IETF Logo Mail Archive

Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt

Michael Richardson <mcr@sandelman.ca> Mon, 04 April 2022 18:24 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCFEB3A10CE for <spasm@ietfa.amsl.com>; Mon, 4 Apr 2022 11:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LfT6pjGux7xc for <spasm@ietfa.amsl.com>; Mon, 4 Apr 2022 11:24:20 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF28F3A0BD1 for <spasm@ietf.org>; Mon, 4 Apr 2022 11:24:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8ED3538B6B; Mon, 4 Apr 2022 14:35:20 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id UuZBaTb2Y1IN; Mon, 4 Apr 2022 14:35:19 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E0C4A38B67; Mon, 4 Apr 2022 14:35:18 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1649097318; bh=kj9HspP12TAtPSaaGlBVRddfNfI153VaG1lMbBwxie0=; h=From:To:Subject:In-Reply-To:References:Date:From; b=dfd3IqSuIKNRW+vayQUNaVrrm2vGFG/cHk94noiO7p3LvCex+3YiRmreRVTjhK1XV laK4AryqTTe++I+GIJ02+JLcGoXjeuRfL+xFhilVbTFTm4Uq5e4xksdOWvwh57SBlN RU7v4SwhUORCtfCRccY9KOlx4BOPSTNyx3ackaket5rrKj0Mbg01nhK73rkj9ZmhPA GxAdS2a2tYUhR0LMMb+WnhNpzPceea4ihtJy66mrcL1X8UGWzhPZ5bvHxYlHDmQLM6 zsWCXNaiPMLWjeMD7DiGE8PQk/cEsDCEtGFmqFGlNlLJEA7AxJhH/rdNSGqi4xSiP3 WjYqgNyO7EIOA==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 08CD24BA; Mon, 4 Apr 2022 14:24:14 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Sean Turner <sean@sn3rd.com>, LAMPS WG <spasm@ietf.org>, "Dr. David von Oheimb" <dev@ddvo.net>, Owen Friel <ofriel@cisco.com>, Dan Harkins <dharkins@lounge.org>
In-Reply-To: <08FE5767-0449-4C32-8F92-96F8CC28EA64@sn3rd.com>
References: <164667410940.12091.15394112688281514126@ietfa.amsl.com> <15416.1646681868@localhost> <D095D84D-9633-44BB-AA6F-440B8BC00F68@sn3rd.com> <14084.1648570425@localhost> <DCA313EC-A295-4E99-8B68-E5AB0BF2E26C@sn3rd.com> <08FE5767-0449-4C32-8F92-96F8CC28EA64@sn3rd.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Mon, 04 Apr 2022 14:24:14 -0400
Message-ID: <30485.1649096654@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/gDVcYUy6ERoayd-XIPcNjv8gbs8>
Subject: Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 18:24:26 -0000

Sean Turner <sean@sn3rd.com> wrote:
    >>> ExtensionRequest ::= Extensions
    >>> }
    >>> } Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
    >>> }
    >>> } Extension  ::=  SEQUENCE  {
    >>> }        extnID      OBJECT IDENTIFIER,
    >>> }        critical    BOOLEAN DEFAULT FALSE,
    >>> }        extnValue   OCTET STRING
    >>> }                    -- contains the DER encoding of an ASN.1 value
    >>> }                    -- corresponding to the extension type identified
    >>> }                    -- by extnID
    >>> }        }

    > This value is needed because that’s how extensionRequest is defined (see RFC 2985).

    > In other words, the SET would include the OID and a value that is a
    > value for an encoding of extensionRequest that includes SEQ OF SEQ {cid
    > macAddress, extnValue OCTET STRING (some value)}.

    > This assumes that macAddress was meant to be an extension instead of a
    > naming attribute. If it’s a naming attribute, then it’s the wrong
    > attribute entirely in the example.

Would it be easier if we used the otherName example from RFC8994?
I'll dig that details out of my repo and post later today.
The doodle poll is complete, and I've set the meeting for Wed. April 6.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.8.7 | Report a Bug | By Email