Re: [lamps] EST CSR attrs discussion
Eliot Lear <lear@lear.ch> Fri, 30 July 2021 06:24 UTC
Return-Path: <lear@lear.ch>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A0053A1DFD for <spasm@ietfa.amsl.com>; Thu, 29 Jul 2021 23:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6YSolDyBc15 for <spasm@ietfa.amsl.com>; Thu, 29 Jul 2021 23:24:23 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309573A1DFB for <spasm@ietf.org>; Thu, 29 Jul 2021 23:24:22 -0700 (PDT)
Received: from Lear-Air.local ([IPv6:2a02:aa15:4101:2a80:1cc0:5822:356a:beed]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 16U6OKLC102087 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Fri, 30 Jul 2021 08:24:21 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1627626261; bh=dyrU9nnZpmQivTs6YJsjZ/KaygI18vdjhfDnPK1WZsU=; h=To:References:From:Subject:Date:In-Reply-To:From; b=NDUZM6LrP0T/QKWp01P57V5bbKePNOJriKicGtt3EPPg9ORryflsgEc3yinH8ahm7 5fnZHAWXbHxMSFunjXOaGBf9sUi4Cwn79Ccq63PGUayYzHZFnhWVZoOSniaaEuYRSh UEZCu6MlWyHKmGF6BtX+njiOpsWWNiKzFys7i108=
To: Dan Harkins <dharkins@lounge.org>, spasm@ietf.org
References: <e87a9fef-9e8c-d470-a6dc-77684cac0005@lounge.org>
From: Eliot Lear <lear@lear.ch>
Message-ID: <8b8b0355-c247-1e0a-a80d-5d86eb554873@lear.ch>
Date: Fri, 30 Jul 2021 08:24:16 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <e87a9fef-9e8c-d470-a6dc-77684cac0005@lounge.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="o6lKagPidljdgLOAW8EEbQc5K4CWzYmSp"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/VIaVFGGgMWtmPo72medPPE9wz84>
Subject: Re: [lamps] EST CSR attrs discussion
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 06:24:29 -0000
Yes, this was my understanding as well. In our implementation we did indeed end up having a backchannel to the CA for fields for which the RA had the content. But I'm not sure it's the right long term approach, since that code can't be easily ported. What I conclude, tho, is that the structure is a bit opaque, and really could stand for further elaboration, since it does seem one CAN specify values. The best way to do that is probably a draft, aiming toward informational, but I'm out of bandwidth at the moment. Eliot On 29.07.21 20:31, Dan Harkins wrote: > > Hi, > > Sorry, I wasn't aware that this issue was being discussed and I wasn't > on the lamps/spasm list. But I'm largely responsible-- i.e. to blame-- > for > the CSR Attrs text in RFC 7030 so perhaps I can try and explain. > > The intent of the CSR Attrs request is for the RA to ask the client > to construct the CSR in some particular way, not to impose values on > particular fields. > > As a for-instance, the RA could ask the client to: > > 1. generate a public key in the NIST p384 curve; > 2. use ECDSA w/SHA384 to sign > 3. include the challengePassword > 4. include an extension with the device's serial number, a subject alt > name, and its favorite drink > > by sending the following base64-encoded blob: > > ME4GCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMCMGCSqGSIb3DQEJDjEWBgNVBAUGA1UdEQYKCZImiZPyLGQBBQYIKoZIzj0EAwM > > > That gets ASN.1 decoded as: > > SEQUENCE (4 elem) > OBJECT IDENTIFIER 1.2.840.113549.1.9.7 challengePassword (PKCS #9) > SEQUENCE (2 elem) > OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public > key type) > SET (1 elem) > OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named > elliptic curve) > SEQUENCE (2 elem) > OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 > via CRMF) > SET (3 elem) > OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component) > OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension) > OBJECT IDENTIFIER 0.9.2342.19200300.100.1.5 (favorite drink) > OBJECT IDENTIFIER 1.2.840.10045.4.3.3 ecdsaWithSHA384 (ANSI X9.62 > ECDSA algorithm with SHA384) > > And the client produces a CSR with an extension that gives its serial > number, > some alternative name, and whatever drink it prefers. The idea isn't > that the > RA would say, "your serial number is 279372 and you like scotch", it's > "what > is your serial number and favorite drink?". > > If the RA wanted a particular length of RSA key, let's say of 3072 > bits, to > sign with a hash function appropriate for that bit length, and include > the > challengePassword it would ask thusly: > > MCkGCSqGSIb3DQEJBzARBgkqhkiG9w0BAQExBAICDAAGCSqGSIb3DQEBCw== > > which gets decoded as: > > SEQUENCE (3 elem) > OBJECT IDENTIFIER 1.2.840.113549.1.9.7 challengePassword (PKCS #9) > SEQUENCE (2 elem) > OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) > SET (1 elem) > INTEGER 3072 > OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption > (PKCS #1) > > The idea is, this is a request to the client on how to generate a > CSR in > the form that the CA expects/wants. One asks what a subject > alternative name > would be, it doesn't impose one on the client. > > That was the intent anyway. And that's how I implemented it in my EST > reference implementation. > > regards, > > Dan. >
- [lamps] EST CSR attrs discussion Dan Harkins
- Re: [lamps] EST CSR attrs discussion David von Oheimb
- Re: [lamps] EST CSR attrs discussion Dan Harkins
- Re: [lamps] EST CSR attrs discussion David von Oheimb
- Re: [lamps] EST CSR attrs discussion Eliot Lear
- Re: [lamps] EST CSR attrs discussion David von Oheimb
- Re: [lamps] EST CSR attrs discussion Michael Richardson
- Re: [lamps] EST CSR attrs discussion Michael Richardson
- [lamps] LAMPS virtual interim for EST CSR Attrs d… Russ Housley
- Re: [lamps] EST CSR attrs discussion David von Oheimb