Re: [lamps] I-D Action: draft-ietf-lamps-cmp-updates-11.txt
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Wed, 30 June 2021 13:05 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC4D3A1BE8 for <spasm@ietfa.amsl.com>; Wed, 30 Jun 2021 06:05:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDfzA54aDx3s for <spasm@ietfa.amsl.com>; Wed, 30 Jun 2021 06:05:08 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2040.outbound.protection.outlook.com [40.107.21.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F1583A1BEE for <spasm@ietf.org>; Wed, 30 Jun 2021 06:05:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RsUq3r6Dk6QOQdGFsd3gs6/d8yZNs/3uKpkr7ihIExj7tv4ifMw3xkffaFZyo/CJStt2h91YsyIL+I+XURJvqnbLOxM243drMGsszN4PPpYKttiLqxJwIwnlSX3XTD9Q+caqqMarXJM5vsWB5fO/FmkqgRwQVpmA1Cvft176CfYwjMCSRGQrHPBetMlaYKBITYi5CkkqSwRH3+jLt8dWo5KEfTmUqj1xKKqfuwlhmtTVMHHHAaNm+Q/N/GEaxYTYn9PMyAnxcAFEIxMG3CvyZBWrV576fdcluj3WwbtPflwBoAacjAvfSpAfO82fxDIWEsR9FleGeE83JSIsQvVLfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hMWi+j35EV03N3JxWk/Fh5J52sndrhIJe1aX2BjfHoY=; b=a8WdYzYvHBcDf/c63hD16dLjgwrAI2iqzMUdJ03iQH2Lrbpu2ooOV1IUHTSByjP7oirykNutYLzvLY6ylgNGWywrAH24aF5PDhH9PbDNXcA8tbLR0qOC/mbWqZUfzNtqql/C2n4EVqb3Sswu4VbNN8U+cwVTLy68N5Q57HMIaZQjtzLqHT8C1VFqUdhm19WPAwbr6itKYIMFvRcK03oA4PrRrk8fWCiWTD1vsMWkVcvMenub+u+HZPcQ8TE8j98cGmc8OyL1ic/6LrlHIXFRKtipWTXRiG8DpJYuwwPPfR9HNqvnmLf9sKAsGsabdxRusLwGiye0vN1SRF+3YonhmQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hMWi+j35EV03N3JxWk/Fh5J52sndrhIJe1aX2BjfHoY=; b=hpQA4nSsWwPedtX4Q2w4y7euabvk5Fcxom0xJj6z1FNnXsmQXfItSBl3w2LUT7uMjBXU0rSz4V+0MUQIN1GGR+VnarGwoRWuZ5fV4ylmNtFZZJxu67h7HiPWizvxiI3zLoXAmNZP7jzz3PW914yso6zS+ZwLoYopqa7g/cAyhLw=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB1908.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:50::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.21; Wed, 30 Jun 2021 13:05:01 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d10f:2627:bd2d:f3b4]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d10f:2627:bd2d:f3b4%6]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 13:05:01 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>
CC: Tomas Gustavsson <tomas.gustavsson@primekey.com>, Lijun Liao <lijun.liao@gmail.com>, Russ Housley <housley@vigilsec.com>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cmp-updates-11.txt
Thread-Index: AQHXbasUap3T6dXeLECoj63PyVdzYKssfsMg
Date: Wed, 30 Jun 2021 13:05:01 +0000
Message-ID: <AM0PR10MB2418828DCD74B68BDD9B9567FE019@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <162505585479.5707.246804804061081599@ietfa.amsl.com>
In-Reply-To: <162505585479.5707.246804804061081599@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-06-30T13:05:00Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=d4f77e2d-95be-4b40-a1b2-a2f42635a395; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.170.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 88789d0a-ace8-40e4-9d2e-08d93bc7abe6
x-ms-traffictypediagnostic: AM0PR10MB1908:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB1908427DE7CD956CED6F98C4FE019@AM0PR10MB1908.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SNITiYQ/xYf2dp6vzeJgnHJcnrpdsQKpeT4R/jTGFQRaft/zFxWkglHty4cG5YmIIK0wtCqfXwLdi8/V7W7T5I3Cq/kvNfkzmwbC1OkxurKdhZMQJFs+Ll58cQsZEjIfKvI/Nx6kc5oR23LP2ocmC02LWPEA8/eAr/MEWkLchsBFK+2igSppSTGUroxd+RB2kUeIrRWP9mZDI3UeSZrM0ynILzpTsmfXjtNQGUcBS9CdnFv0vAG283wNeQeVRes41jFkSCQp0jsPSsUb1z1jgwZ4NKpGI1+0UOZL0T7dcwvG/nioYGI/itw9JxomS4ClR8RKuG/nN61QRH3uVVUkppaLRz+XNSxT8uvHmqQf8HcO6ApzmfjNxqoI8jPhnseCKcN+AtI0XfkHPBxyEHfl8y7uaIpQH6QLJa3pXT0qZH7K4CzJmmOoyQrDcHXo3cZLYsYM1ZCXYJ/igmE+h6bjSK6wDoylgCcetD11rgOUF+PXhLbKdg1YX5yqi6y6dGzoxbNY+lf5NNCGHlr0sZ1NLjazxlla5RAQhGSAEZzdb0DT8dP7REqxWcwNmgRljLEwbp+EQUZ2xUdl794QqsJTgUMEyeJRbmoQR+mqeoEVxCNi0lRoP2f/w0M8ebHmOKDIGF1IM9FVZoY2p7J7ZrKL9UP2SyUeiokGct8A3TkMsTg2i/0re8RWAsV5tS189k0UtT6mV5A9kOhPoqZW3Eq9OEN/Q93W6A2w87ljNFRC/nvFnXd9cp66SWpxBJQl8sv+iFqpE9KKGkdz0bda6u3EPg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(376002)(136003)(39860400002)(396003)(26005)(4326008)(9686003)(52536014)(33656002)(966005)(7696005)(2906002)(15650500001)(66446008)(66476007)(107886003)(5660300002)(66556008)(186003)(64756008)(55016002)(6506007)(316002)(71200400001)(38100700002)(8676002)(86362001)(478600001)(45080400002)(122000001)(6916009)(76116006)(66946007)(8936002)(54906003)(83380400001)(66574015); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AiWEDqKO09NrKexASIWR9zbi9cYsbNujzayHiT+VQ7Fdv/55arhIMXwRYRC4Mi7BaKye+nm1u8NG1xczUwI0CCC25ajxRlbCq3RSUJplId/N0Q5vhahhb/LZBX/Zxfns1sOojn3CXvrn0UtzqziwniusobuZ49vQYk0Hy9kviYBNKiYaO5LBY3DFu+IhmzoEVUZdqPOIA3lkABdOQpPWXEcb3tIGPEnYKcyb2yjpQzUVuLgqE4cHi628YapnmgTeBcXeoml+ezzU6Fji47K3KXCjasMkXybQ9y6bOzGpa9CVEcqNTuKXqKmb0vjPLe5AVMS5J71RcOyoyrim7J4cVFz5Ce5TZ9WFLHuZcAOL6pTebxmd7PN0LIx9D7ninB6kIL75nMe9eBguvY+6Y1tvoQ99zpYPn9Sqwy5OxrzsDt29jCsf/T8knVCPnRv/QTyrR8zyYnnk8FCDmADfvhRwJkqRxuDES5LUvIEOcVaeoXBVNxOOwbwJw5fdnc/y0hMcQLBFS7YaWLKpyhyO51kYSHKFiJs0ejjBFpkSIo12WkDOX7i4GxIuZysJz1MLdgekyBBHFBLzMu+4ZznFFLApLb/JLmzyhU5AAQO6ZBiCAM+BpyQ+NxoJ2AWCPHFLFVAHcA/AqsDKQ3d2BS2hKmbj8uXr6Dkq+vl6RAjIRDQLOZK4Nnqus8lv3Z9rCux9w34PKGILlhdWW4mgbaJETckrwxDX5MWmWn0/WtD0+0OrST/hH4UhNuoaTNZUpQc1RkWyHz2TKTcPWAnW/U4B94ldpwGBHgfDFn8hDnMIgLDdfmVuQsE2Vx3PIA8lUH39y2KOEIKsArPC+oxNgckJ99ODS1xOLOfkru3JRVLojlanEJav4FZoyQTxmjhVZ/7vsBZXcYUO2m+ZMCdE+BKeWR9/NBhPMZ8hQW+PWoBTSH7Ql9cGZc080R1O11DYaOhoNh2zJcFCGN9yn/LNvzP5jf8i4ci0dYa4bm73M+3t5dUyOZsNDdcjJmSH2XK1YzkDrYu9UoPyPfpVJYHeu/LtGeXLlLmzgTFwdB3irjZniUxjn/QrgRnfCeAw65+YUPSPtRZFbUXkiF9MQKkt7ne0S3JzdabqQHxm+LXg54XrmNT/ILiiD6OESnEczop4LkRXEXd3jZvs+MvmiltiMunNuU8pETn6YTIFEeVCbf27eeScXz1Ykv1Az2h+qjNm+vw5XWBP2RQnrfrsONjM4RR0ivkP+UIL6rr+ZTQvon+7QIBqswN28wwOlMMnbk5/RUEPAHyF+Zu5a2aiBcHRoI3z+nHRYasY3mW+PigwMF4CcijYf32InSlJDlvLonAiP88u4Uv2
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 88789d0a-ace8-40e4-9d2e-08d93bc7abe6
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2021 13:05:01.7699 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NnCFftq3R9QPKw+HqNK4KEJE/449ACQK8mtbBaPWbH5jzBwnI+Zj3eGShltEj6Jqy8Pcgbb7ezbGRiyb2wzsYQj7GI9ZMU2rvI//SR7gopQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB1908
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/nS3TGtA7X9m2orhEGYFX4d9PjsA>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cmp-updates-11.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 13:05:13 -0000
Hi
I just submitted an update of CMP Updates draft containing the following changes.
* Add Section 2.10 to add an additional hashAlg field to the
CertStatus type to support certificates signed with a signature
algorithm not explicitly indicating a hash algorithm in the
AlgorithmIdentifier (see thread "Hash algorithm to us for
calculating certHash")
* Added newly registered OIDs and temporarily registered URI suffix
* Exchanged the import of CertificationRequest from RFC 2986 to the
definition from RFC 6402 Appendix A.1 (see thread "CMP Update of
CertificationRequest")
* Corrected the definition of LocalKeyIdValue in Appendix A.1
* Updated new RFC numbers for I-D.ietf-lamps-crmf-update-algs
Many thanks to all of you for your support and contribution to the document.
Any further feedback is welcome.
Hendrik
> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von internet-drafts@ietf.org
> Gesendet: Mittwoch, 30. Juni 2021 14:24
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Limited Additional Mechanisms for PKIX and
> SMIME WG of the IETF.
>
> Title : Certificate Management Protocol (CMP) Updates
> Authors : Hendrik Brockhaus
> David von Oheimb
> Filename : draft-ietf-lamps-cmp-updates-11.txt
> Pages : 55
> Date : 2021-06-30
>
> Abstract:
> This document contains a set of updates to the syntax and transport
> of Certificate Management Protocol (CMP) version 2. This document
> updates RFC 4210 and RFC 6712.
>
> The aspects of CMP updated in this document are using EnvelopedData
> instead of EncryptedValue, clarifying the handling of p10cr messages,
> improving the crypto agility, as well as adding new general message
> types, extended key usages to identify certificates for use with CMP,
> and '.well-known' HTTP path segments.
>
> To properly differentiate the support of EnvelopedData instead of
> EncryptedValue, the CMP version 3 is introduced in case a transaction
> is supposed to use EnvelopedData.
>
> CMP version 3 is introduced to enable signaling support of
> EnvelopedData instead of EncryptedValue and signaling the use of an
> explicit hash AlgorithmIdentifier in certConf messages, as far as
> needed.
>
>
> The IETF datatracker status page for this draft is:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrac
> ker.ietf.org%2Fdoc%2Fdraft-ietf-lamps-cmp-
> updates%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Ce
> e522a56ac80453779de08d93bc2354e%7C38ae3bcd95794fd4addab42e1495d55
> a%7C1%7C0%7C637606527588140493%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C100
> 0&sdata=WIEsxByhKWlzcpXw3QTMsgNVylD6EmqEQ8E6d0MtzL4%3D&am
> p;reserved=0
>
> There is also an HTML version available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Farchive%2Fid%2Fdraft-ietf-lamps-cmp-updates-
> 11.html&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cee522
> a56ac80453779de08d93bc2354e%7C38ae3bcd95794fd4addab42e1495d55a%7
> C1%7C0%7C637606527588145481%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&a
> mp;sdata=7sCMPy1Q7YpnZVCL5Nv7HAVZ%2BRm8ZD5jpomrZsrcPss%3D&r
> eserved=0
>
> A diff from the previous version is available at:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Frfcdiff%3Furl2%3Ddraft-ietf-lamps-cmp-updates-
> 11&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cee522a56a
> c80453779de08d93bc2354e%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7
> C0%7C637606527588145481%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sd
> ata=SiNT14dE4ZIbG9pygJZGHIcLI2EJGAnjmSe619%2FhtWc%3D&reserved=
> 0
>
>
> Internet-Drafts are also available by anonymous FTP at:
> https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org
> %2Finternet-
> drafts%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cee5
> 22a56ac80453779de08d93bc2354e%7C38ae3bcd95794fd4addab42e1495d55a%
> 7C1%7C0%7C637606527588145481%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&a
> mp;sdata=hb0AHFwgZD36zzGBA88pvqyKUcdH%2BW%2Bc2qs1MK%2Fi5jM%3D
> &reserved=0
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf
> .org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockha
> us%40siemens.com%7Cee522a56ac80453779de08d93bc2354e%7C38ae3bcd95
> 794fd4addab42e1495d55a%7C1%7C0%7C637606527588145481%7CUnknown%
> 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL
> CJXVCI6Mn0%3D%7C1000&sdata=xq5ojvIDUXDF61ww4Yt2WukbcH7J4pJg
> 2hw1v6f%2FUHA%3D&reserved=0
- [lamps] I-D Action: draft-ietf-lamps-cmp-updates-… internet-drafts
- Re: [lamps] I-D Action: draft-ietf-lamps-cmp-upda… Brockhaus, Hendrik