Re: [lamps] struggling with CSRAttrs
David von Oheimb <David.von.Oheimb@siemens.com> Sun, 31 July 2022 17:41 UTC
Return-Path: <david.von.oheimb@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F792C16ECBE for <spasm@ietfa.amsl.com>; Sun, 31 Jul 2022 10:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.39
X-Spam-Level:
X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SCC_THREE_WORD_MONTY=2.497, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pXk5GAO0Z5Q for <spasm@ietfa.amsl.com>; Sun, 31 Jul 2022 10:41:04 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2085.outbound.protection.outlook.com [40.107.20.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67389C13195A for <spasm@ietf.org>; Sun, 31 Jul 2022 10:41:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vn32lrmdX586LoUXS1HAS7cNyOgshNW98UyGLOig7QQw7dQOVPzwxcW/escwHJ5PrkIuXj2HpB2040y/M/y7GflumSefM27+oIZb2crVucyo0kS55fWEzh66PpvPHAuCT0iLLJExDR/lCYGT6a/Zx5vVymItQqvWYtC8Q3zsb8Cxdi8BcQP1uuXQ368xUUFtpIzPQB1lANert2lu02lL3Yr7x9B6Zt8FaVWFSu05UX5aTJM2FkH0c22I26GyJRCuo9OyPXf5nKfLfn2IfEt4Nhvb7smnLF5SAtADk1MPLOIjI7vo0HBxN5TGlfUaltNw5iT0ek2SAs1vvuj6vx3OuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9JyhVxD3sr2yEOQ2I1okTxtKaLJbDJf0y2DLFamZPZk=; b=kzjDFNZvQHmHH1DTlfikmp1JoC+Ph0wW4GuCAkrWfqinOyt1QbOjqZPyCLPHmELJaDYqIGfU9SEAajT83LSEYoEf90rLBJzlXyrvPGiQ8Vam5uWrqu+GtpR7mHCjv/nHXQj4yjNIrE13cuomaYrRQuEgaMIzH89RWM0glZ83Qajb5/hZB/KSbu6YpJNWGuk/itTWiA0p+PlVLlN7hdueMOJsbHdM+EWZEwHR+92H1ZlUyxkQwmWg//8FGgL07pj83Xi82IOTIllW7FkP05+nwz4zmyU/OO3Z0gNMeLIgYT7DcVStc8/9npSaui2DZUIeiVj5tNn2KrFd0jdjoiE8NQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9JyhVxD3sr2yEOQ2I1okTxtKaLJbDJf0y2DLFamZPZk=; b=lUzG0pYQKCduRAt4WOeKerkpgeE6YmWB+qeRKfsNAb9+TIYCxvyY6vYeJxjGI2w2Wd2LohzgrgHhnUIAUFawkUAjjTs1H9obtgG+KUfB5rI5Ftu4/g4gPq1IaMzc+prwFftvJdiAzBqOBVbpjMLRCNJm0lNqqSEn/aJNJHn0oXNSLaYlZNz0hPAazejahBbjT6kfuhx2369sEt5n6E1HcNQfGf/zhPBhO82yMwgkes6K3UVzphlgjEZF8wmY9Ho9P3vl/fBlJoZ2s4OHdsmktl6GvLw10ygTiPga0ZeZ+nbELC4ddv7OJsaM3AG9hb44s+kjUvsqRZnaOyqXxbie6w==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
Received: from DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:398::20) by AS4PR10MB5943.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:51b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.10; Sun, 31 Jul 2022 17:41:00 +0000
Received: from DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM ([fe80::d812:1924:5b55:5f81]) by DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM ([fe80::d812:1924:5b55:5f81%8]) with mapi id 15.20.5482.015; Sun, 31 Jul 2022 17:41:00 +0000
Content-Type: multipart/alternative; boundary="------------LmJnq2Myje2bn3ehjlA6vRK2"
Message-ID: <36c409c2-ab92-4ec2-6f1e-235652a243d9@siemens.com>
Date: Sun, 31 Jul 2022 19:40:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <12352.1657505901@localhost> <ada963a796ca3fafb42a29751020ff4326fd2a1e.camel@von-Oheimb.de> <563732.1659120308@dooku>
From: David von Oheimb <David.von.Oheimb@siemens.com>
Cc: LAMPS WG <spasm@ietf.org>
In-Reply-To: <563732.1659120308@dooku>
X-ClientProxiedBy: AS9PR0301CA0006.eurprd03.prod.outlook.com (2603:10a6:20b:468::35) To DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:398::20)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 21fb3ae4-d19b-412c-8a08-08da731bd52c
X-MS-TrafficTypeDiagnostic: AS4PR10MB5943:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: MikVwm6DIhWqj+pkTAuIoR1Zw3W9MP2v03apOj4lfZR4N7yzC2Z1h3I+bJ+41Coh1uu6Legx+ZHZj1e0ymM1Qz9iMvQk6DvziiYMM3xXKRHobk1tvfezAtLTSo4jnnbClP1b1vpgNdwZ8cSSat6pajX3Xn7ZxwU/bO+Pgfq2cYJ5tf/gJNQS70LPFOqaeDFYhVWFEnXTFMXPEfmKRjWkGKRqHxZJkwFr5ZHWs4T5mugNREoH6lX6w1R/08to0uMBsPUSzMqXfZ4I0+hlpjKXqQWl/5hJluj5ozW4ADfy+DO9qj6sgNuWSF1iuQCEUT/1/uGhX/SUjtFACrB8VJBJVnQwTg24ujtF4uN0Mc4slkEj9cBjSrdJARAOUYZm7JHKi4jEgkPAglZAQJQ3QNm3R5zuLyKNPJ5vyv6lXqh8Z74klI/lgxNBXjvoIuHYxwJc2ZbRB5/cBMy3BDg2koTbjAnsmAdxFwBAAWSXkUBxZjXG9YeX+N0oBE0g3JibXf1YZ0mGpTQyFsBzbjiLtjuOZ7tYYfxAzXxxHIaR+sB+yaNkhKOF+DUfAujJZ+dGHMun7QU0dZ19iVBtAIMoh5FdUSVv6DgSOfyvcrnh4CnVSYRt4domXTcWgDDrSk21zOYshZ2JO3w1+zKswlVPbp1jNVkPyk6ff6O5vsEvfrn0ev+UemY0swZB6TLuxq/INYkiTC8dCKE/Lr/l0O2yb7AnlP9irP5zmZEsdg1yGAbygLuFD52kk/xlzv51exAgRnzvuWCGECqf9VAmiIMyQKMaYERPZBhhP6fpwSahGpllHq0fPoEVpauDNQhRC4fZRVDHkOPk8ojd5VKQM0GZ4WbwTg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(136003)(39860400002)(376002)(346002)(396003)(41300700001)(53546011)(6506007)(33964004)(38100700002)(83380400001)(82960400001)(186003)(6666004)(2616005)(2906002)(26005)(31696002)(478600001)(66946007)(36756003)(6512007)(316002)(66476007)(6486002)(4326008)(31686004)(66556008)(5660300002)(86362001)(8936002)(8676002)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: yk0Fuu16jFuLFJ9Pr/Z4mQAeMEFYQf2sE9s1Hi4Tc/jTGDGSyfXGorWcWh3tnERsZZeZpiLV0yvTSZBxR1oBN+qvTPX9xkV24PCkOzhaBYKzhBUZ35DDZDLIe5e+fgJLBiq7Z3UT0sTxeQp4qtUl11vjg1ATNlOZOckZQjW6Ng1OQaik+NkK3jiGeSMhqPdkVugg6tZD0sTvHQ3je1j1FSSIMRfitxsQ72T85o7xwTn22vEsJqot2ZcOSjHHlMCihm+yFCOHQrGPjQt9c55uAp7P14ETsDdTG87brERsznPacqGPIj/0HWdls7ViKMD2xlTZwH1plC0fHEtu8U7XSmnYZpbySVDRALnbU7MSbqN33HZ2shzVnmGphzLRAZdVQsdVBP5xA8uVTo6EV8GajtfhVT9jvyEr8brhn6fg1cqL2vNKV2slOSxVpJNagLa8S3tfUR2QB/FXy20VbNOh9x5m7cdmKCffqs4Vptfs7mdoLydRDvv7+rv6wrSPFCEJzyLsKg+/eZvsvrhMOVYzjeABsB4xQ8MWhLJWoibGKQNRak5KFq9Ziag86CMKEaBPVsjXjUgt3aU9udBe6mlOrN4mi9N/L1STqDPWhROO6B6IpZoxWm8RY4P3C60h5uKNHg5LNrr0pG8KlTy7MVR0ud0ezJolqFOKokOfF85OwHBk+Y4YIhkNXUSttsOR51FhNZsctuOFq/4IgXHYiooOE5kDv8uIWC7hl4nr8b+4x8v01tMQo69/kXC1Hq8j1hqjazNo+rFnYZOfXrkUmlmsL+FYgIt74Ah1QbSzPmCIFfHEl2Zfk5lcttfJ4WJK4kJnpfKGhJndDWLAocwU8bqGCUowc0bb0DPdHo6umGg7cc9Ier8bFXizBGWinQGhCACKEAfmmZ+aFGNX2j2PdJh066XrpQ5odbSPfVZxQ+PcJ1Ek93lGHhNWZ89OFiAdrho4kRjTndjtcXO6pRWhiiLX7RIqUtdFSuMjFBjikcvtwEFVNgFNieomQdW5/hxF1GZoDX/bb1DcV70XuL8GELtwQaKgsxdMQma6P92Zq3U55llC2NhJIUBh/MrPzGQzPBt2RJj94FcD+fnuWkERrqWdeM4sP4ncRGfmHdE3exz2PwmumLaxga5WysBq8mOxYoQ1fTvhqB09E938pXuTFIH5oGCpXf0eTEWAhtwcNzhj0LtQlsgVsFNaJ4mowH/gNAASdOMSqLgtD2rdgr6ablld45qd08R0dpCzk0u6HyTkag02tdlbSo3jVlZamiDczI0vNng459QrDTyQyBxmEpPDQlWUWEsorPzmhijgctqIu52hHoT/t2vFrgeyFt4qwE8FOvY79ry3hUjXogoJsD0CG0bJ01FyKQsWNO9z2CMgUeXDWneRApBGsqYe6p4GfyJ8Zv2yhgdhtU5kNz0z5IoDLvA62iHx2joDxTOn+ahIvnsOFi9LmpkCOpOorch4Y0utX4dZ8pmwthDM+eEY5KncgJtVXOiaEQtq/r0j3PHFXiDubOuwwN3hJ1OHhBb0lFwdWca+OA1VWTOPtI3WI4k9Ks/IvmN8mvtriaDxlZ4jp8LBD5t5v6hrHVJhr8TYAQ4B636tl/QP1hbnHeRBIhSGQg==
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 21fb3ae4-d19b-412c-8a08-08da731bd52c
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5884.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jul 2022 17:41:00.5686 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4JCvAcAQJbPQBD/DnurpFPYDeAqAbfRacbpYBdoIZ1aqhRkS2rNqSFZTiVAqMHVgSS3UWM1tbKUHUXUzG3qYvK5659KZWAYtGiGNzzb+VBc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5943
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/kY1YfsADrrURWtpF5nQ7yI_A_-c>
Subject: Re: [lamps] struggling with CSRAttrs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2022 17:41:08 -0000
Hi Michael et al.
On 29.07.22 20:45, Michael Richardson wrote:
>>> Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
>>> extType ATTRIBUTE.&id({IOSet}),
>>> extAttr SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
>>> }
>> Well, this definition is semantically identical to the original one.
>> So better not rename the two fields of the Attribute structure, i.e., we
>> should stick with 'type' and 'values',
>> in particular since there may be attributes that are not X.509
>> extensions.
> I found it clearer, but if you object to this rename, then I'll go with your preference.
Let's keep the original field names.
Also because this underlines the important fact that we do not change
the ASN.1 syntax at all,
which is critical for bits-on-the-wire compatibility, but we just
clarify its use and interpretation.
I've just made a pass on lamps-rfc7030-csrattrs.mkd in the GitHub
repository.
Its new version contains various suggestions for improvements here and
there.
Also updated the subjectAltName example to be of the more usual form of
a dNSName
and inserted two questions/remarks:
(TODO: Do we want to allow an empty extnValue (which is of type OCTET
STRING), which would mean that the client is told to include an X.509
extension of the given type and fill in the concrete value itself?)
(TODO: Note that this mechanism does not support telling the client
to include in the CSR a specific subject DN, simply because there is
no OID for this. I think we should better make this clear, or we
have to define such an OID if setting a subject name should be
supported.)
I also corrected the spelling of my (co-author's) name in
presentations/ietf114-lamps-csrattrs.{fodp,pdf}.
David
- [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] strugling with CSRAttrs David von Oheimb
- Re: [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- [lamps] Fixed the RFC 8994 / ACP Subject Alternat… David von Oheimb
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… von Oheimb, David
- [lamps] IANA Considerations text for OID allocati… Michael Richardson
- Re: [lamps] IANA Considerations text for OID allo… Russ Housley
- Re: [lamps] IANA Considerations text for OID allo… Michael Richardson
- Re: [lamps] [EXTERNAL] Re: IANA Considerations te… Mike Ounsworth
- Re: [lamps] IANA Considerations text for OID allo… Tim Hollebeek
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell