Re: [lamps] Support for working on the lightweight CMP profile
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Tue, 28 May 2019 14:55 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40920120229 for <spasm@ietfa.amsl.com>; Tue, 28 May 2019 07:55:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Y2kMU9qv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Z9tc8XSc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXzDAfps4jBG for <spasm@ietfa.amsl.com>; Tue, 28 May 2019 07:55:35 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DB11120221 for <spasm@ietf.org>; Tue, 28 May 2019 07:55:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24310; q=dns/txt; s=iport; t=1559055335; x=1560264935; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=PVNAlZMC1JwmCShNvtora8fYhTYIKSLU66DFFu9hReU=; b=Y2kMU9qv/d7DlNjUM/f64wy7CTTcyicUDrscWEmt8bTYVTzcmRk7YyL+ 94+k3C3h5p+Lg3zr8V+7JQMooZb528A4Ue6+9RXOut6hdwEcHycjF97Qn NtxKAcPor+uFLVVJpIVv6vVa41SGUIKV4XNOwSwl8OK++G4TSNK1qQ1AB Y=;
IronPort-PHdr: 9a23:FFe/GR9zix+jp/9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdaGAEjjJfjjRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AGAADgSu1c/4oNJK1lGQEBAQEBAQEBAQEBAQcBAQEBAQGBUgMBAQEBAQsBgQ4vJCwDaVUgBAsoCodQA459gleXK4EuFIEQA1QJAQEBDAEBGAEJCwIBAYEFXYJeAoJjIzUIDgEDAQEEAQECAQRtHAyFSgEBAQEDAQEQGxMBASwEBwEPAgEIEQQBASEHBycLFAkIAgQBDQUIGoJ7BAKBHU0DHQECDJ4bAoE4iF+CIIJ5AQEFgTIBg0gDFYIPAwaBNAGKD4FDF4FAP4ERRoIeLj6CYQEBAhiBCwkBEgEhKwmDBoIEIotFESSGdZVoCQKCDYY0jHyCH5QqjG6BKJRQAgQCBAUCDgEBBYFRAzMNWXFwFTuCbBOBWCQMF4NNhRSFP3IBAQEBgSWLKoEiATFvAQE
X-IronPort-AV: E=Sophos;i="5.60,523,1549929600"; d="scan'208,217";a="569045423"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 May 2019 14:55:33 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x4SEtXG7000434 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 28 May 2019 14:55:33 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 May 2019 09:55:32 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 May 2019 09:55:32 -0500
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 28 May 2019 10:55:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wi0NNpeTV7XF28eBv0ElrsknGkMUd40Wb+Feypz1Bv0=; b=Z9tc8XSctsIwKZMUvtWfDsUwxI2K8XN5+0ncM4XjnQlVMKsitQh3P4fj0u69R7qaylqxRn1gk5xDsOWfpOey7qeqHp/ldDEpen+74MeL2Bpjb/jujx+MwBaM3h5dusgYsSs8VIyq9ZEOrL2V9kJTRk0AWIFPGNWKdVwNsd0EChc=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2563.namprd11.prod.outlook.com (52.135.244.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.18; Tue, 28 May 2019 14:55:29 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5463:bad7:8321:766e]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5463:bad7:8321:766e%6]) with mapi id 15.20.1922.021; Tue, 28 May 2019 14:55:29 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Russ Housley <housley@vigilsec.com>, "spasm@ietf.org" <spasm@ietf.org>
CC: Tim Hollebeek <tim.hollebeek@digicert.com>
Thread-Topic: [lamps] Support for working on the lightweight CMP profile
Thread-Index: AQHVFKwjCgg4zQvDK0+wrj7gz31+X6aAncgg
Date: Tue, 28 May 2019 14:55:29 +0000
Message-ID: <BN7PR11MB2547D526E00CE7C5DDCDB3E9C91E0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <AM0PR10MB24028210BCE560C64195A74EFE320@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <AM0PR10MB2402B5BB06E4FB59A8ECB16BFE060@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <AM0PR10MB2402C7C1AAA09EABF047F0CEFE1D0@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <29FAEBF1-2D67-469F-BE78-AF58F78D055E@vigilsec.com>
In-Reply-To: <29FAEBF1-2D67-469F-BE78-AF58F78D055E@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [173.38.117.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 90ab8776-ee73-417e-489b-08d6e37c869c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2563;
x-ms-traffictypediagnostic: BN7PR11MB2563:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BN7PR11MB2563B0185F5660AEC31291B9C91E0@BN7PR11MB2563.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 00514A2FE6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(376002)(396003)(136003)(366004)(199004)(189003)(53754006)(55016002)(7696005)(54896002)(6436002)(26005)(52536014)(316002)(86362001)(81156014)(7736002)(99286004)(446003)(8936002)(478600001)(2906002)(11346002)(9686003)(476003)(102836004)(81166006)(74316002)(236005)(8676002)(68736007)(606006)(186003)(53936002)(966005)(53546011)(486006)(5660300002)(6506007)(229853002)(76176011)(2501003)(790700001)(6116002)(4326008)(3846002)(66066001)(73956011)(76116006)(66946007)(66476007)(66556008)(64756008)(66446008)(25786009)(6306002)(33656002)(14444005)(561944003)(71190400001)(71200400001)(256004)(110136005)(14454004)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2563; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ShtnNqWqvPCpkGzJn4nu/pMoV2tW98gv7C0Ep5n1Mpk/yBpS09grrqABAuGFA31/4GWbfgJL9Hb/JgrtPvReTwbGmPD8EQ3XSxWAcxKC/Uzkef+aAFnq+pTIdRJZD2pgwzbfcNrV5EWxmDgRCKNWhLNkV8tBp5yO4Se/g8Brv9w3PGPeJtNvAHLBggHg8w/d1LHC5lQpjMZmmUiTVJqlIGbk2rST3zYjMZqmr/2GJOi6kclXWC329bB4K607Tb29O5PEdVS15lYwtXptaH9Apo34ca06tdsa9ncEtS4ITPG4felwzOY+g/Ny2tmAAn5DM2m8rDK1HfQGx9i2rP5pPw8K79bqcvrUo7QjNaO3Xm12rv721XnRoBop3sv2tdqBd2oV0GSUMzAh04tNMHNsjwopJyxMNqss+pj+lBbLfXw=
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB2547D526E00CE7C5DDCDB3E9C91E0BN7PR11MB2547namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 90ab8776-ee73-417e-489b-08d6e37c869c
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2019 14:55:29.1493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2563
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/dgRgMFhGQ_t9sp-FIDtCYdEOB_w>
Subject: Re: [lamps] Support for working on the lightweight CMP profile
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2019 14:55:39 -0000
Sorry, for insisting. I still have the concern that by adopting this, IETF will continue the trend of endorsing different certificate management protocols and profiles (SCEP, CMPv2, CMC, EST) that mostly do the same things. Specifically for industrial automation we already have SCEP and EST in IE 61850/IEC 62351. OPC UA has its own SDP for the same purposes. Now, we want to add one more (CMP) in the mix for this vertical. So far I have seen one vendor that is driving this new profile. Two CAs that are interested in CMP in general, but it is not clear if they are interested in this exact profile. And I saw one more vendor that is interested in CMP profiles, but I am not exactly sure if it is for this specific profile either. Rgs, Panos From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley Sent: Monday, May 27, 2019 12:49 PM To: spasm@ietf.org Cc: Tim Hollebeek <tim.hollebeek@digicert.com> Subject: [lamps] Support for working on the lightweight CMP profile Hendrik: I see people speaking on both sides. So, I am asking a few questions to see if there is enough support... 1) If this work is added to the charter, will you contribute to the document? 2) If this work is added to the charter, will you review to the document? 3) If this document is published as an RFC, will you implement it? Russ On May 27, 2019, at 9:03 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> wrote: Hi Russ Did you have the time to look into my mail below? I would like to push this topic further forward. Hendrik Von: Brockhaus, Hendrik (CT RDA ITS SEA-DE) Gesendet: Montag, 20. Mai 2019 15:43 An: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> Cc: Fries, Steffen (CT RDA ITS) <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>>; spasm@ietf.org<mailto:spasm@ietf.org> Betreff: AW: Proposed Re-Chartering Text for CMP updates and lightweight profile (RE: Follow-up on lightweight CMP profile) Hi Russ We discussed my proposal on the mailing list. I feel there is quite some support. Tomas, Max and Martin supported the activity. There were some questions and concerns from Panos, that I hopefully could clarify. What is the next step? Hendrik Von: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> Im Auftrag von [ext] Brockhaus, Hendrik Gesendet: Mittwoch, 8. Mai 2019 11:10 An: spasm@ietf.org<mailto:spasm@ietf.org>; Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> Cc: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; Fries, Steffen (CT RDA ITS) <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> Betreff: [lamps] Proposed Re-Chartering Text for CMP updates and lightweight profile (RE: Follow-up on lightweight CMP profile) Hi Russ, all, as discussed at IETF104 and on this list we would like to spend further work on updating and profiling CMP focusing on industrial use cases. To get input, feedback and support from LAMPS we propose the following charter text. As certificate management gets increasingly important in industrial environments, it needs to be tailored to the specific needs. CMP as existing protocol offers a vast range of options. As it is already being applied in industrial environments it needs to be enhanced to more efficiently support of industrial use cases, crypto agility and specific communication relations on the one hand and profiled to the necessary functionality on the other hand to ease application and to better facilitate interoperable implementation. Hendrik Von: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> Gesendet: Mittwoch, 8. Mai 2019 02:18 An: Brockhaus, Hendrik (CT RDA ITS SEA-DE) <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> Cc: spasm@ietf.org<mailto:spasm@ietf.org>; Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; Fries, Steffen (CT RDA ITS) <steffen.fries@siemens.com<mailto:steffen.fries@siemens..com>> Betreff: Re: [lamps] Follow-up on lightweight CMP profile Hendrik: The current re-charter is about two weeks away. You would need to propose text for the charter on this list, and see if there are people that will review and implement. Russ On May 3, 2019, at 4:52 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> wrote: Hi all Referring to the Email thread 'Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile' and to the outcome of the WG meeting, we want to summarize the current state of the discussion. The discussion we had with Jim motivate a split of the current draft into a CMP Updates and a CMP Profile document. The update of CMP is needed because we identified at least two point where a change to CMP is needed: - Change the type of encryptedCert from EncryptedValue to EncryptedKey for ECC and post-quantum algorithm support - Extend the RootCAUpdate announcement message to e request/response message to enable requesting the update from the client side The remaining points from the initial email were seen as profiling topic and would therefore be handled in the CMP Profile document... @Russ, how do you see the status of the current re-chartering process? Would you support to add both, or at least the CMP Updates, activities under the revised charter? - Hendrik _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=02%7C01%7Chendrik.brockhaus%40siemens.com%7C743e39b041d4476e826a08d6d3950ad8%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636929034414755277&sdata=PxGWfXa6%2FzuG2Pi844eXybqzfxwjQf0FAsc2YtDEYiM%3D&reserved=0> _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Proposed Re-Chartering Text for CMP updat… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Dr. Pala
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Fries, Steffen
- Re: [lamps] Proposed Re-Chartering Text for CMP u… Brockhaus, Hendrik
- [lamps] Support for working on the lightweight CM… Russ Housley
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Support for working on the lightweigh… Brockhaus, Hendrik
- Re: [lamps] Support for working on the lightweigh… Panos Kampanakis (pkampana)
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Fries, Steffen
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Peylo, Martin (Nokia - FI/Espoo)
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Michael Richardson
- Re: [lamps] Support for working on the lightweigh… Tomas Gustavsson
- [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Support for working on the lightweigh… Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Michael Richardson
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson
- Re: [lamps] Interest to standardize PKI REST APIs? Brockhaus, Hendrik
- Re: [lamps] Interest to standardize PKI REST APIs? Salz, Rich
- Re: [lamps] Interest to standardize PKI REST APIs? Dr. Pala
- Re: [lamps] Interest to standardize PKI REST APIs? Tomas Gustavsson