Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaKeyLen
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 18 September 2020 10:47 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12CCA3A0B9F for <spasm@ietfa.amsl.com>; Fri, 18 Sep 2020 03:47:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QMX7mbAVtXe1 for <spasm@ietfa.amsl.com>; Fri, 18 Sep 2020 03:47:36 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140085.outbound.protection.outlook.com [40.107.14.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41A3E3A0AD0 for <spasm@ietf.org>; Fri, 18 Sep 2020 03:46:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XNq81XiQvw4F/1bKCTmhTgqdDiTlpVIydZc86UbxE0rPXd486bUkgr/TU0RVcq/J/JL7k3iPhdoyxJESyB+uRQKtbEtfAVvy1+Rllo5ATGQ0weFIt9cNNq8548LBbBiGxTe+TeADJlnAgrCbcJfnKKfZ545fPiYfiOhDxPnegkciFGr2B4J00MRmAI+6geHcKKumk8YUjuR3MxAYn1wFANvj8vy9sOTzIRtfjU9gp/w/4uwUl7dGxCl8FZIMb3H2uBnIQqQlo4nBSb7/ZwLsc7xfmcCqT88NysYOgBLlGPZNHBtCZ2S5TthE3UYSK6tpDmrk0aWqaHcXnabqdYyoVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CNGHaSx9evAg7JzBuPT2LtaebfgGenbiUkcajE9cW2U=; b=iGYXJaZcWNMIeNrjlLA/SLWgGWK6JILQTPmrASdNsHPFdho8p37Gghd5FYOEEojFUPEwd/jOJfOSCit31NJOrp5qH46SvnY6zHxneF12C+bocgICwptFA49acwWcS+jcfTqvCgSjb679b8oUM0K3PsQ8HxcEr9QSjwOuB7ODnn++7qv12r3sOyG9bO5spFyvgtjZx+B4tDXZT6vbB/e4HnUZ2zewEZiWoobA/oJONzcKa/dgx/Yzs/KxNoazk2toheuxXSlIXT8r21neAh9GK8/3wY0fGgAKWEfakLnO5seopOGzSpBHvVilMzqZ72L4kMkCldGzP+pCGxQI6TgXGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CNGHaSx9evAg7JzBuPT2LtaebfgGenbiUkcajE9cW2U=; b=FoTbY9ZxpZzGXcSwhotqpof0DPbgYPHBiCcp5KaNk24te1tsIGI/+Or5RsRb0ZH9nyUbu3rkE0auOEqKp0EuMsrqljCnTVodCh1QU70BPaTUyzMV7iPGurtUCoGWDfEn6Qtm0VfE9luMB/GbzCRVMezyYjAtuLgnFm445yrPlc4=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2130.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:da::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15; Fri, 18 Sep 2020 10:46:43 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::815c:e3e3:e2be:5eed%6]) with mapi id 15.20.3391.015; Fri, 18 Sep 2020 10:46:43 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: "spasm@ietf.org" <spasm@ietf.org>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>
Thread-Topic: [lamps] dtaft-ietf-lamps-cmp-updates and rsaKeyLen
Thread-Index: AQHWi6YYHaZzdnX6XEOInEZKE7MbAalqzO3QgAByT4CAAvhy8A==
Content-Class:
Date: Fri, 18 Sep 2020 10:46:43 +0000
Message-ID: <AM0PR10MB2418EE32B86335DEADEBB2C8FE3F0@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <AM0PR10MB2418651EF480383C1FBAD448FE440@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <ECF4A046-3690-4B8A-9851-935CDACA89C2@vigilsec.com> <AM0PR10MB241896142536A43A77C92C05FE210@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <CFB4BA33-4F63-4825-A5D6-DA3D6A4F721E@vigilsec.com>
In-Reply-To: <CFB4BA33-4F63-4825-A5D6-DA3D6A4F721E@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-09-18T10:46:42Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=190a764e-b637-40cf-864d-956b8b83539b; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.172]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5cf8a853-55fa-4f7e-2d04-08d85bc0222b
x-ms-traffictypediagnostic: AM0PR10MB2130:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB2130700C4E8AD95FD0AD91F5FE3F0@AM0PR10MB2130.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rmmeP7eTPSsy+ypI1Z0syhtTs9tvzX77Jf1oux+HK985pyhou/tdjfxgFEgbpV7FjVs99mHSiWPQpICN5mEYf0bTZc9oUtl0NVVV0SuxHxeADa2WdyOtfFtAb36QhrJEvcUuPbYJwwetqbgRSMybdPkaF4bb1mDZ061BBfNULGb9gCwwxpJ9kim4bb2m8UMI2dTLHlDsFEb3QAOus6Rve4xjsDn6MiXFNtrdSdqipR6ofz5cCuG5/qcrrW1K/ryAcgSWWj8FWF63+tCdqguTGBYPh63UlRYPNCwE0Bc4xuPxek3nMZS7uxeR8ZSIjVsrbdsqnoQrsxE6e0hk5jHjvKiuxaaPjBPL+oJfKvvNhKlzZLumHTcv78a58F4hUFRl
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(346002)(396003)(136003)(39860400002)(71200400001)(66946007)(66556008)(33656002)(15650500001)(478600001)(66476007)(86362001)(6506007)(54906003)(76116006)(316002)(64756008)(107886003)(66446008)(83380400001)(6916009)(8676002)(2906002)(7696005)(55016002)(186003)(9686003)(52536014)(5660300002)(8936002)(4326008)(55236004)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: n/46aX33nHfUzNZmIHCHq6UNzcBdxvjcIpW6sd4YPPTsW8F518wxPD2erf3AWWrHPqKZFmo9O+Mzrhk16RCN7ERbkbfH6sXcYv9iN2/dCqcFBOOj2YxVWkZnJzVWCKgEAAPz+u6PlvwcODfHZeo7D48rB1mC8iPQC0wmnB8wB+kPfqJUGIhbeiAo8JeqGCQYiGdKZpJGWMgrFbLWyANPb8vKWhlYK85bdQkZsA4eWPj7L0TZDESU+Kt1CPSfY+u/xhN0wKzo3jaPl2VNQfJkbLSuCipeBcCUoKYfg7VgV02E9ifoVuqHaev8SsoavbSZh6vF1G1WbXUG6LXet0SZcCWoAWuPBa/V+v6AP9N3+Ac87BZm4GENjTrC1TavsUeHMSuS5NqrorcW4WOSuySLPGtcBlWMCWS1Q7CvM2LxXTWt0wbkkrAkvlJRh4pOtIYPC/i//sorCsBhGhIbQLlwicC4afylwrThtwZK/j2K8uKrFrxR07b/rlZE4eykZuojDTdOFjFX9J8Kx3aSgmZ5CTQmMo6hUdCuBzvQJ/U+rP1XeAoHcBmZtQ+VMweY0QbX73ue2zKo0+mjlmQPyLSEGrwtPTcZP88wqaV2dML/sOyVg3L2bA7LzwJsV8ZBZLK73kG6o0DsjPFTaFug8daMIw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 5cf8a853-55fa-4f7e-2d04-08d85bc0222b
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2020 10:46:43.7648 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E2yglGDiNqUYW/gfFAfsqqhFz0n3/LU23ka7zvhBOOEsOVm5KNAkHrbFlZ+eN0a6TNXmRZ62bW4keh7V0JfKy9PwB9zVsvseOUNVYtlntGw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2130
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/YuyktQQNe0Lv21uRl9Nk0PpBJDU>
Subject: Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaKeyLen
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2020 10:47:37 -0000
Russ > Von: Russ Housley <housley@vigilsec.com> > Gesendet: Mittwoch, 16. September 2020 15:14 > > Hendrik: > > > >> Von: Russ Housley <housley@vigilsec.com> > >> Gesendet: Dienstag, 15. September 2020 23:21 > >> > >> Hendrik: > >> > >> The ASN.1 modules add rsaKeyLen, but the body of the document does > >> not say anything. I think it should explain the new field. > > > > You are right. I will add a brief explanation to the respective section. > > > >> > >> The ASN.1 module comment is the only hint right now: > >> > >> -- Any reasonable RSA key length, if subjectPublicKeyInfo > >> -- of the certTemplate has the OID rsaEncryption. > >> > >> Also, if the certTemplate has the OID id-ecPublicKey, is a similar > >> convention needed to provide a list of supported curves? > > > > For rsaKeyLen it is possible to specify one key length and for id-ecPublicKey it > is possible to specify one named curve in ECParameters. I think we are > consistent in this regard. > > If an RA needs to offer a set of allowed algorithms or curves, it can use the > Signing Key Pair Types general message as specified in RFC 4210 Section > 5.3.19.2. > > Okay. That means that id-ecPublicKey would appear many times, once for each > curve. Can we add text to say that? Right, a genRep can carry a sequence of InfoTypeAndValue and therefore a sequence of offered algorithms. - In the case of 5.3.19.2 it could be a number of id-ecPublicKey structures. - In the case of id-it-certReqTemplate (Lightweight CMP Profile, Section 4.4.4) we did not allow this case, but yes, we could change Lightweight CMP Profile Section 4.4.1 accordingly to offer it. I can add a sentence to RFC 4210 Section 5.3.20 to explicitly state that several InfoTypeAndValues of the same type are allowed. Did I get your suggestion right? I will respond to your second suggestion on using Controls separately. Hendrik
- [lamps] dtaft-ietf-lamps-cmp-updates add section … Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates add sect… Fries, Steffen
- [lamps] dtaft-ietf-lamps-cmp-updates and rsaKeyLen Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Tomas Gustavsson
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Brockhaus, Hendrik
- Re: [lamps] dtaft-ietf-lamps-cmp-updates and rsaK… Russ Housley