Re: [lamps] CMP Update of CertificationRequest
Russ Housley <housley@vigilsec.com> Tue, 25 May 2021 14:23 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3746B3A0C80 for <spasm@ietfa.amsl.com>; Tue, 25 May 2021 07:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YuT2R32mcOlL for <spasm@ietfa.amsl.com>; Tue, 25 May 2021 07:23:01 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8FA13A0C7D for <spasm@ietf.org>; Tue, 25 May 2021 07:23:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4B16E300BD9 for <spasm@ietf.org>; Tue, 25 May 2021 10:23:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id j_-v0vdfeNnG for <spasm@ietf.org>; Tue, 25 May 2021 10:22:55 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id ECCC2300259; Tue, 25 May 2021 10:22:54 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.20\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <AM0PR10MB2418FFBED75094786AE58E91FE259@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Date: Tue, 25 May 2021 10:22:55 -0400
Cc: LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1FF43785-E271-4C28-970D-59CCE0FD089C@vigilsec.com>
References: <25C71A2D-CA3E-44F4-B8C6-00049DB2C097@vigilsec.com> <AM0PR10MB2418FFBED75094786AE58E91FE259@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
X-Mailer: Apple Mail (2.3445.104.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/nnKpu4NeYEiJwHGgkVRZi14sS7o>
Subject: Re: [lamps] CMP Update of CertificationRequest
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 14:23:06 -0000
Hendrick: Ouch. I messed that up. You are right, RFC 6402 is an update to CMC, not CMP. However, RFC 6402 did choose to locally define CertificationRequest. I believe this was done because there was a place to IMPORT for the newer ASN.1 syntax, but not the older. That way, the two modules are defining exactly the same things, even though the newer syntax could IMPORT it from RFC 2986. Maybe we should continue to IMPORT from RFC 2986 in the newer ASN.1 syntax, and define locally in the older ASN.1 syntax, with a comment that this structure matches the one defined in RFC 2986. This definition can be lifted from RFC 6402, where Jim Schaad already did that work. Russ > On May 25, 2021, at 2:44 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote: > > Russ > > I am uncertain, if I got your suggestion right. > >> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Russ Housley >> >> Right now, CertificationRequest is being imported from PKCS#10. It looks to me >> like CertificationRequest is also defined in RFC 6402. > > Right, the ASN.1 module in RFC 6402 Appendix A. also defines CertificationRequest. > >> RFC 6402 is also an update to CMP. > > RFC 6402 updates CMC. Why do you think it also updates CMP? > >> Since the definition was pulled into the ASN.1 module for that update, >> does it make sense to do the same now? > > Do you suggest to import the definition of CertificationRequest from the ASN.1 modules in RFC 6402 instead of RFC 2986? > Or do you suggest to directly add the new definition to the ASN.1 modules in CMP Updates? > > Hendrik > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] CMP Update of CertificationRequest Russ Housley
- Re: [lamps] CMP Update of CertificationRequest Brockhaus, Hendrik
- Re: [lamps] CMP Update of CertificationRequest Russ Housley
- Re: [lamps] CMP Update of CertificationRequest Brockhaus, Hendrik
- Re: [lamps] CMP Update of CertificationRequest Russ Housley
- Re: [lamps] CMP Update of CertificationRequest Brockhaus, Hendrik
- Re: [lamps] CMP Update of CertificationRequest Russ Housley
- Re: [lamps] CMP Update of CertificationRequest Brockhaus, Hendrik
- Re: [lamps] CMP Update of CertificationRequest Russ Housley
- Re: [lamps] CMP Update of CertificationRequest Brockhaus, Hendrik