Re: [lamps] examples in lamps-rfc7030-csrattrs
Corey Bonnell <Corey.Bonnell@digicert.com> Mon, 10 April 2023 13:04 UTC
Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0884C151548 for <spasm@ietfa.amsl.com>; Mon, 10 Apr 2023 06:04:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ftn8kHq3VeD4 for <spasm@ietfa.amsl.com>; Mon, 10 Apr 2023 06:03:59 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20712.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::712]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 559F2C1516E9 for <spasm@ietf.org>; Mon, 10 Apr 2023 06:03:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kgolUA0t16m8qL5m7er7LrOqVmeAiAoJRb1KRtoKW/SAQ7daeuqOwg4zISNrG05XnqpoKp6J7qrt7oErXLUe4Bc81e6jIBSirE+r+oa4PTy+LWpdUiY6m5j6TwDFcXsy5MSVfIRDSHl0HOZaJ1OD028dRRd5bIrdt6ek0r848LUceLtsOqp61i4lwIMAnBwbz+UHi79TmEXAvJvaV4CwtMqPJQLNFzZGOLe5pMPkESdIkvlWdN05fvw2SY9PUyD06UEcXSA04V0HgMLu6LOjHh9YpjPjll0nsnHH1h6PNg0bpN9ScNVjbXS/tbgzSMk88L4bdyJNQceP9ebJww1veQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V/nnVGnLhEPKnHiz3R47vnLe0F7Oai/pi6LEWmpUzcQ=; b=iHTXAkqglCoeQ+DSFtd/dcA9gwUxcobLgHMs6uGJ5B69C/F40p3OP2O53RijptGzbOAEnjYCQylQ9eFljXHVGn8moCOGbA9IGh8AiM9R62aFHQt7B9IClKxzXkHS8KLae4fwhfj7SY+RB2CZyDxpLAYPsNxibQbKbHDtCndHb4Orfq//PPxXQ9ty1yVMN27Qj1WQWVb3bNIgplVKpzqpv7sv91uPof5H4HPNTrrR4Dwj8GVdBYCQj1l+IufEIvPQrLoCGdnvyEnxMgnqzMZwS1UrtW8tNMRjEOFKCO1TfSWu6H9M0ZZ3HdYRYDG4viSybNUo/paDdJKDpKk9Edw/Mg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V/nnVGnLhEPKnHiz3R47vnLe0F7Oai/pi6LEWmpUzcQ=; b=xPKdP9rrTYakufypeXrxZmCIYa1PWA9FfOKDTHSHOMC3NnBa/ZBHyN1aFI4Gv8rl7rN2Bre/qrvvVB8Ne13fDzVWDL4MImRvm8vFE2zvIAYs94ohcxE5YA0lftmMu+OEF89+6GCwEvBTu476445wsRCeop2r2YVfDBsMxflr+mnYK9/YqetmX9rk2jzWv+CFt61QVsDHxnrGl8maEdvfB6S/YHzL/4IWmXQgiiUrboPXAX7ZSbKpHRFHP6zRi5QUwW87NkdEKbneObIrSmK3YR7WDqA/hwwskeGjeW+uDYviYubYSOYAUng/dZ05JvDyR5iy0NCxBB4aq4MmVJ/A1g==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by CH3PR14MB7140.namprd14.prod.outlook.com (2603:10b6:610:158::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.38; Mon, 10 Apr 2023 13:03:56 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::e157:829:f7f0:aa45]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::e157:829:f7f0:aa45%5]) with mapi id 15.20.6277.036; Mon, 10 Apr 2023 13:03:55 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>, LAMPS WG <spasm@ietf.org>
CC: David von Oheimb <David.von.Oheimb@siemens.com>
Thread-Topic: [lamps] examples in lamps-rfc7030-csrattrs
Thread-Index: AQHY1OsTJ74paKyaEUiQE8rvDrh8Nq34cMyggSr+XQCAAja/IA==
Date: Mon, 10 Apr 2023 13:03:55 +0000
Message-ID: <DM6PR14MB21866FCFB9868D28B8D4206E92959@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <12352.1657505901@localhost> <ada963a796ca3fafb42a29751020ff4326fd2a1e.camel@von-Oheimb.de> <563732.1659120308@dooku> <36c409c2-ab92-4ec2-6f1e-235652a243d9@siemens.com> <56a8af3a-63f2-5f19-62d9-59469ab678bf@siemens.com> <811228.1664555888@dooku> <DM6PR14MB21867A3B153FEC78FEE4C18192569@DM6PR14MB2186.namprd14.prod.outlook.com> <28080.1681007966@localhost>
In-Reply-To: <28080.1681007966@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR14MB2186:EE_|CH3PR14MB7140:EE_
x-ms-office365-filtering-correlation-id: fa944f8b-c4f0-426e-78e8-08db39c40a90
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xbJTxO5B1lSJ+dtJP1seJaJCD6gLXmLbXO5+cuTl3zhYsUsTqSjWOBk3Ffa4paES+eZ0yGoOQt4NXz5MlWgG3agFHn74nR3Fonc7v8dIywcK33SknS8LZ7XH65alRj1ClBw1mb8w+PSLk/9b5F2xKkCgim+HO9JAyu0YVXGPLgi6bD+5rBp1QXCvhexzuOu+/c4+hEErbF7PE82J9SPiHjj5KBTMzmCiNn58e5SnA5T50N3f4ykK9NOdOsnLeNaBZCzDuwToLIGyzNDXxnGjQNcrQxl8GiNtwrCSOsC3/wDgONDCQ0KIKpoZgXSQhdvQo8Qa8TdwFLpAzKHsGYwVhd/ZPa7oQA0fLuf2FKdTVdVtThxBbE4T1Fn1DNG2HzmKKhoUXqDhZlMyfDeiE9LkfOdW2Tm4/SN+msRnLvlHljU/jXqjw5vp4AhFBj6Y7r3iU2QoJtESVfecISV1eIp9YUSWJG5kDcwAilqYQZxdVcCFdRRbGjNALnLj/KL7p0OhYnU/UbuaSOJnRulZRXKF6FOQDSJ0vIekSDccZm9TJFYSwhqlt/TK+mDjcolEyYIrtDFfZyxV2YeMkHZh/BEvQZM6ypS1AZXOZPBxw8w76Tg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39850400004)(136003)(366004)(376002)(396003)(346002)(451199021)(316002)(110136005)(478600001)(83380400001)(66574015)(33656002)(55016003)(26005)(6506007)(9686003)(53546011)(186003)(38100700002)(122000001)(86362001)(38070700005)(99936003)(71200400001)(7696005)(966005)(41300700001)(66476007)(66556008)(66946007)(76116006)(64756008)(66446008)(4326008)(8676002)(5660300002)(2906002)(8936002)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: visfjFowNUE3xi4zgVQtRPdIssa2+KtNn41MmgwyH99yuKfDTdrYOvralfhx63HFXH1DHsuN/TqKdgluAXuetYWobcXiApOvbBzP+B/HLS+QgExh9O/YJ9hzuV4k/YF/8RBGQDGloKtb8LObAekw36wFgPY315r1SEaPRLmBMBx65NadJx5w7mhugHPrcUes59gqwXW6vmw63wWWD7gIm7f0KETLtSRCaAY+E7+kWglxdUmg164NPCmw6QrX6xS6D8mY75Bqx4mxA90/iq2w9gA+en48ABK9H3oXfZPZKOXgs1tBaxT7L7yBgRF6Mn0LnLPpaNKFXMDNLo54hSvleAEW6WSanWKFRUNA4yCMziVIXxV5+kn2tqWKQstNf2aQ9N6eMBdrrbFBcgggTJojQzQSImqXobLRouEiU9NRafmat4i0lSJd//9uR0+btiRRf9ktjivqvk9RRToVs8Nk3UEeYpDtcSNGvjM5WpheGJ2M3gkeNl2q4ZR6e6Ph0XK7X7Yv31XYxFPf8DDxJaYVc0GpjoGsFdPiY0Q/SvSAFpU8+udmL9Ivxgfv1yQW3oZryRzlCy70AS1pceNVob7oM2HcGhD6QARiXFMdWirwdPsxeOIKGmgTsJJUfNBNPt9pR7neZQT5rK7cEhQxFVtJP4TWDvkF0vtkvuWbvqOqOJJKi/kBuxhC3Mh35//azNlsf0hTnIK650+yXCzMXhagzlX7aCvh7mKXxMvek4dkwX1Qwfkh/S4C7P3/xXZYRjTiKqsTna1jSEsou92weZIvtHrrl372XxU9nc9zFMvdpPHtZBGpyib0Lv/Gucm/NggGck9r7KBz/Bifdb60xNICh1wnQjDqnkO1jwErrfSh+3cgoNUhFyaeXVdU1o4GWOGg+Blydtpjc79rlOgzbzTsPpgmStGJkAiq3Rl3BT4KvnsgQ8Pr/lwJpq15pZ6kphpT6KPjOo3l85LBW2HUx3WUNF6VXuOJwlMKinKCU+yNhzxcanm4r7aCVLrr4/rJGhtGF7oseq055JrbGTHM44ZVLrG57CQqF6bU03GnSSLOsPNQ588ucNDgskT+6yv8qMDriYQvoJeYx1bnoDb9KnWeZvJV3+Vv5TL7yMqkVsZOJ5BW6Ato/u1FjxpOMTu4BSrqdUhYIXp04Su+pDuFtaSGSuWWmJzx/uXp2d1p0FZs73rOPu/zlF+WIgEMeCU5fOszL7/zRPaoDAPcLEjDTsliUjJ+EGuYPsKvJZs/syU6GMfKUeWMAgZ1X9QyxOWunXAUnT4Gl49ZDhDwUaE6rCVWoTBzVeLSxp3VSVpqm8DaUwD14P35N02/ivfd/12BJKo0ala0uVGp+qOteLQ0n+ouwGKU/7i0BJs4Mf7vPfNW9wGe5qa2p9nJCeKGtp/B77u4XS1DPWaRdMzGoUpALq0+Clxu/uiZvZsk5hauMGlu8r4hnazYHZ2le3JgW1du7nVXdBCZWCMhgNZXpgao28EsF/FDLuUNZmefX6M6l77i6dOpqTh3Q3vGh5F6Ew96SwLHr3ZywD0GvqyDv9z/Ccz+pP1onU0oZfjihMZ6q07QodHIREUpPW7fNqIvw0MUq8qL
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_04A8_01D96B8B.601B0530"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fa944f8b-c4f0-426e-78e8-08db39c40a90
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2023 13:03:55.6389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BnVNX4VUkYyMtX7HDrVnAlwYeR5tlXo7KAWx2AelxSxBg4KwQqFuEYOZIItcFPGB6LiHgSrR6/UKMs7AQEfIy6UdvagYYenJidQejQtIwh0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR14MB7140
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jvcP7XtA4UjueaNtXsOC09xj1jQ>
Subject: Re: [lamps] examples in lamps-rfc7030-csrattrs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2023 13:04:04 -0000
Hi Michael, > The document has a SEQUENCE of CsrAttrs, while you have a SET at the top. Apologies, that's a problem on my end. I mistakenly used the RFC 2986 Attributes SET as the top-level container as opposed to the RFC 7030 CsrAttrs SEQUENCE. The script has been updated to correct this: https://gist.github.com/CBonnell/a46f9065f121bcb1b88c02e1204fd4eb. It might be useful to use the term "CsrAttrs" in the document instead of "CSR Attributes" to clearly disambiguate the two types. The script now outputs " MGgwZgYJKoZIhvcNAQkOMVkwVzBVBgNVHREBAf8ESzBJoEcGCCsGAQUFBwgKoDsWOXJmYzg5OTQrZmQ3MzlmYzIzYzM0NDAxMTIyMzM0NDU1MDAwMDAwMDArQGFjcC5leGFtcGxlLmNvbQ==", which translates to the following dumpasn1 output: 0 104: SEQUENCE { 2 102: SEQUENCE { 4 9: OBJECT IDENTIFIER extensionRequest (1 2 840 113549 1 9 14) 15 89: SET { 17 87: SEQUENCE { 19 85: SEQUENCE { 21 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 26 1: BOOLEAN TRUE 29 75: OCTET STRING, encapsulates { 31 73: SEQUENCE { 33 71: [0] { 35 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 8 10' 45 59: [0] { 47 57: IA5String : 'rfc8994+fd739fc23c3440112233445500000000+@acp.ex' : 'ample.com' : } : } : } : } : } : } : } : } : } Thanks, Corey -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Michael Richardson Sent: Saturday, April 8, 2023 10:39 PM To: Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>; LAMPS WG <spasm@ietf.org> Cc: David von Oheimb <David.von.Oheimb@siemens.com> Subject: Re: [lamps] examples in lamps-rfc7030-csrattrs I'm sorry to take so long to get back to you. other priorities have kept me away from this work. I very much appreciate your time to help me get this right. Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org> wrote: > Hi Michael, It appears that the example in the -01 draft has a few > issues, mainly surrounding implicit/explicit tagging and level of > nesting of SET/and SEQUENCE elements. Yes. > 0 104: SET { 2 102: SEQUENCE { 4 9: OBJECT IDENTIFIER I'm finding the top-level SET confusing. I implemented a parser for your example, but... However, it's not at all consistent with the examples we have in RFC7030, or the ASN.1. Section 4.3.2 has some encodings that we said we wanted to maintain. The document has a SEQUENCE of CsrAttrs, while you have a SET at the top. Is there something I'm missing, or is this a typo? (The document has expired, alas, so I've reposted it again, mostly unchanged. Well, it might not even reflect all the discussions as yet. Maybe I have unpushed changes somewhere) -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] strugling with CSRAttrs David von Oheimb
- Re: [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- [lamps] Fixed the RFC 8994 / ACP Subject Alternat… David von Oheimb
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… von Oheimb, David
- [lamps] IANA Considerations text for OID allocati… Michael Richardson
- Re: [lamps] IANA Considerations text for OID allo… Russ Housley
- Re: [lamps] IANA Considerations text for OID allo… Michael Richardson
- Re: [lamps] [EXTERNAL] Re: IANA Considerations te… Mike Ounsworth
- Re: [lamps] IANA Considerations text for OID allo… Tim Hollebeek
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell