Re: [lamps] struggling with CSRAttrs
Corey Bonnell <Corey.Bonnell@digicert.com> Thu, 04 August 2022 13:20 UTC
Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A4BC13C21B for <spasm@ietfa.amsl.com>; Thu, 4 Aug 2022 06:20:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tO1CqVaTrdjE for <spasm@ietfa.amsl.com>; Thu, 4 Aug 2022 06:20:25 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2092.outbound.protection.outlook.com [40.107.93.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5F83C13C202 for <spasm@ietf.org>; Thu, 4 Aug 2022 06:20:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HQ6DcM43Swocq3oIr22hHqIJWEmiNkGMQsNTa9hmZV30LpvIbVsM7z3OAdMMtglj13SlzZU2CmxWAQEpI2bbEJ/WAHhbaf27hLgHDws9pSRKrIZjpbGuiqOWOCpKW/K9sr8mjcFmT4rfcbQYddgqE6nzyd6VYM149NPfrJVuMrra4eCJckb/J3VJ5W6gEjahkhfgbGmpVD0YIRuKBhg+R+yQocSg03K2OKkUYPL+XSVE0DdDRsGWrpn6b9yoe2TQbkd1XkIex2u/PglddWslIfO6zr5O+QwYJ+YjkTcFpKizXrMiYDKl68v66POWHHcRKVweYkOYGRzYvI8B5fNDXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NXt5BkoW+OdNPEeJzdOLTIhl3tnX5y0z7t+YZ62e9IA=; b=aUzsstXSWF4vtihYrZcgpfAuBU9TFRiAnkavzr3A9xAncD0NRd1cW4srh4ezRn3VBFoaqoMqRn2AfeQPyhdMG3+KM8c1JFzFtPkS8tGmvh/JRga7h0GHgIDyrR0ScD+kjCmuq0Fk99ZXg1UVaaybQfU3xKh2CB8wIvcsizBiGE6t+S0ZyB0SIxgeW9qSVFY02rXzRK5PiAJWxK9pxSvrIkoJVj3Xpg99ChRO7NQLGfW+DTUiY/4A+JEB6L5AxftjbxT9EhYs8fzLl47G8q3FlybPWKu/P8C8p0sr5vAVeyf3dVHMzZBehqNynHsMZe1GAmxWkrkXF5u3qyXwosGvwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NXt5BkoW+OdNPEeJzdOLTIhl3tnX5y0z7t+YZ62e9IA=; b=PqyWn6WWtc9mwerl6+goztbMtGpnHK/mrdNY5mbx0f0wskWYGMaEMqJXlsTchiAlZUzvSWTDLRUfHzbXWzcu4PA5MWFBC3LelBl+A1kiSfQ9LvjsnfCEEKD0uE9Vk6X+JBjqS+u+bcC6RCV5es9/XMJ7D7kJVLFdu3qm6n46xok0Zv37ezyK7E23xTWFd9b38Nx4oKN6UhyJCfTBAb5WzOjkQfJjMHQhr69ccaiXMy/9kdZ6Jz7TtmQ9Yz87XAm3wRonVphBxN7Myh7ApPCB+WHZ9cgram4/bgwc4T7ReRzxel37ZdgEW/3Ab+6nj/313kH1ytyEz3BOHKvchM90MA==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by BY5PR14MB3969.namprd14.prod.outlook.com (2603:10b6:a03:200::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Thu, 4 Aug 2022 13:20:20 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::f073:6195:1e12:682b]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::f073:6195:1e12:682b%3]) with mapi id 15.20.5504.014; Thu, 4 Aug 2022 13:20:20 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: David von Oheimb <David.von.Oheimb@siemens.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] struggling with CSRAttrs
Thread-Index: AQHYpQTCW+TI1yXBSEK/awaiIOrS562doViAgAEQ0QCAAAs1UA==
Date: Thu, 04 Aug 2022 13:20:20 +0000
Message-ID: <DM6PR14MB2186188B8CFA66967F52A081929F9@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <12352.1657505901@localhost> <ada963a796ca3fafb42a29751020ff4326fd2a1e.camel@von-Oheimb.de> <563732.1659120308@dooku> <36c409c2-ab92-4ec2-6f1e-235652a243d9@siemens.com> <3758.1659557693@localhost> <399c3a1e-ee28-cc85-6e6a-cee210e70753@siemens.com>
In-Reply-To: <399c3a1e-ee28-cc85-6e6a-cee210e70753@siemens.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2506f510-5bc1-411e-fd44-08da761c14bd
x-ms-traffictypediagnostic: BY5PR14MB3969:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uSDEa26+V19uwfchRi/bty0zrsRXwsDx5DHqvHYDJJnARoTZk/FCMGzjjlUn5hIkxWJEaEhTjGZ2HJt/d5CEuHqVPco9NzIJliqT8p0E/v54xQjbnEpfGaXJuR/o8t4lxjOCqDKmJ15gZH0Ex1+GnlYZFQ9/b+wEcu5LnvK079xSzSa0g7ht9+SVx7yIZpmW7WdocBvch4OMLzcNJtGuZqU5lTkJKS8tNyi3h+mkj5uGFJi60JyaFFB1c6ni4YY8SqdH4r8Nc1NW+2n0rkcpQ9nZvSuDrLXnpoGMemqbGAnmnnfscfrIPoaq2QRbxEMBAzZzE8H4roGGZfdGvTr5APm9hFrkFiMGHerNdmn1PO8JhvZEO8fGv6qntCU7yl8DtRMHt6E7uIglGx24+bwOsA4y5oXbf60iLZtj1jV5DLwc1kuhlSVNwXJOFR5sliuTod5k0Hb1/BNGA+srMGnblhEeOVv/eysOZeTg596Pb51uGsONOPfIF+I+7s4GTUl14HJv4sH16OiJjSAbxQ35PIhh2IoVF2n+1WcON/WkDa9zUQGlvyYlOEapriXAjFE9OG1Da291+rhib+8d4poA/zdigTtpbxQ2AiQuqCVj6Lps23WgL8sQr2pGf9qt8hKHU/TKBVt24YKPEWIuQu3htTzQ0SAVMfczWjmpLsR+U1U9uWVZVlYxTul2YslXHnFPsQsBmrIuyewnOIS5/l2/nOsP93ebgiHb0bNQKByiVFlyLrssqc/1IrjYtCE1FEMeUExZbzpBwT6XWA17a7+tkyUWBq8jftgm4FFd2L0loH5fNEoQKyTlQLDnLapb47XXXZ8WR5gIKk1/dn2rPF1ebw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(366004)(376002)(136003)(396003)(346002)(39850400004)(2906002)(33656002)(5660300002)(41300700001)(99936003)(166002)(186003)(38100700002)(53546011)(7696005)(6506007)(122000001)(38070700005)(9686003)(26005)(110136005)(316002)(55016003)(478600001)(966005)(8936002)(9326002)(86362001)(83380400001)(52536014)(4326008)(8676002)(64756008)(66446008)(66476007)(66556008)(66946007)(71200400001)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: j7hNKaoNvSpKYgnwAY8t5fI1SoA4Qn0QMaINNokDu6DjUtyzLt2obq/yjbWdL38CNQaHHKuv1K7dCrOnHmOP2zKIevYj1UmsphOjdnDAAUw5Jjnua57Ij8fHBLqHuDEPOdo132a1oeIA2/P7cS16V6U1tWf+7PlseMrsukDrBRg5e/KSZ9XXT6eeyQPi0i65XM6fZIatvoANZQlnWcksaBTxoOsxpXMskm2bmicpLKEMZGQSXX7Kj13q4qBWkgMrgAWRLYx4ZP1ZvW48Yl30oXkoG4D7NMp+WZ/cNFQ3hsdr7wfkmt3tkEPlLABc303TWf0fsV+XsGy3qqsFgyqxeBcydAuUbQDRp6ARtIUCNZWN531tnmCzUiTxk7bSJTzmiKwhoOJdCxgdlQThbE8rN/NsXil9r/zSkYeehdHOiXpEhoM+FOiqP26exZrqagxNWy3omEgMaIU2cxnqHU+dvcB44/pBW85k2W3fScANul8uQB75irt37uw1nykLtrfsqM46G8PNF726DCbcujCh8APHipeBaE0UYtzRnfOL3jNbW5NLL1QgFmRoGHsUdTPt2W1amOhdCHuAVy5p2FTHk0M8QiQ8dYfHuwRIwGrkdH6yIKKLveaVqC8iF4CcXfsoe5rf1v7mckiF1A/pL3RqkkNDLKJMceCkoEiLl57guRYajH1nuUmit/w4NXBDpYYMwdWQNRA/LMtxxbh5Y7ui5hDNBxgwP53HBMXoLPhAZHn/re3tX4BoF9cUMTnBHBm8FsaTjLb2rOSwPbO0UmPGjwfBQ6sklA9aZUX9ZdSzAVdkboZuqvwu+P1RcvWEvXif31QiviA1iRd3Yz/7wcA/x6W6WyGXtSW5cXV6b6Vf7X5/ZAjoDaT2PbGP+/F/NU2/LIvUOyv2zzQwTusNZBE8NtOczPvKMBEymedtcrhwDVAVpw1Qvr4Eio5D9ndJgmeZI/DqqUKI2cdZOyptYRo67lrrMqV4H2j77fEtnoYtrtIzTrQpg3v9gmyXAZPs8Wn4ljIEABPYpcGqFibKV4FiGseGXJl9kx2kx0hB+zIf9rEX7/bPZyZ32vfu5LRvfAUJvNmhuRIiLkDRoerNKH5NqbpHu+LPFIlzum565gNQks3wLNV1XngeyMka312RpfIdEbg5EFGEqoDa5l0CysI0ctrJqsi+6K2mDMZgc0QAQkzbhgoSyb/fRTpin0RynVeAhcCmE6wnAgC4UJiY0Ikz8Mex3RCfKeGAXDXIKymoSxTIa0dPyVJKazchYU4Rbxd1iXjNvgg+DmyKnGBbhr43Vvjpe9wZ9GQKOwf4/hymUSAa8M+EoGKkQ58Li7pRGKW/W03Pvi8V5RuuegG8NBi/uto3d7oTU7d9Wz8L/sru06VR1JNSP037zN3HXFoFR2ID64acqNpiW/YwZEQBRBqXvJMnvJDAeAGwOoIxT3XhE5FpynmppI25EQBMTAVcxRYZ6+x348NzfROdQIl+2qM5NfhnWLBQaq5Yoe3kcy7gWKAt4vdk7P7NqrP+TrM1ZFQbZERyIaGGzLXh7CZvEQ7A7Aax/djS4vDttTExEKn299rDy8QnceLcs4qoNbtg9CYo
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_033D_01D8A7E3.69D485E0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2506f510-5bc1-411e-fd44-08da761c14bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2022 13:20:20.4878 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2Q9+1LCjCe0tdAH/TZzWZ+GDIE9sjZUtSlrzodWmCxx1UVsgsTelmlS03zfEuDmj+nqRppQr2JQlc4q81eLUuP/boOGjIGNa4sC/5l6/EOc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR14MB3969
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SFaPcyQk3PPJGwxvbZb9rNq37wI>
Subject: Re: [lamps] struggling with CSRAttrs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 13:20:29 -0000
Hi David, > (BTW, there is an erroneous self-reference to Section 6.2.2 within itself.) > In this section I miss a definition which OID(s) to use for acp-node-name etc. The errant section number reference should be 6.2.2.1 [1] (one of us should file an errata on this), which defines “id-on-AcpNodeName” as: id-on OBJECT IDENTIFIER ::= { id-pkix 8 } … id-on-AcpNodeName OBJECT IDENTIFIER ::= { id-on 10 } AcpNodeName ::= IA5String (SIZE (1..MAX)) -- AcpNodeName as specified in this document carries the -- acp-node-name as specified in the ABNF in Section 6.2.2 <https://datatracker.ietf.org/doc/html/rfc8994#section-6.2.2> Given this definition of the value type, the example will also need to be updated to use IA5String instead of UTF8String. As a more general note, I highly recommend using Russ’s excellent pyasn1-alt-modules package as a reference for ASN.1 definitions when it’s difficult to find them in RFC prose: https://github.com/russhousley/pyasn1-alt-modules/blob/master/pyasn1_alt_modules/rfc8994.py#L34 Thanks, Corey [1] https://datatracker.ietf.org/doc/html/rfc8994#section-6.2.2.1 From: Spasm <spasm-bounces@ietf.org> On Behalf Of David von Oheimb Sent: Thursday, August 4, 2022 8:31 AM To: Michael Richardson <mcr+ietf@sandelman.ca> Cc: LAMPS WG <spasm@ietf.org> Subject: Re: [lamps] struggling with CSRAttrs On 03.08.22 22:14, Michael Richardson wrote: David von Oheimb <mailto:David.von.Oheimb@siemens.com> <David.von.Oheimb@siemens.com> wrote: > Let's keep the original field names. Also because this underlines the > important fact that we do not change the ASN.1 syntax at all, which is > critical for bits-on-the-wire compatibility, but we just clarify its > use and interpretation. I'm okay with that. Glad to hear. > I've just made a pass on lamps-rfc7030-csrattrs.mkd in the GitHub > repository. Its new version contains various suggestions for > improvements here and there. Also updated the subjectAltName example > to be of the more usual form of a dNSName and inserted two > questions/remarks: Why did you change the RFC8994/ACP example from a real acp example name to domain.example? I did so because I did not pay attention that this SAN example had special relevance, but also because its ASN.1 encoding was flawed: 31 59: [0] { 33 57: UTF8String : 'rfc8994+fd739fc23c3440112233445500000000+@acp.ex <mailto:rfc8994+fd739fc23c3440112233445500000000+@acp.ex> ' : 'ample.com' : } and because the dNSName variant is much more common. So I've just re-added the otherName variant, while correcting its ASN.1 encoding and keeping the other SAN that I had added, with a dNSName value: SEQUENCE { OBJECT IDENTIFIER subjectAltName (2 5 29 17) BOOLEAN TRUE OCTET STRING, encapsulates { SEQUENCE { [0] { OBJECT IDENTIFIER '??? TODO' [0] { UTF8String 'fd89b714f3db00000200000064000000' '+area51.research@acp.example.com' } } [2] 'domain.example' } } } Note that the otherName choice is defined (e.g., in 5280) as OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } so you need to include an OID in the 'type-id' sub-field that gives the specific SAN sub-type, governing the interpretation and type of the 'value' sub-field. I could not find any such OID in https://datatracker.ietf.org/doc/html/rfc8994#section-6.2.2 which says (among others): Example: Given an ACP address of fd89:b714:f3db:0:200:0:6400:0000, an ACP domain name of acp.example.com, and an rsub extension of area51.research, then this results in the following: acp-node-name = fd89b714f3db00000200000064000000 +area51.research@acp.example.com <mailto:+area51.research@acp.example.com> acp-domain-name = acp.example.com routing-subdomain = area51.research.acp.example.com The acp-node-name in Figure 2 is the ABNF definition ("Augmented BNF for Syntax Specifications: ABNF" [RFC5234 <https://datatracker.ietf.org/doc/html/rfc5234> ]) of the ACP Node Name. An ACP certificate MUST carry this information. It MUST contain an otherName field in the X.509 Subject Alternative Name extension, and the otherName MUST contain an AcpNodeName as described in Section 6.2.2 <https://datatracker.ietf.org/doc/html/rfc8994#section-6.2.2> . (BTW, there is an erroneous self-reference to Section 6.2.2 within itself.) In this section I miss a definition which OID(s) to use for acp-node-name etc. Is there a reason not to include the line numbers from dumpasn1? Actually there are two reasons: * those numbers are byte offsets and lengths, which are not important here and just add clutter * the numbers would be very cumbersome to keep consistent when adapting the example In the actual content, it goes from having the critical value shown, to having: + OCTET STRING, encapsulates { + SEQUENCE { + [2] 'domain.example' + } + } + } which I don't understand at all. Is this a different dumpasn1 version? No, the 'critical' bit is before the 'value' field, thus it is shown just above the "OCTET STRING, encapsulates {" if not, what are the actual bits on the wire changes? The tag "[0]" that had been placed with the 'critical' bit was wrong: [0] { BOOLEAN TRUE } so I corrected this to BOOLEAN TRUE See also the emails by Corey and me in this thread of Aug 2nd. > (TODO: Do we want to allow an empty extnValue (which is of type > OCTET STRING), which would mean that the client is told to include > an X.509 extension of the given type and fill in the concrete value > itself?) Yes, I thought we allowed exactly that before, as: Attribute: type = extensionRequest (1.2.840.113549.1.9.14) value = macAddress (1.3.6.1.1.1.1.22) in RFC7030. Good point that this effect could already be achieved by such a type of CSR attribute that is different from the "new" approach using a CSR attribute of type extensionRequest. Yet IMO the new approach is more adequate because there the (request for an) extension is in the context of the extensionRequest attribute, rather than "out of place" in some other attr, where its OID is harder to understand and to process without this context. So I'd suggest stating that any such to-be-filled-in extensions SHOULD be placed inside the CSR attribute of type extensionRequest with an empty OCTET STRING as the extnValue. > (TODO: Note that this mechanism does not support telling the client > to include in the CSR a specific subject DN, simply because there is > no OID for this. I think we should better make this clear, or we > have to define such an OID if setting a subject name should be > supported.) I don't understand. Telling the client to include a specific subject is exactly the problem we are dealing with... or are you making a distinction here between subject DN and subjectAltName? There is a clear distinction between * a cert/CSR subject, which is (essentially) mandatory and is a (Distinguished) Name and * the Subject Alternative Names (SANs) optionally given as X.509 extension values. as can be deduced also from the following declaration from RFC 2986 (PKCS#10) CertificationRequestInfo ::= SEQUENCE { version INTEGER { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes [0] Attributes{{ CRIAttributes }} } noting that any SANs are (indirectly) part of the 'attributes' field value. As I wrote on March 9th <https://mailarchive.ietf.org/arch/msg/spasm/KSBlnRVVTcgpEAM8eA_uEssHY2I/> and April 5th <https://mailarchive.ietf.org/arch/msg/spasm/PqCEDBk_Vd59bDDxb7hVDg41PKM/> and likely already before, while SANs can be expressed as part of an extensionRequest CSR attribute, a regular subject field so far cannot be expressed in a CsrAttrs structure. This is because no OID has been defined that could be used, e.g., in the 'type' field of a CSR attribute and the CsrAttrs structure does not have any other field where a subject Name could be placed. David
- [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] strugling with CSRAttrs David von Oheimb
- Re: [lamps] strugling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs David von Oheimb
- Re: [lamps] struggling with CSRAttrs Corey Bonnell
- [lamps] Fixed the RFC 8994 / ACP Subject Alternat… David von Oheimb
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] struggling with CSRAttrs Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] struggling with CSRAttrs Russ Housley
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… von Oheimb, David
- [lamps] IANA Considerations text for OID allocati… Michael Richardson
- Re: [lamps] IANA Considerations text for OID allo… Russ Housley
- Re: [lamps] IANA Considerations text for OID allo… Michael Richardson
- Re: [lamps] [EXTERNAL] Re: IANA Considerations te… Mike Ounsworth
- Re: [lamps] IANA Considerations text for OID allo… Tim Hollebeek
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Michael Richardson
- Re: [lamps] Fixed the RFC 8994 / ACP Subject Alte… Esko Dijk
- Re: [lamps] examples in lamps-rfc7030-csrattrs Michael Richardson
- Re: [lamps] examples in lamps-rfc7030-csrattrs Corey Bonnell