam-prvs: <AM9PR10MB4277EF2B95C9A42492B2EC25FE440@AM9PR10MB4277.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yPkLbQE8gYbmzQDRqB/ix6HQUan8ByvQO0NLD1IzIaVb5pWJNu98Q0J+esi1OXd4yttUn7lRJLjiq0Mz+QswAp5P7nfeCW2fjkvyGxu5r0/tZcXUbPV9oUCih38L6rdLID5ach127RP3qFdMo13M/mrPKulFoxG88CHcbJlKmqW05ylmn/df/iAL0ps2bFzHiAqDb3JrmyzsC0+yMeY2pLeZj2HmrQx0kjLedZM0qyFUWJjCgf+//reUs4oBHH2rz9505eDW+YjC5Qxat1BdOUiesQglBrrwlzKl9PQQ9Pg1q+zPB8nV9MvmfqEFIJ4C0ZAKuL1cd/GMoSVSqQtWPg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(6029001)(4636009)(346002)(396003)(136003)(366004)(376002)(39860400002)(76116006)(66946007)(66446008)(66476007)(66556008)(64756008)(15650500001)(52536014)(83380400001)(86362001)(6916009)(5660300002)(9686003)(71200400001)(2906002)(55016002)(33656002)(8676002)(8936002)(186003)(55236004)(316002)(6506007)(26005)(7696005)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: u0E+6g9DbigatMrzzbuT9dtssJQynzuyY4GdgRDo96w5vpw8LH6o7iUf1A6xGkU+1dhTLK4zR2k/sSo0rPvLGAZcN1DX/jJ2gb4wVKFwQ8W2usYP3lqSdAdmDaM5rsizWxfZCmwrGiZCPVHLhhqS+1KD/wmVp61Pwo4gyTWDHORfqCyuEvsqa24E5koI8bqeZ3jEetlliasCYa9YlDv/zI66IGZGAoqgb42/+JeRPwx2CQHvuB8ui2cyAiHriRM5DVt68GjCtTck3+SL6teMYFNXpqDb+9HpX6P/wXOzqqoTTnT1ztQqW/324WFfCAmYt2me9YgTFyU99rEYLdBrwwR7Td0b5Q3kD6N9yOkmWK5exb4peUVdKzLsfdovbVZKsK98SZy2favG8+26qTy4rZy5LBLvLizbT9vBynXXePyg7oux0uBdD7kNCMYNlbnmUUGZ6t9Acv+GSEWv4JIVUE3jYdu+oIV/Q130BaJz3/Snt9b21nVpvgzzyuLxcgzVgrKAVd5Elnz4jVCiz1rAvzk8wLAOBfcM0/ZCtJzAXvjdjNL5v9raSSTCsBqi6yzfsxEuZQWgLW857Zf+8hsUL9eZ1y3cGV7X+pK5h4+UB760iSqk5DGCNTI2jWjkfjZeR8kCOGcMuBauXh0Ii/SoUA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c6b253a-904d-4ab8-3972-08d83cf847cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2020 06:40:32.5374 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KRfwBOgJ+e5ygGkcK2iYngohfNsgjmPIwRCmJelmh8f3bHnbGyZLHcqdJAYnWaml7tWUvxztuyeS1k+A43jSlRWBhf7odO9mWNAuyO5/bJ4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4277
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/FNWOeqIvkGQZdhRyIXT5dHQY92E>
Subject: [lamps] dtaft-ietf-lamps-cmp-updates add section to introduce id-it-caCerts, id-it-rootCaKeyUpdate, and id-it-certReqTemplate
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 06:40:37 -0000
When working on the next update of the Lightweight CMP Profile, I was discussing the advantages of introducing the new OIDs for the support messages (id-it-caCerts, id-it-rootCaKeyUpdate, and id-it-certReqTemplate) together with their ASN.1 syntax already in CMP Updates.
I see two advantages:
1) The IDs can also be used outside of the use of the Lightweight CMP Profile
2) All changes and additions to the CMP ASN.1 module would be performed in one document only. The Lightweight CMP Profile would not need an additional ASN.1 module.
What is the opinion of the group?
This would be the additional section for CMP Updates and the respective ASN.1 Syntax of the new types.
2.7. Update Section 5.3.19. - PKI General Message Content
Section 5.3.19 of RFC 4210 [RFC4210] describes examples InfoTypeAndValue to be used in general messages content. This document adds three additional sub-section to introduce new IDs id-it-caCerts, id-it-rootCaKeyUpdate, and id-it-certReqTemplate to the support messages as defined in [I-D.ietf-lamps-lightweight-cmp-profile] Section 4.4.
Add these new sub-sections at the end of this section with the following text.
2.3.19.14 CA Certificates
This MAY be used by the client to get the latest CA intermediate and issuing CA certificates.
GenMsg: {id-it 17}, < absent >
GenRep: {id-it 17}, CaCerts | < absent >
5.3.19.15. Root CA Certificates Update
This MAY be used by the client to get an update of an existing root CA Certificate.
GenMsg: {id-it 18}, < absent >
GenRep: {id-it 18}, RootCaKeyUpdate | < absent >
Note: In contrast to CAKeyUpdAnnContent, this type offers omitting newWithOld and oldWithNew in the GenRep message, depending on the needs of the EE.
5.3.19.16. Certificate Request Template
This MAY be used by the client to get a template with parameters for a future certificate request operation.
GenMsg: {id-it 19}, < absent >
GenRep: {id-it 19}, CertReqTemplateValue | < absent >
Addition to ASN.1 module in Appendix A:
id-it-caCerts OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 4 17}
CaCerts ::= SEQUENCE OF CMPCertificate
id-it-rootCaKeyUpdate OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 4 18}
RootCaKeyUpdate ::= SEQUENCE {
newWithNew CMPCertificate
newWithOld [0] CMPCertificate OPTIONAL,
oldWithNew [1] CMPCertificate OPTIONAL
}
id-it-certReqTemplate OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 4 19}
CertReqTemplateValue ::= SEQUENCE {
certTemplate CertTemplate,
rsaKeyLen INTEGER OPTIONAL
}
Hendrik
- [lamps] dtaft-ietf-lamps-cmp-updates add section … Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates add sect… Fries, Steffen
- [lamps] dtaft-ietf-lamps-cmp-updates and rsaKeyLen Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Tomas Gustavsson
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley