Re: [lamps] [CMP Updates] position of hashAlg in certStatus

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 03 September 2021 15:25 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7822A3A2230 for <spasm@ietfa.amsl.com>; Fri, 3 Sep 2021 08:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.798
X-Spam-Level:
X-Spam-Status: No, score=-1.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUYkZF07_h9t for <spasm@ietfa.amsl.com>; Fri, 3 Sep 2021 08:25:06 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2051.outbound.protection.outlook.com [40.107.22.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C6D03A2234 for <spasm@ietf.org>; Fri, 3 Sep 2021 08:25:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XiCrdq5mYqQHkunsIHfqQrmCHTVVlCE7Bgf3PQTOo6oJmNZ8XdU+pHuf/Bk6WwZ215JX17M+Opu/lEWRN9EDJXYG8T8dbUpPKm7UOoqtCOe6yb/M9r76CnD0KKnN3YM9hSsLb2wc58GHvTj4GN360E6pKUPInG0SOh9pf1t3e60id79NgiMsl8PG+mhysee/jP/SMgjPiI3RxfbVEH/PNeqJh3ANmZsmtuTvSekbYgPgOFWxsQaxlvzB5ki8DGvxpdK+nlTiIFzkf59YQstsTqsPNNkOFdNCuCkXp44Y+FvxcYRl5hC3oHoKwzg3idfp70JSzmGsqSx1sSk7qDAuiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E+a3xQRv7l2zFoq8YmHiJlvpcXAHjfQn8Mab/vLPYo4=; b=TYXcWcnoJpLUd25ignmYBBUl3x89GNU8sgirsbBeW401YPJlRhq2qRxdFgKPTXNdMATdm4v6MfcTistVnbzISz0rLj3kZeqWfUDm3+HROa6Wo5slCj/BmKcnOdkstWV0cXBd9qrQE4GEwY4oKoNGA4iDboKedejgVowbFvHNc13gsP08vBYCSSZ22XVDEPb/wZEA1atQsXNb90GSMsPnXBFzmAJFJjbfBN4LKDFS72s0KBaRHTgH/zhOgOKogMNl9HwoKq/Dxg5bEZaPdkoi7s2D4qm8arZI/jxRqAfO3/T8iUA0jsITJRlaTDKylHCnfTRHrgdc0++2LUds8wzmfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E+a3xQRv7l2zFoq8YmHiJlvpcXAHjfQn8Mab/vLPYo4=; b=LOK2pfzvpm6WZ5zvTjzvNJrB4AjvpYyWNOjCVJRP7PZ7dLIPQ0+T/GBDwLV91YrWztHg/mjKyWimwTBMSupxFyk9JK3w7FKo4HKDA4bXM9Eitg46XlzNh8eRLjKIvS1g4hI2LyyERYmY8dU3SZvY537RCrsrD1UsrggxdCzJWOo=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2450.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.23; Fri, 3 Sep 2021 15:25:02 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f%7]) with mapi id 15.20.4478.022; Fri, 3 Sep 2021 15:25:02 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>, David von Oheimb <nl0@von-Oheimb.de>, Carl Wallace <carl@redhoundsoftware.com>, Uri Blumenthal <uri@ll.mit.edu>, John Gray <John.Gray@entrust.com>
CC: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] [CMP Updates] position of hashAlg in certStatus
Thread-Index: AdeeYf4qJoncXhwQRYWt5DPU7d+LUgAGIhOAAAJu2kAAADwSAP//v6aAgABRHoCAAAKlgIAABtAA///A7ACAAEViAIAACM4AgAAD8AD//rdKkIACVFYAgAHqXYCAADufAIABCwiAgAAbvgD//+hpoA==
Date: Fri, 3 Sep 2021 15:25:02 +0000
Message-ID: <AM0PR10MB2418CB2C724EA143A758FC56FECF9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <2CEBEA79-AFAA-4166-88D0-26AB49332750@ll.mit.edu> <F01F29B3-B086-4E7E-AA5F-5C504D4F3156@redhoundsoftware.com> <4659b1fb-bf01-fd95-bf39-e5ac192a1741@siemens.com> <EBD4A107-6E1D-4832-B050-8468D5F20681@redhoundsoftware.com> <AM0PR10MB241867FEC0AF8ED504546B56FECD9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <26092A46-708C-450A-BE81-A45380431239@ll.mit.edu> <77FCA0C1-F3C0-4D8D-9D21-B5A46E6B6B5A@vigilsec.com> <0F3E891F-7892-49CF-8F88-0C4484591EB0@ll.mit.edu> <db81b1c4-e2a7-060d-80a0-55b99b536f27@von-Oheimb.de> <7061B7E7-D872-43F3-82C3-A11C6144EBE3@vigilsec.com>
In-Reply-To: <7061B7E7-D872-43F3-82C3-A11C6144EBE3@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-09-03T15:25:00Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=67f66366-82e8-4e0f-8925-5c5b129ee612; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 08899e6f-baab-45fa-c9cb-08d96eeeffcb
x-ms-traffictypediagnostic: AM0PR10MB2450:
x-microsoft-antispam-prvs: <AM0PR10MB2450B1276128FB40B8862A6BFECF9@AM0PR10MB2450.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: soEmcTi8fDP1LVcZyJdpYFnLNDdrQRrRgP/MMQG41YjYH2y0yN15FLsRuQ3sKcGylerH4Y1VvFiMV5giOf9jkazz+hCl7XRb/H+4jd/qAi8BEUbBU7/MqGJzEisEiwEcyTTWM67t8DtBjq+XRI6cbmsOW6lQFKFb+on3cTNh/1B9gFZE6tYDuLh20QGJpJtk0wpC3RPCDbiC97L6UPXrA6SBZpwtDHeqjZqSxfVVBJnWnuJ3yJdgIMCYtO2S82mmMo2bWnb0U+I7E3clI/5FT06hkgttKOrYKoFRx2gdz6w4T7DEmbNLMQ2NzxO7vc+7RyewzUUBAbTBR1/dvOdXN5lpM+4qEWPM5mI+FEttZy9SQ4mSVKOwABWqJEGyIRL5GdRre0VSgBTxYxi3GScfoFRPDk0a6BQwnAG6+iHI0LcetVCRBclYPsUIyMxcmySD8jCE8701Bn/BvdOczT3iWK7v6KBGBv4K3L7x9D/DqvyrmM1lYqEV5KZMN51Bj/JRGS2bWi3OZ6+qh4/OAtjYcdoXlI39gYX7Y1JyaJLyxkFaBLUNHqzt6sz+sYmzk1n9+wSkuUjYquIVKcd8B4iIppQWx1leZ2Ehm0gB1ORXFdomYzrV0FK28LFZn0J62+xjH/T8OBbhH0L9/pmAMJk3/Xu2jWO1DuZtA5N3syKkK8plmyKdiJeJXBXC2Ovghdjj/eKeILPYq48P5JKhSui1OARxOw6IdGWskx/hZrcYpo53LIgATYeORE3nWeXLPMOE5gnBoLPqGqAJo4U6h5ycTPOcjUo4Kfe/G0fNzSP6Apg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(83380400001)(38070700005)(26005)(186003)(71200400001)(2906002)(7696005)(19627235002)(8936002)(15650500001)(166002)(110136005)(86362001)(316002)(966005)(8676002)(66476007)(66946007)(30864003)(64756008)(66446008)(66556008)(76116006)(38100700002)(52536014)(6506007)(5660300002)(4326008)(55236004)(53546011)(55016002)(33656002)(9686003)(122000001)(508600001)(559001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?v7uxEUOhFq40faPPsPq0Pl6X+nkyAGTi02P37gsc6vE1zGRMUMEzddoBroMx?= =?us-ascii?Q?1dSoqVigzohDMQr/PlRSv2TobyR53+tibb2ZtzEtX1E+sUbAjBkb5emzoTe+?= =?us-ascii?Q?Hh0H/HDEMYZjjXI93/Q6gMOogYXAyHZdaZMx9MH4h0i1SeUmcnY7CStMNXRd?= =?us-ascii?Q?m5G8Y9S1CE6nrpancekDJkd8HmGjs6YPmxg2mDMN3GuC9iPtv6XZy3PG7M3t?= =?us-ascii?Q?JDy5iT5iG/Sv+uaM3tziix889SVGxmBmoT6GcuBBUaq8NfP6BjqNVT5+tlMC?= =?us-ascii?Q?s1m3WzyhPG4OOyc/47hXYdFJk2Ssju0WbJ+eKnCe+774SjNoyX3xIIVdi+Nk?= =?us-ascii?Q?uONEGG1Ru68SrjSbvQaWYnq7IIiKs3+tLPKS2ygGu60f97ZfjIm7wRf0gutu?= =?us-ascii?Q?VgLmKaik3qzbrE3x4983Z94h7gJn/ye9clJAL2NLZgdZlnIEOVCvdjN2aMBS?= =?us-ascii?Q?5a6PsK1HFvOXCEgk23r3APqsPvPWNO+4vbREhEZAeGgGGT5nAhzASAsCHbx3?= =?us-ascii?Q?SathUKEKLABncG7Jppb3o0ix2zjdB+iN1Z1J/zUTJNrvGD1fuG7wK2kT1kp4?= =?us-ascii?Q?OdxbqCgvp57v2DF1Mg8gKlfzZT5zGtZjWPQ6iQ/nnHg76fLmuqqGIaBdDJSw?= =?us-ascii?Q?FNpycLPnzSl9VkK8zdzYrmq/8DKrXLmOOnV/F7pFfzg0waqeetrLAoowuhWw?= =?us-ascii?Q?F8vvwOvvuoJUAzJNNRK0bZuLDzCp8AedVZEgcUvMWfJ8sSmJFKrRjTowBL3+?= =?us-ascii?Q?R6uxcsLOJSk6M4rKPdBzO6qhDINM3x+JXTorOG8/PGFqsTuqNQPO2PMELKFJ?= =?us-ascii?Q?fdVkg2OqvUg0ROadsOCLPgOnPv8qS/lDrnDlwQeym8Bfub7+d+Vh/dGPLiiT?= =?us-ascii?Q?uIKh389aTNOso6RCGbG0ALskkOPxWMEfs5MG7L/UHIuQpXDWIlfht/lJuMK2?= =?us-ascii?Q?3wvcjLK18ZU+lmDRZd8wp3Ql5w4fTqdqkIpAvcHgH9347u4eBugILlqo45A1?= =?us-ascii?Q?Nh3PsuYtqI0oK3bWrhY33QDNFBQxUn5Dwd/C5F9SYNJlGjiRte9bpZxr6JJN?= =?us-ascii?Q?FNY1un7V0d0ElNSdTL4HRTXdl+C6ZQGPwqspjClvF7QuyhMqHR6jpETP/PhU?= =?us-ascii?Q?N/atyXgWMP8w7MNIP/IOHrcZappIXjDrTLSmjE0Av0cLmpvHY5KlcxJyzGvJ?= =?us-ascii?Q?K5gTVlijf/zAdUL8p5U//gtwWSM3DV+vA0A60SMMc1mB2qjarzPxy6t5LoUh?= =?us-ascii?Q?k0grCFDVQW8LAEp6wf1tgBdOu7vMrMNgGsT6JczrqLTOS43cIUQFVBHO5oNA?= =?us-ascii?Q?hBMuC2/+bYiYVbzT2aSIbkan?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR10MB2418CB2C724EA143A758FC56FECF9AM0PR10MB2418EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 08899e6f-baab-45fa-c9cb-08d96eeeffcb
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2021 15:25:02.1273 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IKIUm7zj5RYWKn6VlWq9OcraMxPaN14qymYFTBbynKwniWd1YAjZs2xs8BTOomWUcSxB12kI+B/QaZgm4yDLlcUB2B9HjqkM7ZBFlU8Xh30=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2450
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/wkp5i-wNq9McJQAUiMUM6gM9Nlw>
Subject: Re: [lamps] [CMP Updates] position of hashAlg in certStatus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 15:25:13 -0000

All:

I am still trying to find a conclusion the majority can live with. :-)

To sum up:

CMP V1 (RFC 2510) does not define CertStatus at all.
CMP V2 (RFC 4210) defines CertStatus as follows:
   CertStatus ::= SEQUENCE {
      certHash    OCTET STRING,
      certReqId   INTEGER,
      statusInfo  PKIStatusInfo OPTIONAL
      }
Proposals for adding hashAlg for CMP V3 syntax as defined in draft-ietf-lamps-cmp-updates.
Proposal 1 (current proposal in draft-ietf-lamps-cmp-updates-12):

   CertStatus ::= SEQUENCE {

      hashAlg [0]  AlgorithmIdentifier OPTIONAL

      certHash     OCTET STRING,

      certReqId    INTEGER,

      statusInfo   PKIStatusInfo OPTIONAL,

      }
Proposal 2 (proposal made by John):

   CertStatus ::= SEQUENCE {

      certHash     OCTET STRING,

      certReqId    INTEGER,

      statusInfo   PKIStatusInfo OPTIONAL,

      hashAlg [0]  AlgorithmIdentifier OPTIONAL

      }
Proposal 3 (preferred by Uri):

   CertStatus ::= SEQUENCE {

      certHash       OCTET STRING,

      certReqId      INTEGER,

      statusInfo [0] PKIStatusInfo OPTIONAL,

      hashAlg    [1] AlgorithmIdentifier OPTIONAL

      }
All proposals compile and therefore technically work.

As already stated, I can also live with proposal 2. But I dislike proposal 3, as it changes more than necessary and we look for limited changes to CMP V2.

Reviewing the email exchange, I see the following preferences.
Proposal 1
+ David, Hendrik
- John, Uri
Proposal 2
+ John, Russ, Carl(, Hendrik)
- Uri
Proposal 3
+ Uri
- Russ, Rich, David, Hendrik

Summing up, I see a clear preference for proposal 2.
Please let me know if I misunderstood anyone's preference.

Hendrik

Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Russ Housley
Gesendet: Freitag, 3. September 2021 15:32

David:

In some ASN.1 implementation approaches, a routine is written for each type.  Using the same tags would allow the statusInfo filed to be the same for CMPv1 and CMPv2 in an implementation that supports both versions.

Russ



On Sep 3, 2021, at 7:52 AM, David von Oheimb <nl0@von-Oheimb.de<mailto:nl0@von-Oheimb.de>> wrote:


I think the fields that carry forward from CMPv1 should have the same tags that they do in CMPv1.


May I ask why, given that packets from CMPv{2,3} in general can't be correctly decoded by CMPv1 parser?
Again, the topic being discussed here does not regard CMPv1 vs. CMPv{2,3}, but CMPv2 vs. CMPv3.
Note that CMPv1 did not even have a CertStatus message since it did not have the certificate confirmation feature.
If you feed some CertStatus structure to a CMPv2 parser, which expects

         CertStatus ::= SEQUENCE {

            certHash    OCTET STRING,

            certReqId   INTEGER,

            statusInfo  PKIStatusInfo OPTIONAL

         }


it should be obvious that any value not matching this definition will not decode.
So basically the only thing you can do in a somewhat backward-compatible way is to add optional fields in any positions,
and as long as none of those optional fields is actually present in a value to be parsed, CMPv2 decoding can succeed.
Changing tags of existing fields is clearly not backward compatible.
    David

On Sep 1, 2021, at 11:08 AM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu<mailto:uri@ll.mit.edu>> wrote:

Here's my preference:


   CertStatus ::= SEQUENCE {

      certHash        OCTET STRING,

      certReqId       INTEGER,

      statusInfo [0]  PKIStatusInfo OPTIONAL,

      hashAlg    [1]  AlgorithmIdentifier OPTIONAL

   }


I don't see the ability of an older decoder to parse some - but not other - of the new messages as a benefit.

--
Regards,
Uri

There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>>
Date: Wednesday, September 1, 2021 at 11:01
To: Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>>, "david.von.oheimb@siemens.com<mailto:david.von.oheimb@siemens.com>" <david.von.oheimb@siemens.com<mailto:david.von.oheimb@siemens.com>>, Uri Blumenthal <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>
Cc: "spasm@ietf.org<mailto:spasm@ietf.org>" <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: AW: [lamps] [CMP Updates] position of hashAlg in certStatus

Manny thanks for the discussion. It helps a lot to improve the draft.
I see two variants still in the discussion. Both add hashAlg to the current syntax of RFC 4210.
Current syntax in RFC 4210 (CMP v2):

   CertStatus ::= SEQUENCE {

      certHash     OCTET STRING,

      certReqId    INTEGER,

      statusInfo   PKIStatusInfo OPTIONAL,

   }

Proposal 1 (current proposal in draft-ietf-lamps-cmp-updates-12):

   CertStatus ::= SEQUENCE {

      hashAlg [0]  AlgorithmIdentifier OPTIONAL

      certHash     OCTET STRING,

      certReqId    INTEGER,

      statusInfo   PKIStatusInfo OPTIONAL,

   }

Proposal 2 (proposal made by John):

   CertStatus ::= SEQUENCE {

      certHash     OCTET STRING,

      certReqId    INTEGER,

      statusInfo   PKIStatusInfo OPTIONAL,

      hashAlg [0]  AlgorithmIdentifier OPTIONAL

   }

Both proposals should compile and should be bitwise backward compatible when not using hashAlg.
I am happy with both proposals. There still seam to be some preferences for the one or the other proposal.
To come to a conclusion, could all briefly indicate their preferred proposal.

Hendrik

Von: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> Im Auftrag von Carl Wallace
Gesendet: Dienstag, 31. August 2021 21:10

Thank you. "Current syntax" did not mean current as in v2. That was what I had gotten wrong. You are adding the hashAlg field, not simply moving it (relative to v2). I agree adding it at the end makes the most sense and it needs a tag.

From: David von Oheimb <David.von.Oheimb@siemens.com<mailto:David.von.Oheimb@siemens.com>>
Date: Tuesday, August 31, 2021 at 2:56 PM
To: Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>
Cc: <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: Re: [lamps] [CMP Updates] position of hashAlg in certStatus

Let me clarify at first three things:
1.       What Hendrik introduced as "David's proposal" was meant by me just as potential a variant of John's proposal, not something that I would actually like to propose.
Anyway interesting to learn from Russ that the fact that two optional sequences after each other already make parsing ambiguous -
I would have hoped that the parser looked deeper: as far as to the first basic (non-sequence) field, where there is more chance that field types/tags are sufficiently different.
2.       The versions in question are not CMP v1 vs. v3, but v2 vs. v3
3.       The change from v2 to v3 is not about changing the order of fields, but where to add the new (v3) hashAlg field: at the beginning or at the end.
My preference is the original proposal by Hendrik and me, for two reasons:
*         It is conceptually most clean: the presence and value of the first field (hashAlg) determines the interpretation of the following field (certHash);
there is no need to "go back" in the linear handling of the fields after discovering that a hashAlg field is present.
*         AFAICS, it is as backward compatible as John's proposal: if a CMPv3 capable sender leaves out the new optional hashAlg field (when it is not needed),
the overall structure would look identical to a CMPv2 structure, regardless whether the hashAlg fields was left out at the beginning or the end, right?
David

On 31.08.21 20:24, Carl Wallace wrote:
I did not say it was difficult. What are the several reasons?

On Aug 31, 2021, at 2:16 PM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu><mailto:uri@ll.mit.edu> wrote:

I would rather not leave the structure as-is, for several reasons. Also, given the amount of differences between v1 and v3, modifying hand-rolled implementations seems trivial enough.
--
Regards,
Uri

There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


From: Carl Wallace <carl@redhoundsoftware.com><mailto:carl@redhoundsoftware.com>
Date: Tuesday, August 31, 2021 at 14:03
To: John Gray <John.Gray@entrust.com><mailto:John.Gray@entrust.com>, Uri Blumenthal <uri@ll.mit.edu><mailto:uri@ll.mit.edu>, Russ Housley <housley@vigilsec.com><mailto:housley@vigilsec.com>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com><mailto:hendrik.brockhaus@siemens.com>
Cc: "spasm@ietf.org"<mailto:spasm@ietf.org> <spasm@ietf.org><mailto:spasm@ietf.org>, "david.von.oheimb@siemens.com"<mailto:david.von.oheimb@siemens.com> <david.von.oheimb@siemens.com><mailto:david.von.oheimb@siemens.com>
Subject: Re: [lamps] [CMP Updates] position of hashAlg in certStatus

For folks who use a compiler to update encoders/decoders to v3, this change is likely more or less a no-op (delta Russ' tagging point about one of the options), since all you are doing is sliding the same fields around within a structure. For folks who hand roll their encoders and decoders, this change makes unnecessary work to align with v3. I'd just leave this structure as-is.

From: John Gray <John.Gray@entrust.com><mailto:John.Gray@entrust.com>
Date: Tuesday, August 31, 2021 at 1:37 PM
To: Carl Wallace <carl@redhoundsoftware.com><mailto:carl@redhoundsoftware.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu><mailto:uri@ll.mit.edu>, Russ Housley <housley@vigilsec.com><mailto:housley@vigilsec.com>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com><mailto:hendrik.brockhaus@siemens.com>
Cc: "spasm@ietf.org"<mailto:spasm@ietf.org> <spasm@ietf.org><mailto:spasm@ietf.org>, "david.von.oheimb@siemens.com"<mailto:david.von.oheimb@siemens.com> <david.von.oheimb@siemens.com><mailto:david.von.oheimb@siemens.com>
Subject: RE: [lamps] [CMP Updates] position of hashAlg in certStatus

When I made the proposal, I was thinking in terms of backwards compatibility and making it easier for an existing CMP implementation to add the v3 functionality.   I recognize that either way will technically work, and since the tagging is optional in Hendrik's proposal that would be bit identical to CMPv2 when the hashAlg is not present.   The same is true if it goes at the end since it is tagged and is optional.  CertConf was a new message in CMPv2, so a pure CMPv1 implementation would always fail.  However, it is possible an implementation may have modified a CMPv1 implementation to accept the CertConf which may continue working if hashAlg is at the end if they encounter a v3 server (which may be more desirable that failing and requiring the implementation to be updated).     Also, I was thinking as a CMP implementer, I would only need to append to the end of the parsing logic rather than muddling up the existing logic which may make it a bit simpler to implement (for existing implementations).

So that was my rational for asking the question, but as I mentioned above, either way will work.

Cheers,

John Gray


From: Carl Wallace <carl@redhoundsoftware.com><mailto:carl@redhoundsoftware.com>
Sent: Tuesday, August 31, 2021 1:28 PM
To: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu><mailto:uri@ll.mit.edu>; Russ Housley <housley@vigilsec.com><mailto:housley@vigilsec.com>; Brockhaus, Hendrik <hendrik.brockhaus@siemens.com><mailto:hendrik.brockhaus@siemens.com>
Cc: spasm@ietf.org<mailto:spasm@ietf.org>; david.von.oheimb@siemens.com<mailto:david.von.oheimb@siemens.com>; John Gray <John.Gray@entrust.com><mailto:John.Gray@entrust.com>
Subject: [EXTERNAL] Re: [lamps] [CMP Updates] position of hashAlg in certStatus

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
I apologize for maybe having missing some bit of rationale in this thread, but what is the advantage of moving the hash alg field to the end? It definitely breaks backwards compatibility. What does it add?

From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> on behalf of "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>
Date: Tuesday, August 31, 2021 at 12:38 PM
To: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>>
Cc: "spasm@ietf.org<mailto:spasm@ietf.org>" <spasm@ietf.org<mailto:spasm@ietf.org>>, "david.von.oheimb@siemens.com<mailto:david.von.oheimb@siemens.com>" <david.von.oheimb@siemens.com<mailto:david.von.oheimb@siemens.com>>, John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>
Subject: Re: [lamps] [CMP Updates] position of hashAlg in certStatus

Hendrik:

John's proposal compiles.  Your new one does too.

I have a mild preference for John's proposal because the bit on the wire are the same as CMPv1 when the hashAlg field is absent.

For the sake of purity, I would prefer Hendrik's variant.

Also, I'm not sure it's good if some of CMPv2 messages parse OK by CMPv1 decoder, and others fail. That's another argument in favor of Hendrik's.

On Aug 31, 2021, at 12:25 PM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> wrote:

Russ

Thank you for this explanation.

Would this mean, that Johns proposal should look like this?

   CertStatus ::= SEQUENCE {

      certHash        OCTET STRING,

      certReqId       INTEGER,

      statusInfo [0]  PKIStatusInfo OPTIONAL,

      hashAlg    [1]  AlgorithmIdentifier OPTIONAL

   }

Do you have any preference for the current test or for Johns proposal?

- Hendrik

Gesendet: Dienstag, 31. August 2021 17:12
An: Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>>

Hendrik:

David's proposal will not compile.  The OSS compiler produces this error with that syntax:

   line 62 (TestModule): A0100E: Duplicate tag in type CertStatus: element 'statusInfo' (line 61) and element 'hashAlg' (line 62).

   C0043I: 1 error message, 0 warning messages and 0 informatory messages issued.

The reason for this error is that the two optional elements are both SEQUENCEs.  So, when decoding, if only one of the optional SEQUENCEs is present, it cannot figure out which one it is.

The use of the [0] allows the decoder to tell the two SEQUENCEs apart.

Russ



On Aug 31, 2021, at 8:21 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> wrote:

Russ

Currently we receive valuable feedback from John Gray on the CMP Updates draft.

One proposal from John is on moving the hashAlg field in the certStatus sequence from the first to the last position. Please see his arguments in this email tread below.

Current syntax:

   CertStatus ::= SEQUENCE {

      hashAlg [0] AlgorithmIdentifier OPTIONAL

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

   }

Johns proposal:

   CertStatus ::= SEQUENCE {

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

      hashAlg [0] AlgorithmIdentifier OPTIONAL

   }

Davids proposal:

   CertStatus ::= SEQUENCE {

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

      hashAlg     AlgorithmIdentifier OPTIONAL

   }

We are uncertain what the best approach from an ASN.1 syntax parsing perspective is. What is your opinion?

Hendrik


Von: Brockhaus, Hendrik (T RDA CST SEA-DE)
Gesendet: Dienstag, 31. August 2021 14:07
An: John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>
Von: David von Oheimb <David.von.Oheimb@siemens.com<mailto:David.von.Oheimb@siemens.com>>
Gesendet: Donnerstag, 26. August 2021 22:43
An: John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>
On 26.08.21 11:26, Brockhaus, Hendrik (T RDA CST SEA-DE) wrote:

Von: John Gray <John.Gray@entrust.com><mailto:John.Gray@entrust.com>
Gesendet: Mittwoch, 25. August 2021 18:35
An: von Oheimb, David (T RDA CST SEA-DE) <david.von.oheimb@siemens.com><mailto:david.von.oheimb@siemens.com>; Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com><mailto:hendrik.brockhaus@siemens.com>
Cc: ietf-hendrikb@h.mailbouncer.info<mailto:ietf-hendrikb@h.mailbouncer.info>; Kretschmer, Andreas (T RDA CST SEA-DE) <andreas.kretschmer@siemens.com><mailto:andreas.kretschmer@siemens.com>
Betreff: RE: [EXTERNAL] Re: CMP Updates and Lightweight CMP Profile

Thanks for the updates.

I continued to review the document today as well.   Here are some more comments:

Section 2.10 -  CertStatus update.  I was wondering if adding the optional tagged element as the last element *might* make a difference:

For now it is defined as:

Replace the ASN.1 Syntax of CertStatus with the following text:

      CertStatus ::= SEQUENCE {
         hashAlg [0] AlgorithmIdentifier OPTIONAL,
         certHash    OCTET STRING,
         certReqId   INTEGER,
         statusInfo  PKIStatusInfo OPTIONAL
      }


I would have expected that adding something new would be added like this:


Replace the ASN.1 Syntax of CertStatus with the following text:



      CertStatus ::= SEQUENCE {

         certHash    OCTET STRING,

         certReqId   INTEGER,

         statusInfo  PKIStatusInfo OPTIONAL,

         hashAlg [0] AlgorithmIdentifier OPTIONAL

      }

If a CMPv2 server received the hashAlg as the last element, it might still work, but would fail in the first case.   However, I know you say if the hashAlg is included then it must use the pvno of version 3, so the order doesn't really matter.   I just thought that for someone implementing it, it might be a bit easier to check if the tag exists after the existing parsing (at the end), rather than checking if it exists on the first element.  It would mean no parsing logic has to change until it reaches the last element.   However, I suppose the counter argument would be that if hashAlg is included first, but it isn't supported then an older server would fail faster which is probably a desirable property.

[Bro] This is a interesting point we also thought about. Here are some thoughts we had.
First of all, we think the binary ASN.1 of a certConf message produced by a client only knowing the original cmp2000 without hashAlg does not differ between from a client knowing the hashAlg field, but not using it.
This should be the case when placing the hashAlg field at the first as well as at the last position of the sequence.
Second, we took the OOBCertHash type as an example and therefore decided for placing the hashAlg field also at the first position.
        OOBCertHash ::= SEQUENCE {
            hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
            certId      [1] CertId                  OPTIONAL,
            hashVal         BIT STRING
        }
Third, the hash algorithm OID is required before calculating the hash value. Therefore, it is the logical order to have hashAlg first.
Theses were the thoughts we had for placing hashAlg in the first position, but they are no strict reasons to do it this way round.
I cannot say, if your arguments still hold true from an implementation perspective. @David, maybe you can comment on the more implementation related issues.
I am not an ASN.1 expert, but as far as I understand from using its OpenSSL implementation, it should not make much difference whether to fail earlier or later in case the bits do not fit with the expected structure.
At least for the CMP implementation, which simply uses the ASN.1 parser, there would be no noticeable difference since either the parsing of the whole structure (including its total sequence length) succeeds or not.
If a receiver expects a structure encoded as in CMPv2 but gets an encoding for CMPv3, I think due to the presence of the "[0]" tag, parsing will fail even if the hashAlg fields is at the end with not value being present.
A backward-compatible definition might look like this:

      CertStatus ::= SEQUENCE {

         certHash    OCTET STRING,

         certReqId   INTEGER,

         statusInfo  PKIStatusInfo OPTIONAL,

         hashAlg     AlgorithmIdentifier OPTIONAL

      }
but supposedly we cannot do this because it would be ambiguous whether the optional statusInfo or hashAlg field is present.
To me, the main point is a conceptual one: the hashAlg needs to "seen" before the certHash, so it is logical to have them in this order.
[Bro] I am also no ASN.1 expert, but Russ is. Therefore, I will forward the question to him to get his advice. As statusInfo and hashAlg have different types, it may also work without tagging.

_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Feur01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fwww.ietf.org*2Fmailman*2Flistinfo*2Fspasm%26data%3D04*7C01*7Chendrik.brockhaus*40siemens.com*7C143aeb858f18456f4ef008d96c91b913*7C38ae3bcd95794fd4addab42e1495d55a*7C1*7C0*7C637660195485199311*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3D0zVGASW8q0wKP6L3y*2FDbArvhPZfu7N1dddePGJbIfHU*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!FJ-Y8qCqXTj2!LoXbEbIyNev6LwqxU8VE7vr48hf8P9r65NL7ritq1xGlhzX0ww9Z6Z8rGDYc9yQx%24&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C0f53a2b88007496f716108d96edf4101%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637662727449199119%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=88KpSrVoiGaDMtBAJTCc6YZsfmiSUdXS0qccTphgud4%3D&reserved=0>

_______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm__%3B!!FJ-Y8qCqXTj2!LoXbEbIyNev6LwqxU8VE7vr48hf8P9r65NL7ritq1xGlhzX0ww9Z6Z8rGOpMzia-%24&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C0f53a2b88007496f716108d96edf4101%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637662727449209115%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IngMg4XxSQBzeq1J1PeYQR%2F6IeI9ipymAG8lOSMNqBk%3D&reserved=0>
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.


_______________________________________________

Spasm mailing list

Spasm@ietf.org<mailto:Spasm@ietf.org>

https://www.ietf.org/mailman/listinfo/spasm<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C0f53a2b88007496f716108d96edf4101%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637662727449219116%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pfhz%2Bph3xK4SN%2B9TAXHX5zoiV49xiIOssDmy6XcnaeI%3D&reserved=0>