Re: [lamps] EST CSRATTRS specifying the SAN
David von Oheimb <nl0@von-Oheimb.de> Mon, 05 July 2021 18:26 UTC
Return-Path: <nl0@von-Oheimb.de>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2443F3A0BFA; Mon, 5 Jul 2021 11:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.234
X-Spam-Level:
X-Spam-Status: No, score=-2.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.338, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nS9GbcGRg7O4; Mon, 5 Jul 2021 11:26:47 -0700 (PDT)
Received: from server8.webgo24.de (server8.webgo24.de [185.30.32.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42FB43A0BF6; Mon, 5 Jul 2021 11:26:46 -0700 (PDT)
Received: from [192.168.178.115] (dynamic-077-009-024-098.77.9.pool.telefonica.de [77.9.24.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server8.webgo24.de (Postfix) with ESMTPSA id AC10C422B9F; Mon, 5 Jul 2021 20:26:42 +0200 (CEST)
To: Sean Turner <sean@sn3rd.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Eliot Lear <lear@lear.ch>
Cc: SPASM <spasm@ietf.org>, Max Pritikin <pritikin@cisco.com>, anima@ietf.org
References: <83844291-5785-434E-8956-3FF81ECD761C@cisco.com> <9820.1618358856@localhost> <MW3PR11MB47462121627A10A62E006497DB369@MW3PR11MB4746.namprd11.prod.outlook.com> <26435.1623269725@localhost> <25C432F7-EDEE-4FEA-B871-5D7F9311BBF7@sn3rd.com>
From: David von Oheimb <nl0@von-Oheimb.de>
Message-ID: <6e29b64d-0bc0-d129-beff-4072a482cfbd@von-Oheimb.de>
Date: Mon, 05 Jul 2021 20:26:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <25C432F7-EDEE-4FEA-B871-5D7F9311BBF7@sn3rd.com>
Content-Type: multipart/alternative; boundary="------------DA1D5B6FF083C81D672371FA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ZhDduNnoswdwxCMnhZi1RwjVDSM>
Subject: Re: [lamps] EST CSRATTRS specifying the SAN
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2021 18:26:52 -0000
The ASN.1 declaration of the Attribute type, which is the core of CsrAttrs type given in RFC 7030 section 4.5.2: CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { type ATTRIBUTE.&id({IOSet}), values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } has been copied over from PKCS#10: https://datatracker.ietf.org/doc/html/rfc2986#section-4. Since it is pretty incomprehensible for ASN.1 non-experts (including myself), the reader has to rely in the interpretation following it in prose and on the example given, but unfortunately both of them are not very clear. In particular, the meaning of the values field or of a "value" in the given text remains ambiguous or even misleading. In the given example, Attribute: type = extensionRequest (1.2.840.113549.1.9.14) value = macAddress (1.3.6.1.1.1.1.22) the "value" is not a MAC address but the OID of MAC addresses. This corresponds to what is explained as follows: Requests for descriptive information from the client are made by an attribute, to be represented as Attributes of the CSR, with a type indicating the [RFC2985 <https://datatracker.ietf.org/doc/html/rfc2985>] extensionRequest and the values indicating the particular attributes desired to be included in the resulting certificate's extensions. AFAICS, the key to understanding how to encode a concrete value (such as a MAC address, a SAN value, etc.) is to appreciate the following sentence, which provides the key idea for reusing the Attribute type: The structure of the CSR Attributes Response SHOULD, to the greatest extent possible, reflect the structure of the CSR it is requesting. So in essence, the CSR attribute response is to be formed like the attributes part of a template PCKS#10 CertificationRequestInfo structure and simply can be given exactly as in a PKCS#10 CSR structure including any (actual) values, yet with two generalizations: * Actual values may be left out, and this way are requested to be filled in by the client/EE. * Additional OIDs may be given for requesting the use of the challengePassword and for specifying algorithms (such as the expected type of the public key). Note that under the (fair) assumption that the order of the AttrOrOID entries in the CsrAttrs sequence does not play a role, and glossing over some Attribute subtype peculiarities, the CsrAttrs type is isomorphic to CsrAttrs ::= SEQUENCE { oids SET OF OBEJECT IDENTIFIER attributes SET OF Attribute{{ IOSet }} } Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { type ATTRIBUTE.&id({IOSet}), values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } from which the similarity with a classical PKCS#10 structure: CertificationRequestInfo ::= SEQUENCE { version INTEGER { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes [0] Attributes{{ CRIAttributes }} } CRIAttributes ATTRIBUTE ::= { ... -- add any locally defined attributes here -- } Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { type ATTRIBUTE.&id({IOSet}), values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } would have been more apparent. Further, RFC 7030 section 4.5.2 does not cover the fact that names and name components in a CSR may be part of not only various X.509 extensions such as SAN (which are to be encoded via the extra indirection of the extensionRequest OID) but also of the subject field/attribute of type (Distinguished)Name. At least a more comprehensive example would have been very helpful to clarify the details of the intended encoding, and likewise any serious reference/example implementation, for instance in Cisco's libEST, which has remained extremely sketchy regarding the csrattrs topic. David On 21.06.21 19:29, Sean Turner wrote: > Sorry for just getting to this now. I haven’t read upstream so if this gets answer there oops. > >> On Jun 9, 2021, at 16:15, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >> >> Signed PGP part >> >> Eliot has suggested that: >> https://datatracker.ietf.org/doc/html/rfc7030#section-4.5.2 >> does not appear to allow the returned CSR Attributes to contain a value. >> Please correct me if I'm understanding the problem wrong. > Oh yeah it does! The whole point of CSRattrs is to allow the client to say “hey RA/CA what do you want my CSR to look like”. The response could just be an OID or it can be an actual attribute with some values: > > Requests for descriptive information from the client are made > by an attribute, to be represented as Attributes of the CSR, with > a type indicating the [RFC2985] extensionRequest and the > values indicating the particular attributes desired to be included > in the resulting certificate’s extensions. > > Note the word “values” above. > > I also figured that there might be brain dead EEs out there so instead of returning a string of attributes the EST server could just return the entire CSR - see Appendix B of RFC 8295. That way the EE would only need sign the request (for PoP). > >> RFC8994 assignment of IPv6 ULA can not, as far as I can understand, work >> without assigning a value. The Registrar must allocate a prefix for the new >> ACP node, and this has to go into the CSR in order for the CA to sign it. >> >> (Yes, the Registrar has to *check* that the CSR contains the right value along >> the way too. Yes, if the Registrar is ALSO the CA, then it can shortcut, but >> that's not in general true) >> >> My unit testing code is at: >> https://github.com/AnimaGUS-minerva/fountain/blob/master/spec/models/csr_attributes_spec.rb >> >> >> I found the ASN.1 code in section 4.5.2 beyond my understanding, so I muddled >> through, since fortunately, there was an example. >> >> CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID >> AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } >> Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { >> type ATTRIBUTE.&id({IOSet}), >> values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } >> >> What I think that this says is that one can have: >> a) a Sequence of stuff. > a sequence of stuff that might be empty > >> b) the stuff is either an OID. >> c) or the stuff is a SEQUENCE [ type, value ]. >> The complicated &id... is just saying that when you have some attribute type >> "FOO", then you can have the things that would be valid as values. I'm >> actually rather amazed at this level of meta-programming. (Can CDDL do that?) > So this is the parameterized ASN.1 syntax. What you could so is define an IOSet of attributes. These attributes value values. But, yeah if it’s an attribute it’s an OID and the associated syntax. e.g., > > pKCS7PDU ATTRIBUTE ::= { > WITH SYNTAX ContentInfo > ID pkcs-9-at-pkcs7PDU > } > > pkcs-9-at-pkcs7PDU OBJECT IDENTIFIER ::= { > iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) > pkcs-9-at(25) 5 > } > > The OID would be 1.2.840.113549.1.9.25.5 > > and the values (really only one) is: > > PKIData ::= SEQUENCE { > reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest > } > >> An example is provided: >> MEEGCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMBYGCSqGSIb3DQEJDjEJ >> BgcrBgEBAQEWBggqhkjOPQQDAw== >> >> %echo 'MEEGCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMBYGCSqGSIb3DQEJDjEJBgcrBgEBAQEWBggqhkjOPQQDAw==' | base64 -d | dumpasn1 - >> 0 65: SEQUENCE { >> 2 9: OBJECT IDENTIFIER challengePassword (1 2 840 113549 1 9 7) >> 13 18: SEQUENCE { >> 15 7: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) >> 24 7: SET { >> 26 5: OBJECT IDENTIFIER secp384r1 (1 3 132 0 34) >> : } >> : } >> 33 22: SEQUENCE { >> 35 9: OBJECT IDENTIFIER extensionRequest (1 2 840 113549 1 9 14) >> 46 9: SET { >> 48 7: OBJECT IDENTIFIER '1 3 6 1 1 1 1 22' >> : } >> : } >> 57 8: OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3) >> : } >> >> >> At 2, we have the OID "challengePassword", which tells the client that this >> attribute should be included (that's [b]). >> At 13-26, we have an attributed, ecPublicKey, with a *value* secp384r1. >> This tells the client what kind of things to sign with. (that's [c]) >> At 33, we have extensionRequest with oid value 1.3.6.1.1.1.1.22. (also [c]) >> Finally, at 57, we have just the attribute ecdsaWithSHA384, which is telling >> the client to use SHA2-384. >> >> In order to get this all right, I used the example above, made sure I could >> decode it, and then made sure that I could encode exactly that. > Yep! > >> I have an example building the subjectAltName rfc822Name (yes, my code hasn't >> caught up to otherName as specified in RFC8994 yet) which is: >> >> obiwan-[projects/pandora/fountain](2.6.6) mcr 10263 %dumpasn1 tmp/hellobulb0.der >> 0 32: SEQUENCE { >> 2 30: SEQUENCE { >> 4 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) >> 9 23: SET { >> 11 21: SEQUENCE { >> 13 19: [1] { >> 15 17: UTF8String 'hello@example.com' >> : } >> : } >> : } >> : } >> : } >> >> I don't know what the [1] is actually, but possibly that's the rfc822Name. >> Yup, it is: >> # rfc822Name [1] IA5String, <-- this one > The one is the tag. > >> So, I think that I'm entirely within spec for CSR Attributes, and I'd like to >> understand more from Owen and Eliot as to what problems they are having with >> CSR Attributes. >> >> Eliot has suggested we do it all in JSON (CBOR?), and I would certainly be >> happy with that. >> >> -- >> Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) >> Sandelman Software Works Inc, Ottawa and Worldwide >>
- [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Eliot Lear
- Re: [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Eliot Lear
- Re: [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Sean Turner
- Re: [lamps] EST CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- Re: [lamps] EST CSRATTRS specifying the SAN Russ Housley
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- [lamps] discussing EST CSRATTRS specifying the SA… Michael Richardson
- Re: [lamps] discussing EST CSRATTRS specifying th… Russ Housley
- Re: [lamps] discussing EST CSRATTRS specifying th… Eliot Lear
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- Re: [lamps] EST CSRATTRS specifying the SAN Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb