Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-06.txt
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 09 July 2021 14:54 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1AC3A23E6 for <spasm@ietfa.amsl.com>; Fri, 9 Jul 2021 07:54:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rCYWO8Uf6ji for <spasm@ietfa.amsl.com>; Fri, 9 Jul 2021 07:54:11 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30058.outbound.protection.outlook.com [40.107.3.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33E173A23DF for <spasm@ietf.org>; Fri, 9 Jul 2021 07:54:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OGlre7wT/xCto4zJ6niGzYQ1rNBl3fMOl6sQEVL13sbwo+JVEoOMB7C/SjB4hcq14N4JWdcuOLfPzjaKDfryiyNTSiFOBU34qLyr8uBya49+HeA/KL9Xa9ee4WoBeIe3TB0+xuvpr6kQR/brFrCK+9D0SOHr13XOjM8jiV1v1kGFto8klitpCglHa6RbTalCNCjMnlm4MDzv5PwwPqSXtW39pVwZs2IwxdKIrVn3KG2FRLXPUSmE+aUqEJE5uW+ja0mx499kK1T3uED2xMJOIAZE4gPPLfJD5vnrW6luy0nrFmDKuy+Uv5QXxmltMTRAGUs9YZEZI5Mrs9vIiiEigQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wh+UJ0m9fXr50jjtMpsA6FCUX8pOhbitTcxhbv1Jqxc=; b=XFn4pDKJXVY03OV/XmBMHnvHrBsJHvyfJecsxIXM5DXpPYLOl4GKsVnGeoT8uLOpJEVNE0Ud9+K7KBJ1aYVPCGADVNdXpJdln1zkbLDss4Sh3NU2KXfkHj+nYoxl3qxOuHCYjuiZdRhrlvJ4uF3MWxqlkZr/TGy7VkP0jOkqxkad30aTcRn48nLNv6Mctwtq6ckgFAogXwhI1+ydfUhxMDEuuEu5fR3QqULPlKZcFfSZWxNdXBcA5BOrW9mEt4rGqC1BUFbS+lhiL/cx9/RfDpmLDTuMSXwjOEwOcnEj91HmgNc/uwwPcmDCm88/hqACdCzSWvGv9qp6EK5Y1fkE9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wh+UJ0m9fXr50jjtMpsA6FCUX8pOhbitTcxhbv1Jqxc=; b=S8guuB6+Ih0RpnFB+8l27RrtMtb5PHV8KVE+VR0dMftMuKI1k9HtIiXwh9hpYBn91SaM9kQcB8n7kXZ6HHYJTXcDs64VqmqujI0T3gxzdNjXYIhF9w6FqgXPU/tZqtlDFDOtK1i3+VN5S32gEhSJ+V6W4Qm1eM9enT56yUMzJOg=
Received: from VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:7e::24) by VI1PR10MB2143.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:83::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Fri, 9 Jul 2021 14:54:08 +0000
Received: from VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM ([fe80::3ca9:3a27:a46c:51ed]) by VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM ([fe80::3ca9:3a27:a46c:51ed%6]) with mapi id 15.20.4308.023; Fri, 9 Jul 2021 14:54:08 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
CC: "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>, John Gray <John.Gray@entrust.com>, Lijun Liao <lijun.liao@gmail.com>, Tomas Gustavsson <tomas.gustavsson@primekey.com>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-06.txt
Thread-Index: AQHXdNCiDrSm9MKaY0eAHOLXFNjUFqs6uB4g
Date: Fri, 09 Jul 2021 14:54:08 +0000
Message-ID: <VI1PR10MB24291AFC3FD6DCB98C776229FE189@VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM>
References: <162584167624.27193.9352728968948739685@ietfa.amsl.com>
In-Reply-To: <162584167624.27193.9352728968948739685@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-07-09T14:54:05Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=1b7ae183-acb6-4996-8ac0-151a1da688d1; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a318d23c-cfdb-4522-54f2-08d942e967b6
x-ms-traffictypediagnostic: VI1PR10MB2143:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VI1PR10MB2143D71390D1F8E2BA990BAFFE189@VI1PR10MB2143.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KeLKwZnj58MOg+u/CIh3ieZacTk4wFyBMA1e65OOLJFMuCee1ZY+imF/w1Rhg7XoyO81J+voSP4ZijHrug8FYAKPXZLAZt3AS6Ctj3PBJoZB6nzSrTWBwVUFJUSfNaemhiCEe+Yh07Bk6Le26w3ihY6HK102rNhsNK3v9enl+sof2D7FWmVjoA8JszCFbt9ZlE6J8dkYYAERUUmh9GRXgpB7kcEmf2RQKR63hCvUFGPeiMEnMglBpVKLfDhBs3b6yAFQgMx5rLqAASWZza7YHas+7DlnGgZFXI1hJnLRUPShSgMv79tAiqLFCRFd/ToT5YO0UgW14Jj+P57V9oeiQPOmgkO71S756CCtsSjWcYf3P5EahvDgDeH0fizkTJbAseI5qKIJAtgJTKX4BODMCy+2A609kI53l9kjfJPU9yYDq8kiJA0o7oFgmGRwhLnoaMEm98DzgXR6jZFFSRO86f3KD02SrPJs6JyBCFG2zU0kcv7wIhEbHE0/Nj4wD9YWDVan0a2xQRl6/dyrNM6cMbEQZ0nVEkfhcVIiUM3r6sTYMdVg32mWIHeBKaZEFep7jLt2tNb90MfXx350wjKwSE8QNv1UPu5vr25OSTDPCRMNCilxyy91cNlf7T0cng5qxCHpERG+Q0EWVPPWSRGfj0d5IvguHBFk0jHVWzubbEJJO9l7biugl3f7Orm/tthiDhD6uOESKwDMs86JccJr1uftnJNGUiqqi+78CZ5CWgRiHp+P+6PB6EMDFNSNtficdQNxEaIRH8sA9+nZ+8F3zg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(39860400002)(346002)(396003)(136003)(45080400002)(76116006)(6916009)(966005)(5660300002)(7696005)(66574015)(6506007)(186003)(316002)(54906003)(26005)(478600001)(66556008)(86362001)(66946007)(66476007)(8676002)(55016002)(83380400001)(8936002)(71200400001)(64756008)(9686003)(38100700002)(52536014)(66446008)(4326008)(33656002)(2906002)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZBfxGRIuMn5xn21f6kmZqVXP+laibNa1XluuwhBOMhQUQihQcLjijvT0yRZ9b+/6OPxISOH5+IA4FPab8v2wZ/KKY9HVM6u2sYGp/MdfFbcy0QE2Xr0McTWsyeFXGFsR+PCYpzqfhV7o4DOx5tnhUnBtxgMpjbhQ9IcUmENzO+gCgPSDrl2CaLNRaZjT7PxUuPpXVCcu7r9858StWDxDWVE2wB6Mmqlu5iMmqbKokRe9iC0dxWL0LzN7NXK4FJE8cCXD139QZt9trGIFwHiCaDgAJ4YA36QJN+vvPYJEJjfW6A3Z7qyL4+q91JiybAZKqoRFBNMT0v6PVTgK2MUC+58QPwnErHTBRONo5Jev4caqSYYPDxpJN5GnOIBDZW+06/HyMq5olPTd3jQGSdtATicL6m3E4YYYMMc+hlNxBCluP+5s9JPGfKxK4cQ2Hala408DfS64F+b/MWzuZuaeEo3YKsvugAdUWVZXWeo61tqv96JNgRQkH46dk9k3grrGVSXI0OCd9v1V0vNE8Zf1Hpd0mJ/vZq0xgYMD1f8pDcAlbqwj7FjqwDekQY8Laz1XNfKWq1wqGWmFFNKPUop3mCMJtrdPiYBoO8TEEncs6z6yHCY58mcW4+BVPOZIWqTWYlhxd35wcAKICbYCc66uQslYJoRv+tchN5bikYo474KVYLxiyNYQ41mv0V/nUe8rsxKyuNnCqfV3fZ7UH16QJJ86B5sGlq4Jbvj1NVxJJCOWgLnpF/87+PyQOjOt4SCQoGkyhZNg9Oae6PIOxwmOX+OY3u+vmyUf/2x8uiTiPxfEN6a50vjDIVIzeVMEIVb0/fKRvAy6cIyMWTrlwv9nrwfVgG3bu+NGUjsmao1RpYql8Kh9JT3qcq/AWOd+7/nJCep++b/NNJLCaNqgfsdI7GKfNc8EziooiiImUD9eSmE4Tic/LAtgxr8cnaRmmyG4519/yj/zQaS5ukTh3EZSXpbzPPLmzoYzwr9msq9sZOteZiDtrucf8udm3PfKAHJeNYh+2IIH6Yh5m0yYGgwpBf1g1ItxIIfJsRHyFSudR3YcNIMM5+R+hq2KsjMiYnWuNIDWoO4/loCtD8eqM4gzbsUhb/5sk71Y9w/Bg9cwRP6Bb/F+ChRmdYs+cys8ZyUmNnMCPTMczvE/wj1QEJgtFfTtd3G8oOhQPJRIPCWbn+ZN2yVsXZouFxaK+jyb+ayr3wN5YBPXTcv20Ved5vDyvh3y6c9i7m1akRM/GlFIDJ0OJwWHyIQkjyBiqL9egj1FSsmfOoh0fiis7m/Se/IESFmCuHqJL+5w5MQjk7DlLyKF+Jt2Wu/QHqd8e2LTJ7TC
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a318d23c-cfdb-4522-54f2-08d942e967b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2021 14:54:08.3492 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1fsPzJ1Fz/jC8+2Tc1X0OIT9VmUTj8E/i2p0nOrcGZodhYkoZ8zLJ+700DLDSDfi85jt/JXSE1yKW++SiQRyCy6Pfk4pPoVup7RXp/QEuqA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB2143
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/_feRq6VpiGudid7_7qXalfRB6Y4>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-lightweight-cmp-profile-06.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2021 14:54:23 -0000
The update of Lightweight CMP Profile consists of may changes as discussed at IETF 110, on the mailing list and for consistency reasons with the current versions of CMP Algorithms and CMP Updates. The document was also completely reviewed by David to improve reading flow, spelling and grammar.
From version 05 -> 06:
* Changed in Section 2.3 the normative requirement in of adding
protection to a single message to mandatory and replacing
protection to optional
* Added Section 3.4 specifying generic prerequisites to PKI
management operations
* Added Section 3.5 specifying generic message validation
* Added Section 3.6 on generic error reporting. This section
replaces the former error handling section from Section 4 and 5.
* Added reference to using hashAlg
* Updates Section 4.3.2 and Section 4.3.3 to align with CMP Updates
* Added Section 5.1 specifying the behavior of PKI management
entities when responding to requests
* Reworked Section 5.2.3. on usage of nested messages
* Updates Section 5.3 on performing PKI management operation on
behalf of another entity
* Updates Section 6.2 on HTTPS transport of CMP messages as
discusses at IETF 110 and email thread "I-D Action: draft-ietf-
lamps-lightweight-cmp-profile-05.txt"
* Added CoAP endpoints to Section 6.4
* Added security considerations on usage of shared secret
information
* Updated the example in Appendix A
* Added newly registered OIDs to the example in Appendix A
* Updated new RFC numbers for I-D.ietf-lamps-crmf-update-algs
* Multiple language corrections, clarifications, and changes in
wording
Any feedback is welcome!
Hendrik
> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-drafts@ietf.org
> Gesendet: Freitag, 9. Juli 2021 16:41
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Limited Additional Mechanisms for PKIX and
> SMIME WG of the IETF.
>
> Title : Lightweight Certificate Management Protocol (CMP) Profile
> Authors : Hendrik Brockhaus
> Steffen Fries
> David von Oheimb
> Filename : draft-ietf-lamps-lightweight-cmp-profile-06.txt
> Pages : 92
> Date : 2021-07-09
>
> Abstract:
> This document aims at simple, interoperable, and automated PKI
> management operations covering typical use cases of industrial and
> IoT scenarios. This is achieved by profiling the Certificate
> Management Protocol (CMP), the related Certificate Request Message
> Format (CRMF), and HTTP-based or CoAP-based transport in a succinct
> but sufficiently detailed and self-contained way. To make secure
> certificate management for simple scenarios and constrained devices
> as lightweight as possible, only the most crucial types of operations
> and options are specified as mandatory. More special and complex use
> cases are supported as well, by features specified as recommended or
> optional.
>
>
> The IETF datatracker status page for this draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrac
> ker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-lightweight-cmp-
> profile%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Ce2
> 6b4baf412f49454c8a08d942e7c20a%7C38ae3bcd95794fd4addab42e1495d55a
> %7C1%7C0%7C637614385454848534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000
> &sdata=3mcln17r91zfrAxZngaFezE6b7MHZy38ccBN7y%2BMna8%3D&
> reserved=0
>
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Farchive%2Fid%2Fdraft-ietf-lamps-lightweight-cmp-profile-
> 06.html&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Ce26b4
> baf412f49454c8a08d942e7c20a%7C38ae3bcd95794fd4addab42e1495d55a%7C
> 1%7C0%7C637614385454848534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&am
> p;sdata=Rpj4PN30Es3LC%2Fblv4CDoEZuQeLyayl3WOK33vnJIV0%3D&reser
> ved=0
>
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Frfcdiff%3Furl2%3Ddraft-ietf-lamps-lightweight-cmp-profile-
> 06&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Ce26b4baf4
> 12f49454c8a08d942e7c20a%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7
> C0%7C637614385454848534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sd
> ata=moC4PSywcDkpbMsobT%2BwYctXSQ1IDXsM0OHDslRX%2BH4%3D&re
> served=0
>
>
> Internet-Drafts are also available by anonymous FTP at:
> https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org
> %2Finternet-
> drafts%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Ce26
> b4baf412f49454c8a08d942e7c20a%7C38ae3bcd95794fd4addab42e1495d55a%
> 7C1%7C0%7C637614385454848534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&a
> mp;sdata=VRh1kUEAQ6xs%2BjFes1Tj2S1rId6SYS6VYRKJ6yA86lU%3D&reser
> ved=0
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockha
> us%40siemens.com%7Ce26b4baf412f49454c8a08d942e7c20a%7C38ae3bcd957
> 94fd4addab42e1495d55a%7C1%7C0%7C637614385454848534%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
> XVCI6Mn0%3D%7C1000&sdata=CDtu93%2FcD97WTas5tMzlJ90RY6uTb%2F
> aK4NKWHpAUfnU%3D&reserved=0
- [lamps] I-D Action: draft-ietf-lamps-lightweight-… internet-drafts
- Re: [lamps] I-D Action: draft-ietf-lamps-lightwei… Brockhaus, Hendrik