Re: [lamps] draft-ietf-lamps-cmp-updates and the ASN.1 modules
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 21 September 2020 16:09 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17E203A09C1 for <spasm@ietfa.amsl.com>; Mon, 21 Sep 2020 09:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l803O0s2wfWV for <spasm@ietfa.amsl.com>; Mon, 21 Sep 2020 09:09:28 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130082.outbound.protection.outlook.com [40.107.13.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B76463A09F4 for <spasm@ietf.org>; Mon, 21 Sep 2020 09:03:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nWd5457ifbgaOL4PLbnADIrU+vjfQhdAi9bTiPjbWgrs5A5qZ0xr3uDQGQCfCFu/uLbFBp5oYI7rj7aS5qT9G8CjUuBdtqFN+pUA+2QUjpecFdYTe0zsSxYlQnp+l0Un2+Z6ed1SAgCdSjn1BocvddwwBr6J0gRZYiimDniZJdzJWmMJoZDipQyB29U3p+QT5zMkJYqGn5uJyP1uvuK4Ori2S1rDm3x8jVEMSpw3v4WQZi3wgMrt8a8i+kRuLWGuHfqjZqBRS0dLAzg2Hn+hyD95i8RntC+Q/D4kf/KrMIdAOYL554BRyeP6TH6E9ZUnplmYTzvbTbIR9ewTuI6Ptg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ESodrB1IfQcs0Co21uoZZKFErGzHw+mYnrxbNTYJLq8=; b=agixbat6X9u2ek6qgFKCE4NzKSLHEeIJmWNHpvaIZXaQKLnJzVRECOca+GF98YDXqDK+HgH3UBdkFcvUTYK7T8FprqGgMcBhvl1nRzXlQZrMc52smFi0C5T7A872+KfBCu6rt/V6vtf1B4JF2j8LkDa7pkc1i24AXfWy99By7byfXCYNV4xzGjaOwSLtArJuUvQkvmaIwKjWOfzge4lMLNo34aAlbEV9X7Zm4R/UuWN+89zp0wcoq3/v3utuiyLHAyGNtx4g+mj4KMFZwa2OyCzy9/5dNtLm73QsE1wE+M58LaBbI9ZpFErN4uL15fTLtvRxbeMc+b7Zr3oUz5VGfw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ESodrB1IfQcs0Co21uoZZKFErGzHw+mYnrxbNTYJLq8=; b=C3/rCF4T5XNZtTUuJahyiXpjiN3cZBLI6IiY/0Mw4ydJlRxDYQPrCsECn+Wm/UWFwgPTsGIkfZF7Fo+Z3U06NI1jcPy6Jy2X7YcvKyDTfQcYyCWd9nGudDUVS+3eHScvT/2TpV1aw3oGZFsJe/ix93WFZTYWoZF4wrNYu2aPygQ=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM9PR10MB4037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1fe::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.23; Mon, 21 Sep 2020 16:03:06 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed%6]) with mapi id 15.20.3391.024; Mon, 21 Sep 2020 16:03:06 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: draft-ietf-lamps-cmp-updates and the ASN.1 modules
Thread-Index: AQHWjo4OiLP9XFYU2UG5dPTLDWkRQalzLXMw
Content-Class:
Date: Mon, 21 Sep 2020 16:03:06 +0000
Message-ID: <AM0PR10MB24186CDD52ED59F19CCF6CB4FE3A0@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <AM0PR10MB2402173DFBD40DFF043AE839FEA40@AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM> <265385CF-F479-4CB6-9C9F-88EA4807365D@vigilsec.com>
In-Reply-To: <265385CF-F479-4CB6-9C9F-88EA4807365D@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-09-21T16:03:05Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=e6ad03f6-37d3-47b8-9bbe-5a5487002858; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.169]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7062c205-51d5-4ea0-49fd-08d85e47d40f
x-ms-traffictypediagnostic: AM9PR10MB4037:
x-microsoft-antispam-prvs: <AM9PR10MB4037E7BC59B79A154517E8E1FE3A0@AM9PR10MB4037.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hHLRyT6jPOWRzlTZEm1lN7X81Tobm5TXj0hRHn2zvGMxKlcX9/bKKDA9hQXV4Qg3LpXdhX1TEGKBOsC+ovLdQu8bEnd8qMyNYlwi6Y2o8eGKBZSZ4BXNWROWvziFjO7BPEVu7p1sW8fBm3msBD8ANfJV1HA6p2lNLuuptZLlVzsHiZ2cyxf9Qr7TuZoiuGizeUBr9CDgOUiA5+5gx7QWvPQTut8s9/7Fo1VommlfJY+y/oobZF12Wp8jUPw9KwDyt3BItHz+0gSBUTpp2Dk0d/DGOUOH69UaZ2ab6HAkq8n021KUJPLPBfHE56lR9wlaz7cMghfCn4ITrx/Qc7tgfQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(39860400002)(366004)(376002)(136003)(316002)(2906002)(86362001)(33656002)(8676002)(8936002)(66946007)(76116006)(55236004)(6506007)(7696005)(83380400001)(5660300002)(52536014)(66556008)(9686003)(55016002)(15650500001)(4326008)(66476007)(6916009)(71200400001)(26005)(186003)(478600001)(66446008)(64756008)(66574015); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 5SrbfS/rUhvJxmcmKUy5gDbKlg/ToJsMtieXPrL7BhxZiPYpD9w/EFsBliciYzsRTlfrVx/GMFiDF7gSwhwvvCQNxDu8Gzjz9QL1G1cVoRL7Bd5SpaUQwVYbNWzr1L4yiOVCiHbdAu/dyPawmT56KlEYPJ0n7e2ZpuQibV3x8FqMUuy0jrcqwtKJwpvk84xRNq3OGbu84xKBCkxIZYiCU5O/sElVD80HPHWp58bwJ5/nRm1nE8VP9Ho1v8leVsFz4Thvx4k+zEHqz3qdY1GIfohRgzkNInzsXWwMTxVmQGRBHb/wI5/l9NkB5Y+r+cdvfuQ2rXAOzvGXbbr+geA6FLs1DhGDL4s6RqnLODroO2YOFtiSx5o5SXS77X0fh69vcf5anFWFzvv9JSyw82MDTjWRvkrvRw0vUmu/tsAEjy26gW0VIC8j6GGt6o5JjlQC9vp0kx30ZaXPx7XvOntoKDQoszZCg4a1C5/u/7mczRDxo7KsxT8u6sCYO1dpWL6S3a9ZG6xNnjd4JJ+sZZHGeMHDeCWKp2IpzGPQG6fhW579Ya5KogZMMGA+f2rjmuWXct2y5nqhxU6he71Rkx5f8ibFFmwyDPUfxYWnSdY1XdecByEPUdDZqZKyatUZqKiokf2w/hoBayGLDI8BXJllnQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7062c205-51d5-4ea0-49fd-08d85e47d40f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2020 16:03:06.4836 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hFIMJs6Creaj4UN5zYzUx2lobDkEisRGaaMIAG2yptv1HfAnp3/y09JRwa/pqHyOcKI1vvmfFA/k7B8lcMFvkit4DehJ8RCvCAGBat3HLzE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4037
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/OVD3QXaNRv_9TCmK960T7tmB5sk>
Subject: Re: [lamps] draft-ietf-lamps-cmp-updates and the ASN.1 modules
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 16:09:30 -0000
Russ > Von: Russ Housley <housley@vigilsec.com> > Gesendet: Samstag, 19. September 2020 16:06 > > Hendrik: > > I have two comments on the ASN.1 modules. > > > (1) The new module says: > > CertTemplate, PKIPublicationInfo, EncryptedKey, EncryptedValue, > CertId, CertReqMessages > FROM PKIXCRMF-2005 {iso(1) identified-organization(3) > dod(6) internet(1) security(5) mechanisms(5) pkix(7) > id-mod(0) id-mod-crmf2005(36)} > -- The import of EncryptedKey is added due to the updates made > -- in CMP Updates [thisRFC] > > EncryptedValue is not longer used in the module. It should probably be put in a > comment. > Right. I will remove the import of EncryptedValue and add a respective comment. > > (2) This part is not changed, but I have a comment about it: > > Challenge ::= SEQUENCE { > owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} > OPTIONAL, > -- MUST be present in the first Challenge; MAY be omitted in > -- any subsequent Challenge in POPODecKeyChallContent (if > -- omitted, then the owf used in the immediately preceding > -- Challenge is to be used). > witness OCTET STRING, > -- the result of applying the one-way function (owf) to a > -- randomly-generated INTEGER, A. [Note that a different > -- INTEGER MUST be used for each Challenge.] > challenge OCTET STRING > -- the encryption (under the public key for which the cert. > -- request is being made) of Rand, where Rand is specified as > -- Rand ::= SEQUENCE { > -- int INTEGER, > -- - the randomly-generated INTEGER A (above) > -- sender GeneralName > -- - the sender's name (as included in PKIHeader) > -- } > } > > I've always thought it would help the implementer to make the Rand definition > part of the ASN.1 module. > OK, I will move the declaration of Rand out of the comment. - Hendrik
- [lamps] draft-ietf-lamps-cmp-updates section 3.8 … Brockhaus, Hendrik
- Re: [lamps] draft-ietf-lamps-cmp-updates section … Jim Schaad
- Re: [lamps] draft-ietf-lamps-cmp-updates section … Brockhaus, Hendrik
- Re: [lamps] draft-ietf-lamps-cmp-updates section … Russ Housley
- [lamps] draft-ietf-lamps-cmp-updates Russ Housley
- Re: [lamps] draft-ietf-lamps-cmp-updates Brockhaus, Hendrik
- Re: [lamps] draft-ietf-lamps-cmp-updates Russ Housley
- Re: [lamps] draft-ietf-lamps-cmp-updates Brockhaus, Hendrik
- Re: [lamps] draft-ietf-lamps-cmp-updates Russ Housley
- Re: [lamps] draft-ietf-lamps-cmp-updates Brockhaus, Hendrik
- [lamps] draft-ietf-lamps-cmp-updates and the ASN.… Russ Housley
- Re: [lamps] draft-ietf-lamps-cmp-updates and the … Brockhaus, Hendrik