IETF Logo Mail Archive

Re: [lamps] draft-ietf-lamps-cmp-updates

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 27 July 2020 16:22 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B2573A1AF7 for <spasm@ietfa.amsl.com>; Mon, 27 Jul 2020 09:22:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdRRLOtan0Ie for <spasm@ietfa.amsl.com>; Mon, 27 Jul 2020 09:22:51 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2056.outbound.protection.outlook.com [40.107.21.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4473F3A1AEB for <spasm@ietf.org>; Mon, 27 Jul 2020 09:22:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oNgAk7LZvCG+WXD2QrbVn5BzRr2S+fGNAG+JeoNlUKI7ayL0cmeREMhiijwtCmodeeeSNZViMbINEWwf9dod3UtZIGTfqXaBYAecUYMFjTmlGMEzj7/wo4+a1oRnCjLTolYn53TBHHSO3/498HIF/GxNfEIGv3JHle5xkkog9up7t7JzTV208OsCLJUV+wcFmbT+TULQhJ6wN83ArxtvxCwBXM/g65rjr7L1RqGVAYrgEa5kpQ4nppZv+OUIJk2zZZoljLJ8tutmUg8FqG+Zvo3FJtw/tJub/ueK/Za6fD3Lui8s3b4/kMzQJUcrirNd14LJMUDinidXCrBcNI8UaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZlA9u1rNlOxEmjxS5S7Eqz4HjauRAoCt5CaLcmncFUQ=; b=oJe0UpjV+mwEupeyK4v2KPGr92qYzV2xZ3WBBtc9N5LCYIaNwB8UcRsdfJEPCOhisNQAiZXzWGFmCy2UTRuz//1IY+A8XfT67GC6jwjD5g4Wn6tlTfdQ8SW+6roJ6ZNHX5gVi8Kgi6r/BT2hCa1lfWJpXyo9mJCWjr+iox7YjpL/nDmIgEXnjkh5m4Ej2CfMUpsxn1sKUV7DxjgZqKc9oWEY25/ZqPFXKVDEZIF3eiT8EXZbcASDhvPe+fBdo/yzjVZ+KKK0xfna6ks+Vrfq+gNsxaW63bfaZvjT6c3ETs+jXb4iuxuKMGEl1KRwNk3LU1msY6WwfUj3mkNbzm3cbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZlA9u1rNlOxEmjxS5S7Eqz4HjauRAoCt5CaLcmncFUQ=; b=ZKzllfkDV1WrZ+dYRwqVM/g3ULgcTxzi63JRoQp51CCHjHr+ezxjYZJA/y4EnL9sI4x3uZUPT6uMzsGDP6d36TbWYmyGan70ZxRIboynO7Z/7tbk0ZR/PNg6u5nAtBuvlrd6/479PqTWmOeDXkDo93J9LtMF5Rc9QwGk+umMkUc=
Received: from AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:184::10) by AM0PR10MB1858.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:3f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Mon, 27 Jul 2020 16:22:49 +0000
Received: from AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM ([fe80::288b:3b52:cf90:8fc0]) by AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM ([fe80::288b:3b52:cf90:8fc0%9]) with mapi id 15.20.3216.033; Mon, 27 Jul 2020 16:22:48 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: draft-ietf-lamps-cmp-updates
Thread-Index: AQHWY4Otd7XI25AWCU2d90xbJWNT86kbmGwg
Content-Class:
Date: Mon, 27 Jul 2020 16:22:48 +0000
Message-ID: <AM0PR10MB315350FE5BE4E8FCDDFE1CB1FE720@AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM>
References: <AM0PR10MB2402173DFBD40DFF043AE839FEA40@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <97AAAE51-45E0-4363-ACAD-99144085E710@vigilsec.com>
In-Reply-To: <97AAAE51-45E0-4363-ACAD-99144085E710@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-07-27T16:22:47Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=047ff5d2-bc12-4bcf-99bd-98940004c52a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.183]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ea54b0a1-d41a-4dd2-1052-08d832494da2
x-ms-traffictypediagnostic: AM0PR10MB1858:
x-microsoft-antispam-prvs: <AM0PR10MB1858D0D6D8315C0EC61E0B8CFE720@AM0PR10MB1858.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SjTGkmxgo4PNJlFUrDAE08xPB+LVXrvmHWz0vkkS21BapDkOqR9x3+bfMOnvU07MsBvAobBxrlr5QC3bm+dFdL6HR3TfPv+M/X2/uHruYphi6joqBQBO52UbbIBfXQAHHOHmF2yIp9ZUKP1xi6zhVm2KamGsHiUrbIrLGhWraxfkuljMrRbtT/Cr0NwCN5fJiEzV6cuDmocCsXcAg6geYfRIDM/vqdPIzDcrU2EHlN8AlZ2JItkPCd8cTNiRIr4QAOaXrJ6ursKZjitGmN6dqMLdojrLZb72fLMQ6GhbSf+cLHxT5U4gYLpjn+S3YD2OQe/6BuVnDbp37Rkx8Su0NA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(366004)(136003)(346002)(396003)(39860400002)(52536014)(66446008)(83380400001)(66946007)(2906002)(8936002)(64756008)(66556008)(66476007)(76116006)(9686003)(8676002)(478600001)(186003)(7696005)(55016002)(26005)(55236004)(33656002)(86362001)(316002)(6506007)(71200400001)(4326008)(5660300002)(6916009)(15650500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: uy+NkDyk3J6uMYOQ4uiLmokGIAeuRPI08uI9yr/wQHo1LO1A+/wRjcGY52d6Vuxt1Bio2bhgqDOydXilKVeXDwXO6exsZI0LnO0cMTvVkI8mekooWQHHRC+3O5ufgPpzwEMUJMPyXP5XHIfXv5GNScPPhui1axWba7riGt0Co0r0x/YW7bBzSS6vXITldlcgobBo6dklicOH1h5TSdS6zocq9ht7fG398Dwst0r0PNtr550PW6KEMLjtvnPAMiDuCOqF0vauDWQM9E3ASpbOGl4Jqo5A3asPT5FXoCxCS/Z7BeQkKURsEjegvWQV/G+sAPey9//oZtwevlcWoVv58o44ZUlkbHb+zNDriWOG51a/P5MlxdcFp8/AzzK2Y0vC24gkLXL9YP3u0aprLSDJ+xCLf+7Ek5VFwyn1hjvSKY5NT1gUsShifzORndg3iBdzPG2ROMe0vAMo+9xhY2Nz6mQRGVZJykDa/Of7f9Jn5F3KREyIser1o+niMdicJuDW
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB3153.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ea54b0a1-d41a-4dd2-1052-08d832494da2
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 16:22:48.8009 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /FtbmmCLeY9OfjMKukh7NM0zF7sUuVWLpjw2azTlj7d543MQZA6peuk4jTPSoOrq+AQP7+04oY61h+CeBw/Q0VH+3IGWWFzUxnZhDeLZZ9s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB1858
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Sij3HGlHuzKQCyuj7Hqj-0uRoQ8>
Subject: Re: [lamps] draft-ietf-lamps-cmp-updates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 16:23:00 -0000

Russ

Thanks for having a coser look at the ASN.1 module.
Actually I am a little uncertain how to properly specify things. :-(

> Von: Russ Housley <housley@vigilsec.com>
> 
> IANA has made the assignment for id-kp-cmKGA.

That is great. I will add the OID in the next release of the draft.

> 
> I was looking at Appendix A in the draft, and it is not completely clear to me
> what the revised ASN.1 module looks like:
> 
> First, the source of some imports is updated.  No big deal.
> 
> Second, in CertifiedKeyPair and CertOrEncCert, the EncryptedValue os replaced
> with EncryptedKey.
> 
> Third, id-it-revPassphrase (which is in a comment) is associated with
> EncryptedKey instead of EncryptedValue.

Finally, I do not fully understand this specification, too. 
My goal is to update OID {id-it 12}  as specified in section 5.3.19.9 and the only lines in the ASN.1 module on this OID is in comments?

> 
> Fourth, id-kp-cmKGA is added to the list of EKU values, but these do not appear
> in the previous module anywhere.  Where do they belong?

You are right. The EKUs id-kp-cmcCA and id-kp-cmcRA must be imported from RFC6402 and can be deleted from this draft. But the id-kp-cmKGA must be specified here, right? 

Hendrik

v2.23.0 | Report a Bug | By Email