From nobody Wed Apr 1 04:55:01 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15B343A0C76 for ; Wed, 1 Apr 2020 04:54:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0SINLdyToidj for ; Wed, 1 Apr 2020 04:54:51 -0700 (PDT) Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id D40983A0C87 for ; Wed, 1 Apr 2020 04:54:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1585742087; d=isode.com; s=june2016; i=@isode.com; bh=oxgtGm4dw2eijTXSZI48EZav11RCRsljZ1lILiST4XQ=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=VyAuR8tbtgCkoJ2e4Kb3miKot5nNoYud3Y8w83w7UdXR1++wmApzNVaKn8swQG18ONB1MH nQENS9GaT3ZxzTdo2RooxMSWDUVCFYqb0zZ1+s14pvgFaNwklQRg1ZC9psqyiSAOF2WPwG ma9Nvbg6Xd4DvrYy8dV4FwT6yiurshQ=; Received: from [172.27.251.240] (connect.isode.net [172.20.0.72]) by statler.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 1 Apr 2020 12:54:47 +0100 To: Russ Housley , LAMPS WG References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> From: Alexey Melnikov Message-ID: Date: Wed, 1 Apr 2020 12:53:58 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 In-Reply-To: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------AAD35D9C4A36BECD4692A8F7" Content-Language: en-US Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 11:54:54 -0000 --------------AAD35D9C4A36BECD4692A8F7 Content-Type: text/plain; charset=utf-8; format=flowed Content-transfer-encoding: quoted-printable Hi, On 30/03/2020 17:11, Russ Housley wrote: > This is the LAMPS WG Last Call for "Clarification of Enrollment over Secur= e Transport (EST): transfer encodings and ASN.1=E2=80=9D . Please review the document and send your comments to= the list by 19 April 2020. This is longer than usual to accommodate the va= st number of virtual interim sessions that are taking place right now. > > The datatracker page for the document is https://datatracker.ietf.org/doc/= draft-ietf-lamps-rfc7030est-clarify/ I reviewed the document and it is basically ready, modulo a few minor=20 things: 5.1.=C2=A0 CSR Attributes Response =C2=A0=C2=A0 Responses to attribute request messages MUST be encoded as the =C2=A0=C2=A0 content-type of "application/csrattrs", and are to be "base64" =C2=A0=C2=A0 [RFC2045] encoded. I think you should use "[RFC4648] section 4 Base64 encoded" here the=20 same way you already do in Section 4. I would also ask you to add some text that this is a deviation from HTTP=20 1.1 [RFC7231] definition needed for backward compatibility. 6.2.=C2=A0 Updating section 4.4.2: Server-Side Key Generation Response =C2=A0=C2=A0 Replace: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set, the re= sponse data MUST be a =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error message= . =C2=A0=C2=A0 with: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set, the re= sponse data must be a =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error message= . =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Servers MAY use the "text/plain" conte= nt-type [RFC2046] =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 for human-readable errors. While the new text is not wrong, may I suggest rewording it to something=20 like: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set or expl= icitly set to=20 "text/plain", the response data must be a =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error message= . =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Note that [RFC2046] states that lack of cont= ent-type is treated=20 the same as Content-Type: "text/plain". Basically I am trying to point out that lack of Content-Type is the same=20 as "text/plain" as specified in RFC 2046, as opposed to something=20 invented by this document. /* */ Best Regards, Alexey --------------AAD35D9C4A36BECD4692A8F7 Content-Type: text/html; charset=utf-8 Content-transfer-encoding: quoted-printable

Hi,

On 30/03/2020 17:11, Russ Housley wrote:
This is the LAMPS WG Last Call =
for "Clarification of Enrollment over Secure Transport (EST): transfer encod=
ings and ASN.1=E2=80=9D <draft-ietf-lamps-rfc7030est-clarify-02>.  Ple=
ase review the document and send your comments to the list by 19 April 2020.=
  This is longer than usual to accommodate the vast number of virtual interi=
m sessions that are taking place right now.

The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/=

I reviewed the document and it is basically ready, modulo a few minor things:


5.1.=C2=A0 CSR Attributes Response

=C2=A0=C2=A0 Responses to attribute request messages MUST be encoded as = the
=C2=A0=C2=A0 content-type of "application/csrattrs", and are to be "base= 64"
=C2=A0=C2=A0 [RFC2045] encoded.

I think you should use "[RFC4648] section 4 Base64 encoded" here the same way you already do in Section 4.

I would also ask you to add some text that this is a deviation from HTTP 1.1 [RFC7231] definition needed for backward compatibility.


6.2.=C2=A0 Updating section 4.4.2: Server-Side Key Generation Respons= e

=C2=A0=C2=A0 Replace:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set, t= he response data MUST be a
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error me= ssage.

=C2=A0=C2=A0 with:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set, t= he response data must be a
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error me= ssage.
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Servers MAY use the "text/plain" = content-type [RFC2046]
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 for human-readable errors.

While the new text is not wrong, may I suggest rewording it to something like:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 If the content-type is not set o= r explicitly set to "text/plain", the response data must be a
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 plaintext human-readable error me= ssage.

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Note that [RFC2046] states that lack o= f content-type is treated the same as Content-Type: "text/plain".

Basically I am trying to point out that lack of Content-Type is the same as "text/plain" as specified in RFC 2046, as opposed to something invented by this document.


Best Regards,

Alexey

--------------AAD35D9C4A36BECD4692A8F7-- From nobody Wed Apr 1 14:12:53 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 697643A0955 for ; Wed, 1 Apr 2020 14:12:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_ffdrV74hYH for ; Wed, 1 Apr 2020 14:12:49 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C810C3A0953 for ; Wed, 1 Apr 2020 14:12:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 47E01300B5E for ; Wed, 1 Apr 2020 17:12:47 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FhjSIjSswGyr for ; Wed, 1 Apr 2020 17:12:45 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id E484A300B0B for ; Wed, 1 Apr 2020 17:12:45 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: Date: Wed, 1 Apr 2020 17:12:47 -0400 To: LAMPS WG X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: [lamps] Minutes from Virtual Meeting on 30 March 2020 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2020 21:12:52 -0000 Many thanks to Peter Yee for the high quality notes. I have turned the notes into minutes: https://datatracker.ietf.org/doc/minutes-interim-2020-lamps-01-202003301030/ Please post any comments or corrections. Russ From nobody Thu Apr 2 03:48:48 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C007B3A0A12 for ; Thu, 2 Apr 2020 03:48:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5HwWyHbzTvIl for ; Thu, 2 Apr 2020 03:48:43 -0700 (PDT) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2041.outbound.protection.outlook.com [40.107.21.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD7A33A0A09 for ; Thu, 2 Apr 2020 03:48:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eMc8CKTiAJuSkmn4hI1/IhCvcLk5Uj1zhauS34MSs0Kg58BgeihTbEtjsLR6YKhuFpkXxLXvqMHRqU8woBssl6ftDZtjRGkoK9xBVSTZePyA5Th5Q3hB+LfmR9UMChmwjKRtgrtxgk8E2jJWyzXJwDYkdw4GtrWAjE7bxNRHhhxUrttMQ66J0vQTtp+7HNdiGDqoaMZvJz09Wy3obM9TiU9UJxQ09/X5zYgmXieDm8PkYZEYzhmIPq/gBvcGX5DoLS+OVuoTvWuKI4J87ZkjveB2zxBhewFvqLlFHP0G9+O1u9+NvhCwxIPzdyowgY374j6ZBMmVzmQT2BaiP68k0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4sSqK8EpRJYgPoc2H9bbnWvF36I8GIK37Se36tA53e4=; b=VYrvjIYyzDInEYi5LxUW4YZrNDe8OmXItQX95uagpPd0Pym7SAJs9c1561U8yXt0t7rZdsC2bDP4BnLvQqm43SjHgA4AcSzlIOMMtKsAN3G7bBt29Uo07oqHnowsbTYCCn2uXbrMwKxzsleVcM8m5qwaky7FzWjFq2mbj9SlJWp0aIdXLLUntrFHERjO0kZOBZjdTz/DPP+hTvxfPUzTN7qUgWf8uIsU9t8eCSjdxoA0u67FNmXx+xueXB1TtcqnLoGOTGmyQZZyYH7XfJRItkLk2KFGcMyx1CJRy2cfu0NrDf0hKuAHxWwxmIHLyJNcL+ClnY5G4R3Y5O6wv+3Ptw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4sSqK8EpRJYgPoc2H9bbnWvF36I8GIK37Se36tA53e4=; b=W5rdUAXLAzf902mOb2XfWbs6nl4CyCB1VfFAMumbANOh0RwxgHWJ5pD9vB0aCvqo25g8KjF99B7rBiu6xZGDBwazZna2PyqRTpvGvuhHnaOGbRMoU//sFfcYh6PARAAAmN+bHt3HbOmmnEhYSdqshJVLwGAkACCHmbohU6uJnKo= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2212.EURPRD10.PROD.OUTLOOK.COM (20.177.108.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Thu, 2 Apr 2020 10:48:40 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2856.019; Thu, 2 Apr 2020 10:48:40 +0000 From: "Brockhaus, Hendrik" To: Russ Housley , Jim Schaad CC: LAMPS WG Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 Thread-Index: AQHWB4bFMhO5m425TEKdhUD7XSYtoahlkObw Date: Thu, 2 Apr 2020 10:48:40 +0000 Message-ID: References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> In-Reply-To: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.151] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 63c424c3-ee3c-4490-5b9e-08d7d6f367ef x-ms-traffictypediagnostic: AM0PR10MB2212: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0361212EA8 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(376002)(39860400002)(366004)(136003)(346002)(396003)(33656002)(55016002)(52536014)(66946007)(76116006)(64756008)(86362001)(4326008)(66476007)(66556008)(478600001)(6506007)(66446008)(7696005)(316002)(66574012)(9686003)(8676002)(26005)(81166006)(8936002)(186003)(71200400001)(2906002)(55236004)(110136005)(5660300002)(81156014)(21314003); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aIATCuz+ySmGVjCntF3u34H0KZIbDO/+aoX9On9Y2LypHwmbnviDQq+BHWlZIu5wMQJTKRL1QBsCTNQnkA8VzD3J/bbphAYXncpIpKniBNR/W0ONteXz1G3+1SD8b9J+5xukw9ztI8/2WN462k7U/UP3fXRgyW1szhtJ+XwYH+ptQ/iLsjQzH316IaHJEI3yQ8VLNlkhzgq9Kz7caP+PT/pR3gT6Nl/75d25zYEA0MqCvo1dy6sQYzq7ZOtrII14YXn7uv5gvi6TlEmTvhc7HaChsFNtgiG+6dIwYpSs26x7KVnluH/DarFrHPFLVRdDca9/dhq2PAe9AU/EQSxqIQnZzC17EFnA0xFtTQwcMnJAUOh+1ZOCDNvn08PntyJmZtwbMcv+ACyOugPYY1QORnvh5vDEml27d2QR/g14LVhVrpgbk9AciWSb4yFOv/YD1oxo6TMuT0VWfR40WV0c3740t3bZ9uPr8nSpAaB1qBXVX6ynGL518vl6+dl2PNKU x-ms-exchange-antispam-messagedata: oknuXbj3qw4IzZ1YE1pCh4hFWXRTNcS5ckOwfJEKkkBAY0G4bS5NJX+NRuYVEe/4Ju1gbKeveIjai0lHBogyAtOpMW/VW/h50vaVNvmqrddG536pAmMPUdybABh+DfjFLVS0VNRpcgFi3Ozba/1BlQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 63c424c3-ee3c-4490-5b9e-08d7d6f367ef X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2020 10:48:40.4122 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2qRpNWnnqYG9LZw2neDhAMOTH91qUBlsvr2f+MoHCLqnaTHNCgGI3nvlD7ryHbQ5gLH0RKnaxxj3jSFY7rcIlM9UpTH3h86PitUJ/oorN/o= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2212 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 10:48:45 -0000 Russ Thank you for your feedback. Together with Jim's question why I do not use PasswordRecipientInfo type I = took some time to have a closer look at it. In EnvelopedData there are only ktri, kari, and kekri mandatory and pwri is= only optional. May be this is a reason why I did not look deeper into pwri= . From its specification in RFC5652 pwri looks fairly what I tried to speci= fy using PBMParameters. I was a bit confused that RFC5652 refers to RFC3211= for further specification of PasswordRecipientInfo Type even thou RFC3211= is obsoleted by RFC3370. Should I use the PasswordRecipientInfo Type from = RFC3211 and the keyDerivationAlgorithm PDKDF2 from RDC3370 then? Below I updated my approach using KEKRecipientInfo using an adapted Algori= thmID like I understood Russ's feedback. @Jim, Russ, what would you recommend? Should I follow KEKRecipientInfo or s= wich to using PasswordRecipientInfo? > Von: Spasm Im Auftrag von Russ Housley > Gesendet: Dienstag, 31. M=E4rz 2020 20:04 >=20 > I find this difficult. Using id-PasswordBasedMac as a keyEncryptionAlgor= ithm > algorithm identifier is a problem. The OID tells the implementation how = to > parse the parameter structure, but it also tells the implementation what > processing steps are needed. It works for the structure, but I think it = will be a > big problem for the processing steps. This is made worse by: "This key > management technique can be applied in combination with the PKI > management operation specified in Section 5.1.4 using MAC protected CMP > messages." This means that id-PasswordBasedMac would be used to indicate > two different sets of processing steps in the same message. If I understand this correctly, I can continue to use the concepts and gene= ral structure of PBMParameters. This approach could look like this: I would define a new OID/syntax containing the fields salt, owf, iterationC= ount, and keAkgorithm. It could be named KEParameters (KeyEncryptionParamet= ers) to indicate that theses are the values to be used to derive and encryp= t the contentEncryption for EnvelopedData. keAlgorithm shall be the AlgID f= or the key encryption algorithm. To specify the processing I would copy the content of RFC4210 section 5.1.3= .1 with a slightly adapted wording together with the new OID and ASN.1 to s= ection 3.4 of Updates CMP and use it in Lightweight CMP Profile section 5.1= .6.1. id-SymmetricKeyEncryption OBJECT IDENTIFIER ::=3D {xxx} KEParameter ::=3D SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, keAlgorithm AlgorithmIdentifier } In the above protectionAlg, the salt value is appended to the shared secret input. The OWF is then applied iterationCount times, where the salted secret is the input to the first iteration and, for each successive iteration, the input is set to be the output of the previous iteration. The output of the final iteration (called "BASEKEY" for ease of reference, with a size of "H") is what is used to form the symmetric key. If the encryption algorithm requires a K-bit= key and K <=3D H, then the most significant K bits of BASEKEY are used. If K > H, then all of BASEKEY is used for the most significant H bits of the key, OWF("1" || BASEKEY) is used for the next most significant H bits of the key, OWF("2" || BASEKEY) is used for the next most significant H bits of the key, and so on, until all K bits have been derived. [Here "N" is the ASCII byte encoding the number N and "||" represents concatenation.] Note: in case the message containing the EnvelopedData used PBMParameter= s it is RECOMMENDED that the salt field in KEParameter be different to the= one used in PBMParameters. The fields owf and iterationCount MAY be the same than used in PBMParameters. Did I understand Russ's approach correctly and would this fit? Hendrik From nobody Thu Apr 2 13:53:37 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 297BF3A0524 for ; Thu, 2 Apr 2020 13:53:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.2 X-Spam-Level: X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0v_tiMHXv5a4 for ; Thu, 2 Apr 2020 13:53:27 -0700 (PDT) Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D043A0484 for ; Thu, 2 Apr 2020 13:53:27 -0700 (PDT) Received: by mail-yb1-xb32.google.com with SMTP id 11so2912655ybj.11 for ; Thu, 02 Apr 2020 13:53:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=0bXrraDVb3U4WMAEgh9Db/xV+CrvNMnnMksO8Ex/RbM=; b=tCSr7FDRk3lLmkJvmKpMGZLSWFPEXrRl5asaSg/xS8ix7LVFahK2/JW4bRQm6Z+U+U k51kwyViuuA2Kc7Qc+GaWp4oPjBfk5UhNFTE4bpLprgy23J/yE5K6TYWLS8SY2xPNUn5 d0ofJwmgDqJDmKEgiQmoJYF2Htvn1ORkDjWMlZcwJ4UsJ0EYhh0t2pTb3PzrSG16F8OI +dR3VE6XrhsxRZoo730qHU/j8chrmkY0vxFkcE0aE0NpTTVhA2hfw1i06PD7JAwgmYA6 JtcDscrtp2yFIyf6MY6tL5ETgoT/1arowDvJcGZuLT55Qj/DJAtWs/O3eg9XVXOaMoDq eTeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0bXrraDVb3U4WMAEgh9Db/xV+CrvNMnnMksO8Ex/RbM=; b=tIz1tzt1B5UlXSLHFjDAvBttBF/YarpoQYwPvKrTBrrVy79HGYJ0x59o7Ax0308hxY VP8Eq2tBCKb7Zdbetke3gWxHFp+q7aDdGMm8eM3CHJFRBYTSRYW015jBZeJAbREIEsox JsWlyGhb5i9Py0b+lyjBNvpPezXLfH3BWf4UA4ej84gNWjrxJvDnpszW7GYsiTb1cXL6 DIvJTDHk5ZKJBc56FrmLqLTjokY6TmNv0tR7XsxkuckWcztbfqrRSDRJxL4sgpSqQCSk hJIGWuoETNjnk9Cp/UQ5iizGNCpiwZcg2lGEac2mJb7+42sBJ/RWfU3MwI7UI0YVKWX3 oI+Q== X-Gm-Message-State: AGi0Pua9+Odb9AyPpsPdA4jMRaU8WdywkcHY8Cwxu5CxQA29tV3+SS0t uw55uCSNOYwnrlxKWzu5wLRkk9uKVlMHF4wU+rPkemWA/Og= X-Google-Smtp-Source: APiQypLOpf4yl3I9w2niu45SSgvqgSTZpSZgFoOhgQ1h/GXQWGeGWe/sbms30ArXzqmuFsTALK3zXTvPsxkebsTIiE0= X-Received: by 2002:a25:b94f:: with SMTP id s15mr9316371ybm.164.1585860806265; Thu, 02 Apr 2020 13:53:26 -0700 (PDT) MIME-Version: 1.0 From: Jonathan Hammell Date: Thu, 2 Apr 2020 16:53:15 -0400 Message-ID: To: spasm@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [lamps] draft-ietf-lamps-header-protection-requirements X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 20:53:32 -0000 I submitted a PR with screenshots of the S/MIME tests in Outlook with Entrust Entelligence. https://github.com/autocrypt/protected-headers/pull/29 Best regards, Jonathan From nobody Fri Apr 3 08:25:56 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C4863A1835 for ; Fri, 3 Apr 2020 08:25:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.598 X-Spam-Level: X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=aJULdmQr; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=njngQmR4 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKGQrGUXCr3M for ; Fri, 3 Apr 2020 08:25:52 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 368063A17FF for ; Fri, 3 Apr 2020 08:25:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15893; q=dns/txt; s=iport; t=1585927552; x=1587137152; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=r6/olAEHY5SlD70fE3qs0UVGoylQ9MAcEWBkyBlMfFs=; b=aJULdmQrOwvdzZzQvIemVkByF4uDof1zz2rJNvrI9FshaYEK3JmxkD0l uOBIlx0AFziLM6WVTTsR/B/TRM8ilEO6uX6up4v2aa7mMUmaYwV1y1tXk nxGwnl7/hjb6fZk9y6ZTsMoQHZ/5GVQf4264B2WTv8WRgeeRqBSGFf7s2 M=; X-Files: smime.p7s : 4024 IronPort-PHdr: =?us-ascii?q?9a23=3AzFo5BBwGRLQ3xVXXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZudCkT+NPfsZgQxHd9JUxlu+HToeUU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BJBwCAVIde/49dJa1mHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXuBJS9QBWwrLSAECyoKhBGDRQOKZIJfkz2DBYFcgUKBEANUAwc?= =?us-ascii?q?BAQEJAwEBIwoCBAEBhEQCgkYkOBMCAwEBCwEBBQEBAQIBBQRthVYMhXABAQE?= =?us-ascii?q?BAxILBgoTAQE3AQ8CAQgRBAEBKwICAjAdCAIEAQkEBQgGFIMFgX5NAx8PAQ6?= =?us-ascii?q?kBAKBOYhidYEygn8BAQWBQ0GDPRiCBQcDBoE4gVOFSoUUGoFBP4ERQ4JNPoJ?= =?us-ascii?q?nAgMBgUcCGhUWgmUygiyRA6ATCoI9g3+CQ4Etj1OCTIg4jw2Bb448dokjkno?= =?us-ascii?q?CBAIEBQIOAQEFgWkiKoEtcBU7gmlQGA2OHYNzhRSFQAF0gSmNGQGBDwEB?= X-IronPort-AV: E=Sophos;i="5.72,340,1580774400"; d="p7s'?scan'208,217";a="745882144" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Apr 2020 15:25:49 +0000 Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 033FPnXP020304 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 3 Apr 2020 15:25:49 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 3 Apr 2020 10:25:49 -0500 Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 3 Apr 2020 11:25:48 -0400 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 3 Apr 2020 10:25:48 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lUSlB0wPy9C93ANhMYd6o5Ddl2z8XwHwk3rwGki2l1wyrOptB7rkiOtPXk1VNHh8iDX/JAuRKYWxfGfW/gI4gmUN4aZRNTIXkFpyp3Yve7nqY1SY6e+ieDMq5DJaI+wJ8PprG0a4e8l9r9eCXvzFBd0QQGX5ubRPeqNrWV/aBO/djUojJc7BSGHVL2O5ThUBQjntKIbg4+hYbez5ynDVGbZXyvWoXi6GeejxOx7Bd4nN8gircXu6x5nq1EgMGrDb/DRm2nptbZSJhRaSGyWBBwOQnUeMedz3h1Tgff5x6Fpi13key5lAdhFfCeHHRqR+nUyKCt3WmxKV1EloTzxH3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cmMy6+gmTYix0IYeYNTaErmFnRcsdzVAd3Lh9M0ycr0=; b=P9iLLscUC3y9xmzB1r//FPqKsXEfYz4oMjaZOgy2n+CRAzLb0yA3fIANerS41PhiH45ujxXePE5+WypynFxjKiwbhIqumRS5U+QpMQkp+WRRg7OMBvGOD6UpSFIo19qxN0xrJI2GKVC8jan1br6411v0xPAm4XX9biyIfHOQ67k/qKd1ugPvLS6ijP3AzpXIQRLVSWeqliq1TG7vO4u2RfRYVqBar1ZEm4VJzoXS0RnRRhEYCZeQiyiimebw5o1rYyBZMiOqACUBi8AV4seyOHM986sLw/fYfh2J5sngUDmFVhklIF7boaKKCEGOKdkKu42DCv8EY8ZJ1l2467MlEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cmMy6+gmTYix0IYeYNTaErmFnRcsdzVAd3Lh9M0ycr0=; b=njngQmR4kB8epYLT4AvxWqJL7ypqMaRmh08KT7wFe79c1PY5rFhtaOvkxAm8P66hxeKDtz7CIKx0+aMgTF1lY1PR+7BMqBbwNjTVvXf0ve3KGaTlhxwEgB0l75HZk7to7NBe8mfwGRNRFIy23AjWcwy5bG/9z1PcPiXLBhEyaL4= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN7PR11MB2788.namprd11.prod.outlook.com (2603:10b6:406:b2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Fri, 3 Apr 2020 15:25:47 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::29d4:9c08:fa95:c26e%7]) with mapi id 15.20.2878.018; Fri, 3 Apr 2020 15:25:47 +0000 From: "Panos Kampanakis (pkampana)" To: LAMPS WG , Michael Richardson CC: Russ Housley , Alexey Melnikov Thread-Topic: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 Thread-Index: AQHWBq3ldHsUPLljAUy1gcBzxWEagKhkKxgAgANc5bA= Date: Fri, 3 Apr 2020 15:25:47 +0000 Message-ID: References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [68.93.142.48] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d84dbc47-c3dd-4ed1-999c-08d7d7e348f5 x-ms-traffictypediagnostic: BN7PR11MB2788: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(366004)(396003)(136003)(376002)(346002)(64756008)(76116006)(71200400001)(66446008)(66556008)(33656002)(86362001)(4326008)(7696005)(6506007)(54906003)(478600001)(53546011)(26005)(66616009)(66946007)(5660300002)(2906002)(186003)(110136005)(99936003)(52536014)(316002)(55016002)(81156014)(66476007)(81166006)(9686003)(8936002)(966005)(8676002)(9326002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: IxQjBym8kvnsF+BDwuMHS4XPP3wG9YtLFoQheBfjCU1VNCCLsMXT0o6akCWBOC0yPYjJ9GNM7fAxm+oBxzFJlmjRyNqeOo6YQ9tg7SV3mwlEMMdepsKNFh3efz0W9ojySaNOkoDVgE/e0J5fKu2O6syuDgC+6Y4bpt6/MGYnpl4apVSZZonrB9C33dEUmWY9fOVx8v+wvaxGVZ0ftE8JwYfMFWCclqwqGKZ11mxaAbYsun7TuZeVcwUKIXMB423D9bprrb08qy6PQZ/M/sLMpYK0L46cVcnwS8L688SCGeB4UvO5jJNwz7uMO8fYRb2+m0cwHZ7Kia9Hsl8yckn+3QoiEDx5ximdS+MQaMYUez5NyBChLbAICLgM7IXibo/MGm1KWB6JK+x1Hk/SfkseQV1Gvn2LFiXvLnKeUiarID+qDFtYxMjxP4YNSqOEvnD6wyoL+lFhAKFX78n+xXQptaUS/TaQlYJoWyU3G5hLpt3kHP+d/ITmoz5/VtdvFt3uV52S7HNsJ3nunCZ4QBlF2A== x-ms-exchange-antispam-messagedata: 8jNREMOjsEAHLjmlwJ3BIZYNy6OPKV2Z1slWmVMNJuAToVJrXUG8ddOMPrSMO/NaeWjYIq8z1MrEmnyYWcnwAlnKOEf47x/+h4K+CLO2cs0igRnxv69BdJXS/IPQ0c5SbEkX6KVLEOGvN9g93xAOHg== x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0067_01D609AA.9E6E7E20" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d84dbc47-c3dd-4ed1-999c-08d7d7e348f5 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 15:25:47.5948 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qJL7+5x6ukN30qG3EQOB5IyaTEp6AOSN5oqjLzaDVtdW1RuYXwfLZNRR4k6O18R0ACTDi4e13TwLBuzsljMsMA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2788 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com X-Outbound-Node: rcdn-core-7.cisco.com Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 15:25:54 -0000 ------=_NextPart_000_0067_01D609AA.9E6E7E20 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0068_01D609AA.9E6E7E20" ------=_NextPart_001_0068_01D609AA.9E6E7E20 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, =20 It is ready imo as well. Two more nits: =20 - CTE and CTE-base64 are not used in the document, so I think they can = be removed.=20 - Make sure you add =E2=80=9CUpdates: 7030=E2=80=9D in the header.=20 =20 Thanks, Panos =20 From: Spasm On Behalf Of Alexey Melnikov Sent: Wednesday, April 01, 2020 7:54 AM To: Russ Housley ; LAMPS WG Subject: Re: [lamps] WG Last Call for = draft-ietf-lamps-rfc7030est-clarify-02 =20 Hi, On 30/03/2020 17:11, Russ Housley wrote: This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. =20 The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ =20 I reviewed the document and it is basically ready, modulo a few minor = things: =20 5.1. CSR Attributes Response Responses to attribute request messages MUST be encoded as the content-type of "application/csrattrs", and are to be "base64" [RFC2045] encoded. I think you should use "[RFC4648] section 4 Base64 encoded" here the = same way you already do in Section 4. I would also ask you to add some text that this is a deviation from HTTP = 1.1 [RFC7231] definition needed for backward compatibility. =20 6.2. Updating section 4.4.2: Server-Side Key Generation Response Replace: If the content-type is not set, the response data MUST be a plaintext human-readable error message. with: If the content-type is not set, the response data must be a plaintext human-readable error message. Servers MAY use the "text/plain" content-type [RFC2046] for human-readable errors. While the new text is not wrong, may I suggest rewording it to something = like: If the content-type is not set or explicitly set to "text/plain", = the response data must be a plaintext human-readable error message. Note that [RFC2046] states that lack of content-type is treated = the same as Content-Type: "text/plain". Basically I am trying to point out that lack of Content-Type is the same = as "text/plain" as specified in RFC 2046, as opposed to something = invented by this document. =20 Best Regards, Alexey ------=_NextPart_001_0068_01D609AA.9E6E7E20 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Hi Michael,

 

It is ready imo as well. = Two more nits:

 

- CTE and CTE-base64 are = not used in the document, so I think they can be removed. =

- Make sure you add =E2=80=9CUpdates: = 7030=E2=80=9D in the header.

 

Thanks,

Panos

 

From: Spasm = <spasm-bounces@ietf.org> On Behalf Of Alexey = Melnikov
Sent: Wednesday, April 01, 2020 7:54 AM
To: = Russ Housley <housley@vigilsec.com>; LAMPS WG = <spasm@ietf.org>
Subject: Re: [lamps] WG Last Call for = draft-ietf-lamps-rfc7030est-clarify-02

 

Hi,

On 30/03/2020 17:11, Russ Housley = wrote:

This is the LAMPS WG =
Last Call for "Clarification of Enrollment over Secure Transport =
(EST): transfer encodings and ASN.1=E2=80=9D =
<draft-ietf-lamps-rfc7030est-clarify-02>.=C2=A0 Please review the =
document and send your comments to the list by 19 April 2020.=C2=A0 This =
is longer than usual to accommodate the vast number of virtual interim =
sessions that are taking place right =
now.
 
The datatracker =
page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarif=
y/

 

I reviewed the document and it = is basically ready, modulo a few minor = things:

 

5.1.  CSR Attributes Response

   = Responses to attribute request messages MUST be encoded as = the
   content-type of "application/csrattrs", = and are to be "base64"
   [RFC2045] = encoded.

I think you should use "[RFC4648] section 4 Base64 = encoded" here the same way you already do in Section 4.

I = would also ask you to add some text that this is a deviation from HTTP = 1.1 [RFC7231] definition needed for backward = compatibility.

 

6.2.  = Updating section 4.4.2: Server-Side Key Generation = Response

   = Replace:

       If the content-type = is not set, the response data MUST be = a
       plaintext human-readable error = message.

   = with:

       If the content-type is = not set, the response data must be = a
       plaintext human-readable error = message.
       Servers MAY use the = "text/plain" content-type = [RFC2046]
       for human-readable = errors.

While the new text is not wrong, may I suggest = rewording it to something = like:

       If the = content-type is not set or explicitly set to "text/plain", the = response data must be a
       = plaintext human-readable error = message.

      Note that = [RFC2046] states that lack of content-type is treated the same as = Content-Type: "text/plain".

Basically I am = trying to point out that lack of Content-Type is the same as = "text/plain" as specified in RFC 2046, as opposed to something = invented by this document.

 

Best = Regards,

Alexey

------=_NextPart_001_0068_01D609AA.9E6E7E20-- ------=_NextPart_000_0067_01D609AA.9E6E7E20 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCDGkw ggNDMIICK6ADAgECAhBf+HsoK1TcjUKjFbVoya3/MA0GCSqGSIb3DQEBBQUAMDUxFjAUBgNVBAoT DUNpc2NvIFN5c3RlbXMxGzAZBgNVBAMTEkNpc2NvIFJvb3QgQ0EgMjA0ODAeFw0wNDA1MTQyMDE3 MTJaFw0yOTA1MTQyMDI1NDJaMDUxFjAUBgNVBAoTDUNpc2NvIFN5c3RlbXMxGzAZBgNVBAMTEkNp c2NvIFJvb3QgQ0EgMjA0ODCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBALCauaunrwp3 p+JxtrRmYpR4iEfGYlWEQDK/wKsupRxx1rxue6iqum7SFYhIRZ2i/IPQzLmM4CZocEp43yEXnvRh BckVyM8W2jVhiZRDqISoMZh4m7lObyxTEmzNHa0rJLsxxCv/g0Rvtj0kdwnqvyqoH2pW9iAPEVSX gXWnJc5ZaoJl77fq5+KNdYtu8t1Ppl5inM8QCmTQTm3OK8xb9WClJ0eNafR/zhtw3nAbINZuzaYB qDwS0qk/oGteu44gi3qR47Vo7qDnxAF0qFMLK0qaD2USDoJNjmP97+ubGttTphNgr8J918dsFyXU c/tHZFCBgJRM4b+uSxzfku0uBd8CAQOjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/ MB0GA1UdDgQWBBQn88gVHm6aAgkWrSugiWBf2nsvqjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG 9w0BAQUFAAOCAQEAnZ2EhKNBqXx3DLdTyk5EUGLvVHzTdRcc6ODGSEu2/kw6GYFWsFbuGZZiqlqj ZMH2TlQzxnf+xRy65V0lyvXwk5qDES7my/h0Rf7nBbir59/LS+E3hNq5i5dwHvDii9ew2A6dsWnW KpF7qUlPfuaOldiDJzzVaEkO1J32LuunvuswpKwfRPyVqzMG+31gCt60imOwnKnypLlTAYfQaKQn f6v/6frJQDiIZ7Q5xoRvV8lT27qO7sBDsvgJg27/Zs8+7xezWBglCTRe48vWFLbs8pJvdOQvgSrV kpHg4Jc8MmgFhUvR91fiUh2TGlSfBXDASnFgHkMLYB7+o86BGeELNTCCBG4wggNWoAMCAQICCmEQ gG0AAAAAAA4wDQYJKoZIhvcNAQEFBQAwNTEWMBQGA1UEChMNQ2lzY28gU3lzdGVtczEbMBkGA1UE AxMSQ2lzY28gUm9vdCBDQSAyMDQ4MB4XDTE0MDQwNDIwMjQxOFoXDTI5MDUxNDIwMjU0MlowLDEO MAwGA1UEChMFQ2lzY28xGjAYBgNVBAMTEUNpc2NvIEVtcGxveWVlIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAyt9+FkxTFfsjVs3GuWUKBJXl3kxFZ4wMxwbgqx9tXzcqe+fto62A fxHI84Lr7p9Q2cm/PaEvuzwRBzXvuKXZUU7ZsPdToJSALCySZa0Qb6GGa19ACpmlUEQakE3P5kz7 RgaNSOMH1+GtY9fV6CcAFb9uB7JDu2UGL332WV2bEsUsfb3rRLBS4cL8Hu2dWfcdk6erMaZCQjkn 04FixlQsJozbPRTQqI4V6iikG/69rDyeTdbVTK+My/9LnwVsD3GBMiRh7RmrvupxtGiMu8j05Is/ d1OifhWecwvjV3Reg9Lok8bMNJEMAped1weTdVS0X4MsAheosJBld9lS5O4idwIDAQABo4IBhzCC AYMwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFJ+VNrSOXdVLwwrBpymTQ1EG/YlRMBkGCSsG AQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB8G A1UdIwQYMBaAFCfzyBUebpoCCRatK6CJYF/aey+qMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93 d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9jcmwvY3JjYTIwNDguY3JsMFAGCCsGAQUFBwEBBEQw QjBABggrBgEFBQcwAoY0aHR0cDovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2NlcnRzL2Ny Y2EyMDQ4LmNlcjBcBgNVHSAEVTBTMFEGCisGAQQBCRUBFQAwQzBBBggrBgEFBQcCARY1aHR0cDov L3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL3BvbGljaWVzL2luZGV4Lmh0bWwwDQYJKoZIhvcN AQEFBQADggEBAD5OviMaRgKNXmvbigI0C2Ob5QE8Jl2McLIk62Be7IqEZC4bWRWjZxrhFuP94E19 RJojKNLttveiH+dEze1t6oYhVCisbGG8+8hlUARAiiqL/J9uGJ71xT6loqkcAK5xphe7STJLSlgT k0w26fcvDeiA6zhdVHnKhVKkpOJWd9MNByFOnCQyDOK+pcNxLU6IN9TwL1ZoRkdFa11QiCX3Oimk 8YhBrVN+VzGGKtbgZ4fYU6uBo3V3vtshyDpHtGkn1e7f9/TWcY26etFzL33dzaZ4lChlw4l3XkLq 6AfCEDF5djpBdiCRjwpBUIIbCSmyESBvA+sL4j8i1vo/uEartrAwggSsMIIDlKADAgECAgoBhhEi QTzquitVMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNVBAoTBUNpc2NvMRowGAYDVQQDExFDaXNjbyBF bXBsb3llZSBDQTAeFw0xOTEyMjAxOTQ5MDJaFw0yMTEyMTkxOTU5MDJaMIGfMSQwIgYDVQQDExtQ YW5vcyBLYW1wYW5ha2lzIChwa2FtcGFuYSkxFDASBgNVBAsTC0Npc2NvIFVzZXJzMRIwEAYDVQQL EwlFbXBsb3llZXMxEzARBgoJkiaJk/IsZAEZEwNjb20xFTATBgoJkiaJk/IsZAEZEwVjaXNjbzEh MB8GCSqGSIb3DQEJAQwScGthbXBhbmFAY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAmIHTLIzoAnuMUiHMx8V+PF9JpAcB7zrNHOY1Vj1R1Vx7ty7m9yo9G991T2n7zHo4 UzF6tnB9NxzQOKCY54oqP5KjVGYOPPo+qZ+2rx1GABzdKUF4LwUUKOTf9uXAtvsvIRUc5J/csShT jcUIvtVmiAzWXWRfMYShjBYBVtx/h8fDqAqfFAzd6HG0TcdsN/BRb9k6QEW1afHjPKlRUaDRELyj nFGJZd2OsUJ7/aKMdFmQFd2CAJYzsuwLYjeqJsuGNzBc/k6mzQPf6FW17nz17G41KReU0UdZf2yZ jvimkwCQ/yW8SVTOcGBP+Zk+Lq5EYEGQMu1qtNK/97bXMc5kuwIDAQABo4IBWjCCAVYwDgYDVR0P AQH/BAQDAgTwMAwGA1UdEwEB/wQCMAAwegYIKwYBBQUHAQEEbjBsMDwGCCsGAQUFBzAChjBodHRw Oi8vd3d3LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY2VydHMvY2VjYS5jZXIwLAYIKwYBBQUHMAGG IGh0dHA6Ly9wa2ljdnMuY2lzY28uY29tL3BraS9vY3NwMB8GA1UdIwQYMBaAFJ+VNrSOXdVLwwrB pymTQ1EG/YlRMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jaXNjb2NlcnRzLmNpc2NvLmNvbS9m aWxlL2NlY2EuY3JsMB0GA1UdEQQWMBSBEnBrYW1wYW5hQGNpc2NvLmNvbTAdBgNVHQ4EFgQUjrl7 6Mrrdw3ZYFiTpZBdtrUm5P4wHwYDVR0lBBgwFgYKKwYBBAGCNwoDDAYIKwYBBQUHAwQwDQYJKoZI hvcNAQELBQADggEBAMhR6xCTygu68lppjWebXTXYznix5961hcmwiJRkPtUIGQ5JQwXyCwq/Juuq yc5ebeq9cQEO5iqyxik/UAQ35BlmKb7SNLi75RtFE/AIZrRsEjTUoO2EtCMQOEMcenWa2XE8fEID BkwzreKeaOchCbDd4L9PvKFht6nDDFtb6VZdWs4ort+J3iFeilVf3oI5MSVi+qroWaFLnLYTQGTn qEjWANfKw3RRBAMdoPCZ+N4eftAk1TWVS08nOsPoKWXtIqX6y0ZPs/EZjBSk57v1TPLpYhEqYGXI oGJlIvzIAfYNoUg8yP8toG5T7x+7hRz0MMUGWcCDsS9PMFxH6SnrUSMxggMNMIIDCQIBATA6MCwx DjAMBgNVBAoTBUNpc2NvMRowGAYDVQQDExFDaXNjbyBFbXBsb3llZSBDQQIKAYYRIkE86rorVTAN BglghkgBZQMEAgEFAKCCAaQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMjAwNDAzMTUyNTQ2WjAvBgkqhkiG9w0BCQQxIgQgky03WybTIsRLqvVgUZLe2hdc9EO2c49K RjPCkmL2dKUwSQYJKwYBBAGCNxAEMTwwOjAsMQ4wDAYDVQQKEwVDaXNjbzEaMBgGA1UEAxMRQ2lz Y28gRW1wbG95ZWUgQ0ECCgGGESJBPOq6K1UwSwYLKoZIhvcNAQkQAgsxPKA6MCwxDjAMBgNVBAoT BUNpc2NvMRowGAYDVQQDExFDaXNjbyBFbXBsb3llZSBDQQIKAYYRIkE86rorVTCBoAYJKoZIhvcN AQkPMYGSMIGPMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUD BAECMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDALBglghkgBZQMEAgEwCwYJKoZIhvcN AQEKMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEA Y/noncm+M4YvtfqapxyK5HW5h7ZsGlpqVwfnRsrx8byp9Y5TSkbwkE5oF2yla7ryk4eGxZUfBkZM 4iXxVswJBZukHXMRYqJOEaFjMk7270kvXA1EVubQqFnQ6OTtP8aP3WIUIzyqflhcqdKqq0FYPo9R o3V2CjKuuSf2qwqJl3d8z60sGV732uhQeLlhhc/O70Ljzi3XLxTvBAZB/X3jPkp7bztywhnLpxvB wbOHOvpZZ4dcDvTHkZtvjz0jrpFsIcmzy3Gjsn0WHHlq+dSxwfQlTgEgXopQTmKRs+ZursI8pSpO Pj/6cGWEuPby5qo8aQwThDBetdPGZrDUULfsUQAAAAAAAA== ------=_NextPart_000_0067_01D609AA.9E6E7E20-- From nobody Fri Apr 3 10:09:11 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D30C3A08E4 for ; Fri, 3 Apr 2020 10:09:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2tMvLLxqoew for ; Fri, 3 Apr 2020 10:09:08 -0700 (PDT) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2080.outbound.protection.outlook.com [40.107.22.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A5793A08ED for ; Fri, 3 Apr 2020 10:09:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZP/xkEOAyG6Q3Hy8GU6xITI2hiwixEKyC9IeTY9L4sMtyKmq5gq6Li+Rxux4d+bQOTfyYouML6m6310zZoegB33dQ5Xp4ZJfv6Iepar/4Tb1+rNsFjMnBMA0U6fJDQm8WlKUsxiJgN1nLUIBgObdogS13PHxlc5XnSNYwp8UtapnUZJ9/PP3bDqAjXcWvvj4XEkBNq+eqzZPnq4Q4p1DbwUNGZBA2kmDiJ0vHzONRhJ9fPWRpj+YOKo3shP0qTqquoR6fUmQE6otHhqBDEgCeF+TQA6JxsmVR1aYYh5j9hG1a3fGF8+R8J7mUUoWkwuW4VDNWKdhEuyP7vFhExoxVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DYhoK7uFlDMLuPNJtWAco86RTGRd9ORRWg1E3wsh8dc=; b=WUhsd/MspQuHUhNIxk4WaUkM4LJIjYNfcN0NdLiPqUh9XeyfyW+b91asOvbrKc0G1WiOYKZmJVUMc8ZoVEkNCpJ+8AJb6Vn6CVBlwAu6WSFIC1yfoNVSwNY702wsMUsw3ffPcagvPaR5k2a9GVwv94PfC3A9Aiae/L3Jyb8hL0uaK5/Hr6VACsE3mqMl6T2MV1QGTGim6f2GvgMs0GupGGs6/hGPYde26RJmzSlQgwZoY/yXeJBb3ec5tetGsN1mkS45t2bICaEPZf1BxREOJ1IuauLLHJfhnq3HrJ3grJdHAW1oYm/Mu+4fT0WVDJBmEzbB9OgEm92hhK9TmdsA9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DYhoK7uFlDMLuPNJtWAco86RTGRd9ORRWg1E3wsh8dc=; b=H5qPU3MyNFTXPk5dJmL7ur4Q1qXDGItcejxFgi0FJ1vpouvoIUqwscJ1aNyNa4PXLxBXFlZO0XJfXz4VKhbVrGU2MOnp+izxlxe6yqSW9yfguyhRVDdexV+qHfcAIwLO0vi5wm5GUUfhfdJQaogxClFp7Rhml6l/i1UHmZ50GHI= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2660.EURPRD10.PROD.OUTLOOK.COM (20.178.202.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Fri, 3 Apr 2020 17:09:05 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2878.018; Fri, 3 Apr 2020 17:09:05 +0000 From: "Brockhaus, Hendrik" To: Russ Housley , Jim Schaad CC: LAMPS WG Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 Thread-Index: AQHWB4bFMhO5m425TEKdhUD7XSYtoahlkObwgAIUXKA= Date: Fri, 3 Apr 2020 17:09:05 +0000 Message-ID: References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.169] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 66d1d27d-3245-4126-384a-08d7d7f1b6ed x-ms-traffictypediagnostic: AM0PR10MB2660: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(396003)(346002)(366004)(39860400002)(376002)(26005)(6506007)(4326008)(76116006)(66946007)(316002)(71200400001)(186003)(478600001)(81166006)(8676002)(81156014)(33656002)(86362001)(7696005)(55236004)(110136005)(9686003)(8936002)(4744005)(66556008)(64756008)(66446008)(5660300002)(52536014)(2906002)(55016002)(66476007); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bZUGEQRz3833SCl04jiquVhr6LIyIutTJrEux+hx1mFTHneqwtK8/K2F5B71PZmWT27bQdEPLGYSS4jhga1nxp3ffTnkExGnlT9ZcohVeGtdd4QqI56E/XxobEvuOHl5d3+Sf4Fv9YdlHIxZAFb5yDVNIGXTiG33m2P97gv+PlmuK67g0r7rGsBB6Zcwwhq8BAEKuhYvnDS8PBmV7rKMmti3YjxrALeSpSkimYeyYK+1038xT3xpWk9NlOyNS+F+It7+tXSnixYGCBf0GoW2E+yHT/f1zjjY2MJLTcb2JWSZFKiOCa92DcIhAKi9L1a8Uze/dKQd+HZ8q4oW1arFyglGED0tbrg7CdtHjXy7WyOcKLPUIiiRMAJBp5ecONwyrFNfAEf+047QX6Gejslh9Z+5lFVDmPKrT4nA3DC//5eyRRRNdca20432DFrGFSQX x-ms-exchange-antispam-messagedata: A/xr3A2lZrs9PZmGGQZtsaiIYL0cDvJTzjEYobnNgoObLPObdcrdSOqF81ablO5dKaRK9IE9Hg/U3N32R1JxM5FJOmoESM8k8sgkeTQuZ6+PA0wo8Ei8faGvCVlh77CUD+0S+vIC3BqUN44iN3HQMA== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 66d1d27d-3245-4126-384a-08d7d7f1b6ed X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 17:09:05.1404 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bFs4Y5o27TIdURk2MixVdgR8nCDWChMZVGTnbKIYm3vqtifHQUCpvW1XG78BjUE92rDND67b38PAOMlRS3B2t6ae6W0zWKDvyoa3reJzMvY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2660 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 17:09:10 -0000 > Von: Spasm Im Auftrag von [ext] Brockhaus, > Hendrik >=20 > In EnvelopedData there are only ktri, kari, and kekri mandatory and pwri = is only > optional. May be this is a reason why I did not look deeper into pwri.. F= rom its > specification in RFC5652 pwri looks fairly what I tried to specify using > PBMParameters. I was a bit confused that RFC5652 refers to RFC3211 for > further specification of PasswordRecipientInfo Type even thou RFC3211 is > obsoleted by RFC3370. Should I use the PasswordRecipientInfo Type from > RFC3211 and the keyDerivationAlgorithm PDKDF2 from RDC3370 then? >=20 > Below I updated my approach using KEKRecipientInfo using an adapted > AlgorithmID like I understood Russ's feedback. >=20 > @Jim, Russ, what would you recommend? Should I follow KEKRecipientInfo or > swich to using PasswordRecipientInfo? >=20 After checking some libraries it looks like pwri is well supported. What do you recommend?=20 Hendrik From nobody Fri Apr 3 10:41:06 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011353A0998 for ; Fri, 3 Apr 2020 10:41:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S75_kqqXAuQ1 for ; Fri, 3 Apr 2020 10:41:03 -0700 (PDT) Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6AC23A098D for ; Fri, 3 Apr 2020 10:41:03 -0700 (PDT) Received: by mail-il1-x12f.google.com with SMTP id t6so8054653ilj.8 for ; Fri, 03 Apr 2020 10:41:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=A4xZg8elubH8doCyibqcwHoq+i6jQLn5HtwwbbZUwHo=; b=tfq+rRLMi0qCpPJ1AYWR2WYPsokMzOxGlsRi52d18vyyD/ndK99WuYRvpXl8fUgpLG NrX4qtV6OU27L36af+RYAXXGfcNYpJYPg+bR0DnELOCZvsFd1jv04vTG40jAOsm6xBxG p/KC2mRu64l/0sR2Yb3O+hgyn0dc5OGeoAnYXb/ICRLcTv3sUHQM9O9lOzD43Pl+mole xdeqOSxDvidJEGEgMyOwJjKC5BI+zg2dFNvdyrVbTNkMNQaIFCfeniFvzGJGDEI30JgK LBNou6XwScauUg6SUkxsu1pNzEax+JPhb8wdl7W5l0s1VQBVrk9S8Dgwpiy2dFwu9EJ1 nWwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=A4xZg8elubH8doCyibqcwHoq+i6jQLn5HtwwbbZUwHo=; b=HVHStelfWZOR7JDtgUUXNkphErptxfhaiH7erAzjiuNGNU1z+wTZhqlFcigZ2ip9jy wUK4DmxeEd7bUOLr+AGCaGNsZZ0KYY8DgyFYwzSwvKwRcdYUai4/bFiNl9WIVYnemUuk tLMK2uX00ld2k76C/0wIhNImDA/eNgyQaBf2HG9oblzgluAYhYAnYLVZ2XbTG18Ewg7o e2kJFzn27C1ldCy2VvAbjvQny1f+l5sOdDu0Z21SptE1YhKrro13K6pZu00Zl+68/h8Z O235skuzLZIqv2gK971gnGmpliood8NXQBbCCN7tlBRvZe+7BvEqLw9hCbsitZHZla2E BJcw== X-Gm-Message-State: AGi0Pua7uDaOlN+ruWRfit7XRIIUX6ra5rG9MuW+EsGUpsgwdepQRMTE dupar7ynkwUAtGIc2EF+gr+prKMRB3yFgD+CRzI= X-Google-Smtp-Source: APiQypKTW7Jzmtnv2xHZaOvPwoQF0hW5f4/aMI4aPWHpzl2rnhiRQCsQ15rb50Gft9vVE8C92KwNUEghLSOQbjzxxnA= X-Received: by 2002:a92:77c2:: with SMTP id s185mr9679896ilc.297.1585935662967; Fri, 03 Apr 2020 10:41:02 -0700 (PDT) MIME-Version: 1.0 References: <4ED41D6F-1E97-4DCC-ABEB-9E81B18EEB18@vigilsec.com> <50146CE7-F096-4931-8B2A-7A180FDB80AB@vigilsec.com> <10DD95F6-3829-4AFC-B463-E8289AE3936F@akamai.com> <9600E759-3C31-428A-B79B-F5E37D183D7F@vigilsec.com> In-Reply-To: <9600E759-3C31-428A-B79B-F5E37D183D7F@vigilsec.com> From: Mohit Sahni Date: Fri, 3 Apr 2020 10:40:52 -0700 Message-ID: To: Russ Housley Cc: Rich Salz , "spasm@ietf.org" Content-Type: multipart/alternative; boundary="000000000000d3f00c05a2666b71" Archived-At: Subject: Re: [lamps] Request for adopting draft-msahni-lamps-ocsp-nonce by the LAMPS WG (RFC6960: Issue with the OCSP Nonce extension) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 17:41:05 -0000 --000000000000d3f00c05a2666b71 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Russ Can you please suggest what are the next steps? Thanks Mohit On Thu, Mar 19, 2020 at 10:15 AM Russ Housley wrote: > > > On Mar 19, 2020, at 12:04 PM, Salz, Rich wrote: > > The DER encoding doesn=E2=80=99t change, right? > > > Correct! > > > Sure, this seems like a small simple thing to do, right in our charter. > > One sentence =E2=80=9Cthis assigns a maximum size to the Nonce extension= =E2=80=9D would be > nice. > > > +1 > > Russ > > --000000000000d3f00c05a2666b71 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Russ
Can you please suggest what a= re the next=C2=A0steps?=C2=A0

Thanks
Moh= it=C2=A0

On Thu, Mar 19, 2020 at 10:15 AM Russ Housley <housley@vigilsec.com> wrote:


On Mar 19, = 2020, at 12:04 PM, Salz, Rich <rsalz@akamai.com> wrote:

The DER encoding doesn=E2=80=99t change, right?
<= /div>

Correct!
=C2=A0
Sure, this seems like a small simple = thing to do, right in our charter.
=C2=A0
One sentence =E2=80=9Cthis assigns a maximum = size to the Nonce extension=E2=80=9D would be nice.

+1

Russ

--000000000000d3f00c05a2666b71-- From nobody Fri Apr 3 11:32:32 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9743D3A0A0B for ; Fri, 3 Apr 2020 11:32:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdj0CGmMnsbL for ; Fri, 3 Apr 2020 11:32:28 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8524B3A087E for ; Fri, 3 Apr 2020 11:32:28 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 Apr 2020 11:32:18 -0700 From: Jim Schaad To: "'Brockhaus, Hendrik'" , 'Russ Housley' CC: 'LAMPS WG' References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> In-Reply-To: Date: Fri, 3 Apr 2020 11:32:16 -0700 Message-ID: <02c901d609e6$35b10510$a1130f30$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQNhRrnmv33t/2Sr7YaWbY/Lpvmy6AFP/5fqAZ4rFailOc0isA== Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 18:32:31 -0000 If there is good support, and perhaps even if there is not, for password recipient info I think you are going to be better off using that. The reason for this is that it is likely that the existing PRI will already implement the password based KDF that you want to use, even if that changes in the future, while the KEK version would need to be added as part of every new algorithm update. Jim -----Original Message----- From: Brockhaus, Hendrik Sent: Friday, April 3, 2020 10:09 AM To: Russ Housley ; Jim Schaad Cc: LAMPS WG Subject: AW: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 > Von: Spasm Im Auftrag von [ext] Brockhaus, > Hendrik > > In EnvelopedData there are only ktri, kari, and kekri mandatory and > pwri is only optional. May be this is a reason why I did not look > deeper into pwri.. From its specification in RFC5652 pwri looks fairly > what I tried to specify using PBMParameters. I was a bit confused that > RFC5652 refers to RFC3211 for further specification of > PasswordRecipientInfo Type even thou RFC3211 is obsoleted by RFC3370. > Should I use the PasswordRecipientInfo Type from > RFC3211 and the keyDerivationAlgorithm PDKDF2 from RDC3370 then? > > Below I updated my approach using KEKRecipientInfo using an adapted > AlgorithmID like I understood Russ's feedback. > > @Jim, Russ, what would you recommend? Should I follow KEKRecipientInfo > or swich to using PasswordRecipientInfo? > After checking some libraries it looks like pwri is well supported. What do you recommend? Hendrik From nobody Fri Apr 3 12:09:07 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 161453A011D for ; Fri, 3 Apr 2020 12:09:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aZkc-oL8ouc0 for ; Fri, 3 Apr 2020 12:09:00 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C64A73A0418 for ; Fri, 3 Apr 2020 12:08:04 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 42155300ABB for ; Fri, 3 Apr 2020 15:08:02 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id U2u19nkJ-kBZ for ; Fri, 3 Apr 2020 15:08:00 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id C0D2C300AA0; Fri, 3 Apr 2020 15:08:00 -0400 (EDT) From: Russ Housley Message-Id: <31D4999F-9ACA-4CEC-BD5E-88EC1593814B@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_8F0B0FA9-0A85-4979-9906-89A891ED38A0" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Fri, 3 Apr 2020 15:08:02 -0400 In-Reply-To: Cc: "spasm@ietf.org" To: Mohit Sahni References: <4ED41D6F-1E97-4DCC-ABEB-9E81B18EEB18@vigilsec.com> <50146CE7-F096-4931-8B2A-7A180FDB80AB@vigilsec.com> <10DD95F6-3829-4AFC-B463-E8289AE3936F@akamai.com> <9600E759-3C31-428A-B79B-F5E37D183D7F@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] Request for adopting draft-msahni-lamps-ocsp-nonce by the LAMPS WG (RFC6960: Issue with the OCSP Nonce extension) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:09:05 -0000 --Apple-Mail=_8F0B0FA9-0A85-4979-9906-89A891ED38A0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Please post and updated I-D with the suggestions that you have received. = Once it is there, I will issue a call for adoption. Russ > On Apr 3, 2020, at 1:40 PM, Mohit Sahni wrote: >=20 > Hi Russ > Can you please suggest what are the next steps?=20 >=20 > Thanks > Mohit=20 >=20 > On Thu, Mar 19, 2020 at 10:15 AM Russ Housley > wrote: >=20 >=20 >> On Mar 19, 2020, at 12:04 PM, Salz, Rich > wrote: >>=20 >> The DER encoding doesn=E2=80=99t change, right? >=20 > Correct! > =20 >> Sure, this seems like a small simple thing to do, right in our = charter. >> =20 >> One sentence =E2=80=9Cthis assigns a maximum size to the Nonce = extension=E2=80=9D would be nice. >=20 > +1 >=20 > Russ >=20 --Apple-Mail=_8F0B0FA9-0A85-4979-9906-89A891ED38A0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Please post and updated I-D with the suggestions that you = have received.  Once it is there, I will issue a call for = adoption.

Russ


On Apr = 3, 2020, at 1:40 PM, Mohit Sahni <mohit06jan@gmail.com> wrote:

Hi Russ
Can you = please suggest what are the next steps? 

Thanks
Mohit 

On Thu, Mar = 19, 2020 at 10:15 AM Russ Housley <housley@vigilsec.com> wrote:


On Mar = 19, 2020, at 12:04 PM, Salz, Rich <rsalz@akamai.com> wrote:

The = DER encoding doesn=E2=80=99t change, = right?

Correct!
 
Sure, = this seems like a small simple thing to do, right in our charter.
 
One= sentence =E2=80=9Cthis assigns a maximum size to the Nonce extension=E2=80= =9D would be nice.

+1

Russ


= --Apple-Mail=_8F0B0FA9-0A85-4979-9906-89A891ED38A0-- From nobody Fri Apr 3 12:10:22 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC173A040A for ; Fri, 3 Apr 2020 12:10:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zK2ZtjvGIiQS for ; Fri, 3 Apr 2020 12:10:13 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A132C3A0101 for ; Fri, 3 Apr 2020 12:09:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C7698300B13 for ; Fri, 3 Apr 2020 15:09:52 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1stk5BPxjUzA for ; Fri, 3 Apr 2020 15:09:51 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 62521300AA0; Fri, 3 Apr 2020 15:09:51 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: <02c901d609e6$35b10510$a1130f30$@augustcellars.com> Date: Fri, 3 Apr 2020 15:09:52 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> <02c901d609e6$35b10510$a1130f30$@augustcellars.com> To: "Brockhaus, Hendrik" X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:10:20 -0000 Yes, I think that pwri is a better fit. Russ > On Apr 3, 2020, at 2:32 PM, Jim Schaad wrote: >=20 > If there is good support, and perhaps even if there is not, for = password > recipient info I think you are going to be better off using that. The > reason for this is that it is likely that the existing PRI will = already > implement the password based KDF that you want to use, even if that = changes > in the future, while the KEK version would need to be added as part of = every > new algorithm update. >=20 > Jim >=20 >=20 > -----Original Message----- > From: Brockhaus, Hendrik =20 > Sent: Friday, April 3, 2020 10:09 AM > To: Russ Housley ; Jim Schaad = > Cc: LAMPS WG > Subject: AW: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, = section > 5.1.6.1 >=20 >=20 >> Von: Spasm Im Auftrag von [ext] Brockhaus,=20= >> Hendrik >>=20 >> In EnvelopedData there are only ktri, kari, and kekri mandatory and=20= >> pwri is only optional. May be this is a reason why I did not look=20 >> deeper into pwri.. =46rom its specification in RFC5652 pwri looks = fairly=20 >> what I tried to specify using PBMParameters. I was a bit confused = that=20 >> RFC5652 refers to RFC3211 for further specification of =20 >> PasswordRecipientInfo Type even thou RFC3211 is obsoleted by RFC3370.=20= >> Should I use the PasswordRecipientInfo Type from >> RFC3211 and the keyDerivationAlgorithm PDKDF2 from RDC3370 then? >>=20 >> Below I updated my approach using KEKRecipientInfo using an adapted=20= >> AlgorithmID like I understood Russ's feedback. >>=20 >> @Jim, Russ, what would you recommend? Should I follow = KEKRecipientInfo=20 >> or swich to using PasswordRecipientInfo? >>=20 >=20 > After checking some libraries it looks like pwri is well supported. > What do you recommend?=20 >=20 > Hendrik >=20 From nobody Fri Apr 3 12:16:46 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6B8D3A0784 for ; Fri, 3 Apr 2020 12:16:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pnnsB7A7zQA6 for ; Fri, 3 Apr 2020 12:16:43 -0700 (PDT) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2047.outbound.protection.outlook.com [40.107.20.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4B03A0776 for ; Fri, 3 Apr 2020 12:16:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b5F4SrIUHFBi9aSCKHTgmo2ZBYVIXkL2r6Ep8h6vbFU0XNAXhR2A7S7VLOQ+4k5g6f4skJSq/qzHQYskRc2xrtfGGG20ze3vqJjzT3i1TAYXvZyNn56L3yBsE/i3YMZMpzfQZ2a2KPY6NTwbNt1EmCDahpypxPKfq0nTES5csG5y15sBuf2/xV9UPMv53Kq7GuexcL2CGvfrOIX/yxjGFAwdPG83aUfHoEXsgZ6e0+x56PpvrhoMPxX7iPj844hU70ON9Vj8e/dvZNkBUMBuQ5u9F5Agyb32/1o6tF2dC0UaaFkouKXHwx+DjVzCXL0+siuo8dzOxviEogoXGLGIZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MtkqcHP7tM1GfRpLwQU/I2NtHhuq/l3enE/9jhH+hhc=; b=JOF4nd02sCLdjtGsKUOD3nU4ZwEJqF2cJYY1MpOfGhPjVaVvY5WNKwSvAAIa/A0JVxOXSWX/wuDEGqXP8mQ+Ipvl4WpVq9YJrgIu32IIHvdbmgjkbCbpsLjKd969RcyNmrOU+KBUMNVm48gs6413B3gvgU/3WBzP0Z677RF0XvFaNosb1SlAKGXNiVB+M0DhnKq3L+x+mZJqdy/rsJ2zT5WmPMnauUgNyL2Btzf2TROzZZCjzCmUwyY3VKJ7PIE6NPfoTQFHauecDjWQ1JJDzqTJWO89FML44JOxlhgQGrFKdqzE7lEsovslasqJBL1MdKzQ2/wOpjbsJVVYkhrbEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MtkqcHP7tM1GfRpLwQU/I2NtHhuq/l3enE/9jhH+hhc=; b=f6tl1VkA9MyQ5p9YO+9byYJ9ZmVoGm3J2drzeTfAJdgFEgFJAG9Z5wbT8kz3oNlwszIwAIeDC0KgQEKomFJxCp9ZpLmQqmFPp+ohdGfv97Ivr+bODG5n79yr8viIJcPhcJRMfx9suL/x4nuRmySreM0Gy5YgKd8M2oJvSr+z6HE= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2209.EURPRD10.PROD.OUTLOOK.COM (20.177.110.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Fri, 3 Apr 2020 19:16:34 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2878.018; Fri, 3 Apr 2020 19:16:34 +0000 From: "Brockhaus, Hendrik" To: Russ Housley , Jim Schaad CC: LAMPS WG Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 Thread-Index: AQHWB4bFMhO5m425TEKdhUD7XSYtoahlkObwgAIUXKCAABgWAIAACoIAgAAA2eA= Date: Fri, 3 Apr 2020 19:16:33 +0000 Message-ID: References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> <02c901d609e6$35b10510$a1130f30$@augustcellars.com> <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> In-Reply-To: <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.169] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 3d20bf8a-d0ae-4304-942b-08d7d8038609 x-ms-traffictypediagnostic: AM0PR10MB2209: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(366004)(39860400002)(376002)(346002)(396003)(81166006)(71200400001)(2906002)(33656002)(81156014)(55236004)(4744005)(53546011)(7696005)(9686003)(8676002)(4326008)(8936002)(6506007)(55016002)(66946007)(76116006)(64756008)(66556008)(110136005)(5660300002)(26005)(66476007)(52536014)(86362001)(316002)(66446008)(478600001)(186003); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: fbob9Vkht6s6i4rODiUHkuF4DhYmQ95P0UBtCDjAESLxTHshIOmWO0nUkucKv/5aox1wZ3xtoprD6Sr9y3LeRd2e5Ow5X3yQcnwzBFwtb2ykC8CN8ye8kyWhy/W3uOv+qmC1IdMF+L0hczrsKiYnWFJKah2IheQZ3QAtWpRF1+Qq5LQZUsGejeG0eoMxXXUuXo+nrt4VCCdYBaaduaphIpHMpU2ilYmw2w3NCGyVOL1/ig+1/XCDLPbB8fBS5msDotl2njH46XHcxBpiU0Z9MoG+1vfGfBc88LgSQomhgh1wGn+SW7XBS3Ped/dHC1EBDpgQ0zIQChkHY7O8vwTeKyttaKBoGqrrer+j9jkcA1v8CyQdx0anfC16Pj6RDbdwlSU8v+L0TYXRbTAThqbQxoIRH8H4F14Bfh+eNkVC1aOTVmn4ueebPmO5UnyxPtDc x-ms-exchange-antispam-messagedata: OJ46pXXpc6E3UbowPei5lxClCqrGSRoJa+VVa7FQZn+54H4YOo0cYDeY9rJgISU4dTCZkEd0Bj7c+xQnlILOzxsM2rYwl79rnIVugNgfZXGR9laiDxu/VeZjG7vhZNfK8ym998F5Mw1x98ibWLkW8Q== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3d20bf8a-d0ae-4304-942b-08d7d8038609 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 19:16:34.0611 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /pS8YII9ddKnfi8q4JMuYBMyM4jMKj0InJ/BUAY8h+U+LQ8rnMDU+oCZXK+1PcTzj3bdl43vs38o9Qxb4PT1xeS7caULBxdsipmSdFNw+qA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2209 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:16:45 -0000 > Von: Russ Housley >=20 > Yes, I think that pwri is a better fit. >=20 > Russ >=20 >=20 > > On Apr 3, 2020, at 2:32 PM, Jim Schaad wrote: > > > > If there is good support, and perhaps even if there is not, for > > password recipient info I think you are going to be better off using > > that. The reason for this is that it is likely that the existing PRI > > will already implement the password based KDF that you want to use, > > even if that changes in the future, while the KEK version would need > > to be added as part of every new algorithm update. > > > > Jim Thanks!=20 I will update the draft accordingly. > >> Von: Spasm Im Auftrag von [ext] Brockhaus, > >> Hendrik > >> > >> Should I use the PasswordRecipientInfo Type from > >> RFC3211 and the keyDerivationAlgorithm PDKDF2 from RFC3370 then? Is this the way forward to use pwri? Hendrik From nobody Fri Apr 3 12:41:03 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A3D3A07EC for ; Fri, 3 Apr 2020 12:41:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4eYlSyNIjC6F for ; Fri, 3 Apr 2020 12:41:00 -0700 (PDT) Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 200BD3A07E8 for ; Fri, 3 Apr 2020 12:41:00 -0700 (PDT) Received: by mail-io1-xd33.google.com with SMTP id y17so6748486iow.9 for ; Fri, 03 Apr 2020 12:40:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=k8vtRVBecQxP9CSTSF3yhJaBslUTqpAzD6UhTbWlXaY=; b=TsJ9FSbJ81TBesTVLqHZRDHpK4E8fCc53DbENUGfD7N+Yd/PX62mQ1IBE88pFD3O09 ocFT2+uDEvU2tQRtfhdqbPb3eEzfJxhlVxFo9JNC8GFWCmq0w3j2EGqmv9TKkRkZ53vR lRXCXw4+ORdhuo1w7Xt0vUpuNGeFk5rOuSbLrYY9H6puOK6JcbuBrEwendBXS+kOyTk0 46QwFRoIddROHl45Lf4fRF4FEegaaQRHzBzk/Nm5Gnpn8X230jll1Mn7yQBINvfLAHje m9jICmk4aLFEpkBdWgWShGIU5+iZHaSe66DnIvtg74joAWlXtGLKWCBtuKj65n9IByxN 8dRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k8vtRVBecQxP9CSTSF3yhJaBslUTqpAzD6UhTbWlXaY=; b=s5g9cMMVPXsn9F7nxcgzymR/fBcWbkN5gcxLXtwUrglep9xVsE5DpmO6Mdo6E/wPml Zao2lyKIPwRM2ti/bqBnhDED8mffi1pc1We/3qtKd9vODmnsHN38wpv6snVLRHom6Cbx as/BX9PgIjLrQ+Yog1NqKFJQrNN5o4bsUgUZYnBKVBIqLOjJuqYtcrT4ReVUldAUkw5e me0S2uiZ4kVwdVPEVcYcdTsJiSJ7JXaLnuOJ5drDkbSCaDoUp98UP7WGbiKmAfpzwXHw jsegWjzt02U9ZZXtm8Ju3UspERbRV5iMudQV+Xmg0qXCUQKA9al52ZtqXUtqOK63Hq+F a54A== X-Gm-Message-State: AGi0PubEQXv0i7Q5kjoaKPD4he46bVjdgjfbwp5z8SAh++oBJTHR9jQY XlqUMsYXd2e62g2Khh9AtfbEsjFuB7vp9eBDlUk1DtiD X-Google-Smtp-Source: APiQypIMwF4jQr//Bi0lWHAr1buKzkuHQi7rlldB4Ofuut0Phy2AgLl6op4HBSMHlESKM5+uMGa6L94bwfwMfXrSg+w= X-Received: by 2002:a5e:9402:: with SMTP id q2mr9061754ioj.124.1585942859058; Fri, 03 Apr 2020 12:40:59 -0700 (PDT) MIME-Version: 1.0 References: <4ED41D6F-1E97-4DCC-ABEB-9E81B18EEB18@vigilsec.com> <50146CE7-F096-4931-8B2A-7A180FDB80AB@vigilsec.com> <10DD95F6-3829-4AFC-B463-E8289AE3936F@akamai.com> <9600E759-3C31-428A-B79B-F5E37D183D7F@vigilsec.com> <31D4999F-9ACA-4CEC-BD5E-88EC1593814B@vigilsec.com> In-Reply-To: <31D4999F-9ACA-4CEC-BD5E-88EC1593814B@vigilsec.com> From: Mohit Sahni Date: Fri, 3 Apr 2020 12:40:48 -0700 Message-ID: To: Russ Housley Cc: "spasm@ietf.org" Content-Type: multipart/alternative; boundary="000000000000bf931905a2681895" Archived-At: Subject: Re: [lamps] Request for adopting draft-msahni-lamps-ocsp-nonce by the LAMPS WG (RFC6960: Issue with the OCSP Nonce extension) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:41:02 -0000 --000000000000bf931905a2681895 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Russ I have update the internet draft, the link is: https://datatracker.ietf.org/doc/draft-msahni-lamps-ocsp-nonce/ Thanks Mohit On Fri, Apr 3, 2020 at 12:08 PM Russ Housley wrote: > Please post and updated I-D with the suggestions that you have received. > Once it is there, I will issue a call for adoption. > > Russ > > > On Apr 3, 2020, at 1:40 PM, Mohit Sahni wrote: > > Hi Russ > Can you please suggest what are the next steps? > > Thanks > Mohit > > On Thu, Mar 19, 2020 at 10:15 AM Russ Housley > wrote: > >> >> >> On Mar 19, 2020, at 12:04 PM, Salz, Rich wrote: >> >> The DER encoding doesn=E2=80=99t change, right? >> >> >> Correct! >> >> >> Sure, this seems like a small simple thing to do, right in our charter. >> >> One sentence =E2=80=9Cthis assigns a maximum size to the Nonce extension= =E2=80=9D would >> be nice. >> >> >> +1 >> >> Russ >> >> > --000000000000bf931905a2681895 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi=C2=A0Russ
I have update the internet draft, the lin= k is:=C2=A0

Thanks
Mohit=C2=A0

On Fri, Apr 3, 2020 at 12:08 PM Russ Housley <housley@vigilsec.com> wrote:
Please post and updated I-D with the suggestions that you have receive= d.=C2=A0 Once it is there, I will issue a call for adoption.

=
Russ


On Apr 3, 2= 020, at 1:40 PM, Mohit Sahni <mohit06jan@gmail.com> wrote:


--000000000000bf931905a2681895-- From nobody Fri Apr 3 12:41:15 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65A93A0852 for ; Fri, 3 Apr 2020 12:41:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4_D7n0rUjQaE for ; Fri, 3 Apr 2020 12:41:06 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC0D33A0814 for ; Fri, 3 Apr 2020 12:41:05 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 Apr 2020 12:40:59 -0700 From: Jim Schaad To: "'Brockhaus, Hendrik'" , 'Russ Housley' CC: 'LAMPS WG' References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> <02c901d609e6$35b10510$a1130f30$@augustcellars.com> <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> In-Reply-To: Date: Fri, 3 Apr 2020 12:40:57 -0700 Message-ID: <02d001d609ef$cdf81670$69e84350$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQNhRrnmv33t/2Sr7YaWbY/Lpvmy6AFP/5fqAZ4rFagCP+VNPAHq5nWSAWyOdyWlDSSrwA== Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:41:12 -0000 -----Original Message----- From: Brockhaus, Hendrik Sent: Friday, April 3, 2020 12:17 PM To: Russ Housley ; Jim Schaad Cc: LAMPS WG Subject: AW: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 > Von: Russ Housley > > Yes, I think that pwri is a better fit. > > Russ > > > > On Apr 3, 2020, at 2:32 PM, Jim Schaad wrote: > > > > If there is good support, and perhaps even if there is not, for > > password recipient info I think you are going to be better off using > > that. The reason for this is that it is likely that the existing > > PRI will already implement the password based KDF that you want to > > use, even if that changes in the future, while the KEK version would > > need to be added as part of every new algorithm update. > > > > Jim Thanks! I will update the draft accordingly. > >> Von: Spasm Im Auftrag von [ext] Brockhaus, > >> Hendrik > >> > >> Should I use the PasswordRecipientInfo Type from > >> RFC3211 and the keyDerivationAlgorithm PDKDF2 from RFC3370 then? Is this the way forward to use pwri? [JLS] The structure is the same in both 3211 and 5652. I don't think it matters from that point which you refer to. If you want to refer to implementation details then 3211 is correct. Yes 3370 for PDKDF2 makes sense. You may also want to look at Argon2 as well even though I don't know if it has been fully specified yet. Hendrik From nobody Fri Apr 3 12:50:02 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C3B3A0926 for ; Fri, 3 Apr 2020 12:50:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FA7sK4b4iTmY for ; Fri, 3 Apr 2020 12:49:59 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9706C3A0921 for ; Fri, 3 Apr 2020 12:49:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2F374300B59 for ; Fri, 3 Apr 2020 15:49:57 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id j_PBZBFHaHIp for ; Fri, 3 Apr 2020 15:49:55 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id ADFF2300AE1; Fri, 3 Apr 2020 15:49:55 -0400 (EDT) From: Russ Housley Message-Id: <27E5EF00-2A37-4001-9CFD-651F27DF78AE@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_353B93C7-0C59-4F9A-9B2A-83852F0DF241" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Fri, 3 Apr 2020 15:49:57 -0400 In-Reply-To: Cc: Jim Schaad , LAMPS WG To: "Brockhaus, Hendrik" References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> <02c901d609e6$35b10510$a1130f30$@augustcellars.com> <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:50:01 -0000 --Apple-Mail=_353B93C7-0C59-4F9A-9B2A-83852F0DF241 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Apr 3, 2020, at 3:16 PM, Brockhaus, Hendrik = wrote: >=20 >>>> PDKDF2 You mean PBKDF2, right? Look at RFC 8018. If specifies the algorithm identifiers for PBKDF2 = with SHA-256, SHA-384, SHA-512, ... Russ= --Apple-Mail=_353B93C7-0C59-4F9A-9B2A-83852F0DF241 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

You mean PBKDF2, right?

Look at RFC 8018. =  If specifies the algorithm identifiers for PBKDF2 with SHA-256, = SHA-384, SHA-512, ...

Russ
= --Apple-Mail=_353B93C7-0C59-4F9A-9B2A-83852F0DF241-- From nobody Fri Apr 3 12:53:40 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68493A082A for ; Fri, 3 Apr 2020 12:53:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvOyEKsDeqhA for ; Fri, 3 Apr 2020 12:53:37 -0700 (PDT) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2082.outbound.protection.outlook.com [40.107.21.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7902E3A0825 for ; Fri, 3 Apr 2020 12:53:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VGZAATfwwl9Sk4z/yxb8pTtCna337bh3I5E9kX9G9A+RpiFN75YUQ69WG+UR3L/wIe6yayEtO+Qge/2aQQ3eIRwECBf97xNXOA++NxRdf7CAueNdMA0WUK0AF6qeGJ3Byt7ZY4FHG/zHeyh2E/ZBoIPlaZlfV5lzgr/yquqzCwKxD/M8AUKY59HO2U8Flgf1ctwuPCiy04DdKFlRMDRNtWBtpb3RYZnU9EaIwMdUP1lAYMcXtFYKc/1aIkSlpzvUcH/xlRRCBulidDgvS5ESy0Sdj61rCYdDNIXiVs6YpPhV6SLJt/3/G8R228zC7Asd0GH068s80VLnL26ALGIScA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aNIEcg6bZpkxhFge9gXk9A9cuWCHig5KyP9S/Z5x0Vw=; b=mFb3nkqjTmc1TSUpI3ytkF02HYucad0ISYPSGhzWIidi+o/D6Bqjlb2zfOXZOKYcFZ3zXz0ebO/XbxExEbZUvLcrRvEdLzj0QA4tF4wW05YjbapBNsInnfAIqmQ/5kFXAK+YEndnEbLGAFdUo7SylCsTxygWPoDxzSa1zN7d5OMZRCXGj22LLc2Q+DkoYdJIiRdRXam2yZ1T0lzp12uLjjW+6i7MTgpzZcf+nHz+GN1CjlAg/iTP6W6IrlecJPttnYCahOah8KEGFUd5vyNlv0yuyXueTL+iBLS/7nEgRZmqfqUv/79QAoY5oHq/zusF0XEkb/grufDGfHoMr92hHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aNIEcg6bZpkxhFge9gXk9A9cuWCHig5KyP9S/Z5x0Vw=; b=nICCgf3HiQ/fGcQekHZQxmwhjYHjvZtAINe4yjRpuciJFje6jpyFlHql4EFJGuJ8ovltjeQ5BRnCNftwzpKaGtbxZiIjDp1tOiB1UgfbzQrl/+MaJgVPFYnOtSP7Zlji6+yPuQW0awlzS8tQeSoJ1lRVheTFTABrBSVrjmt4qr4= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB3505.EURPRD10.PROD.OUTLOOK.COM (10.186.174.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.19; Fri, 3 Apr 2020 19:53:27 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2878.018; Fri, 3 Apr 2020 19:53:27 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: Jim Schaad , LAMPS WG Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 Thread-Index: AQHWB4bFMhO5m425TEKdhUD7XSYtoahlkObwgAIUXKCAABgWAIAACoIAgAAA2eCAAApagIAAADyQ Date: Fri, 3 Apr 2020 19:53:27 +0000 Message-ID: References: <2FEB1904-2275-4CAE-9263-2196E568ADBC@vigilsec.com> <02c901d609e6$35b10510$a1130f30$@augustcellars.com> <8D6D0DC3-1485-4228-9D1B-CA35827C263B@vigilsec.com> <27E5EF00-2A37-4001-9CFD-651F27DF78AE@vigilsec.com> In-Reply-To: <27E5EF00-2A37-4001-9CFD-651F27DF78AE@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.169] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 999d78c3-a82e-4b7d-0101-08d7d808ad36 x-ms-traffictypediagnostic: AM0PR10MB3505: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(346002)(366004)(376002)(6506007)(55236004)(81166006)(186003)(7696005)(52536014)(71200400001)(86362001)(26005)(6916009)(316002)(76116006)(54906003)(478600001)(55016002)(5660300002)(8676002)(4326008)(9686003)(81156014)(558084003)(66446008)(64756008)(66556008)(66476007)(66946007)(2906002)(8936002)(33656002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hsD5RSu8HiVib7U+/XV51OZxsYY6C0fmD2pFWio4O7bCFkT8qbgUjOX8tVxcx1NmxRIJV/Hx5LTPKQSeMQBVZn+9wtLqdKl8jR+KJK8RomR3tQsDwQN3NW3OB+u3yyl1kbcu+n8yxf0/wWkqhULs1UoorAy7vLlDwTjdFJD8tDmDUByoKZrhzXGuzrc9k/IdG+jdOlihPwS3oDqSB4PpedSDfDAjC70dbN2si1Zrb1Rbb9Mob8yjyP7o+BPHKsxFMAeTS5damNFa7AGStiaJjd2Gk2epmnqZbq8z1NGNZUHmfro9HhJhpeYsPlZBHtVhGJGP04B4eMJq+cl3EJpmYudGir9H3Qb4+fBwk9R/dwM+St9iz4E3S/qNNWsa1g+OTbiXQ0iYNdlytbylkGpUHRLZOHKksilcK1/mObqdmCgJtOjf+MdtGeI9SISVYO/o x-ms-exchange-antispam-messagedata: FcvVtTFO9QLHN21mwYYvNjYrwofk+INI+Rpt80DcM5UdnLas911p7g1zcpIoGZwCE54y5qxKDu0iU5Q0pVs2dJRYPNrMJEfl/zft/lbNh9fmAmYR2siVQM9xp3WHRSmi634CU3uAWKIm6GnW8J9nLA== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 999d78c3-a82e-4b7d-0101-08d7d808ad36 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 19:53:27.2710 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yGDQzvtvfgFoFpsqSUlzIEzifLkQFMwiFo0gk57OO/r9GUX8IsYvSLOE33j33skLU6Aa/pfT0rBhxMDu9aekFTVtEAsB0aUJ5vKlOPdF8D4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3505 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.1.6.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 19:53:39 -0000 Thanks, I will have a look at RFC 8018 and Argon2. Hendrik > Look at RFC 8018. =A0If specifies the algorithm identifiers for PBKDF2 wi= th SHA-256, SHA-384, SHA-512, ... > > Russ From nobody Fri Apr 3 13:46:17 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CEBF3A0A8A for ; Fri, 3 Apr 2020 13:46:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQNHknS6Z0Lv for ; Fri, 3 Apr 2020 13:46:14 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 059313A0A88 for ; Fri, 3 Apr 2020 13:46:14 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A9C30300B54 for ; Fri, 3 Apr 2020 16:46:11 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6xEKJkAMOEjU for ; Fri, 3 Apr 2020 16:46:10 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id CB76D300A51 for ; Fri, 3 Apr 2020 16:46:10 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Fri, 3 Apr 2020 16:46:12 -0400 References: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> To: LAMPS WG In-Reply-To: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> Message-Id: X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: [lamps] Call For Adoption of draft-msahni-lamps-ocsp-nonce X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 20:46:16 -0000 Please take a look at draft-msahni-lamps-ocsp-nonce; it is a short = document Please indicate whether you support adoption of this document = by the LAMPS WG. Please respond before April 22nd. Russ & Tim From nobody Fri Apr 3 13:47:56 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C96C43A0A93 for ; Fri, 3 Apr 2020 13:47:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mc6xhb3uyy3C for ; Fri, 3 Apr 2020 13:47:53 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C02A3A0A8A for ; Fri, 3 Apr 2020 13:47:53 -0700 (PDT) Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 033KjjHt027627; Fri, 3 Apr 2020 21:47:53 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=f51wNWdnhU8oGnU7497DN07XPJXdGtrkrd2GiGp94qg=; b=OSUeJy4lCGpBcmmBq69H/PhOo2WxS1dHvh4a53jqLWWVGfNP38KQvcRyrhQUcWqw/x8Z OoeZ0DahDcJ8J6fs/2iRBs0kymrkLlNwlKPD0i/7TRicNNykmQAYfmOWME/sO4vaGWAt imPYGjRx0e5DozT1ub7ArcD+PvyonkuzQbRMQvZhItL8hdAboNIoof7oAU4JpJCALvnc LZYwR2nmmqAvpmrHl3Q1MehTnJ+4h5v2EvAi/V50h2rHnEbOptQ1ywsVE97wCpPuTz3W sDDBv3NH99aMRx4ADHQb0jovWJR96UGAqESk5wYsKaggVbUzTYQwDUlK3+RqOhkWxX/a 9g== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 305jckx5s7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 03 Apr 2020 21:47:53 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 033KlO89020792; Fri, 3 Apr 2020 16:47:51 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint2.akamai.com with ESMTP id 3028e53b1c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 03 Apr 2020 16:47:51 -0400 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.165.122) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 3 Apr 2020 15:47:49 -0500 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Fri, 3 Apr 2020 15:47:50 -0500 From: "Salz, Rich" To: Russ Housley , LAMPS WG Thread-Topic: [lamps] Call For Adoption of draft-msahni-lamps-ocsp-nonce Thread-Index: AQHWCfjxoD8KyNWUK0eLfFWTsOZEDqhn7xeA Date: Fri, 3 Apr 2020 20:47:49 +0000 Message-ID: <939BF909-45A0-4870-BC9B-17575B20F41F@akamai.com> References: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.35.20030802 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.118.63] Content-Type: text/plain; charset="utf-8" Content-ID: <301ED8B37D610848A8AAB3E38EC2C87C@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-03_17:2020-04-03, 2020-04-03 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=819 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004030165 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-03_17:2020-04-03, 2020-04-03 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 bulkscore=0 mlxlogscore=813 clxscore=1015 priorityscore=1501 adultscore=0 phishscore=0 impostorscore=0 suspectscore=0 malwarescore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004030165 Archived-At: Subject: Re: [lamps] Call For Adoption of draft-msahni-lamps-ocsp-nonce X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 20:47:55 -0000 WWVzLg0KDQrvu79PbiA0LzMvMjAsIDQ6NDYgUE0sICJSdXNzIEhvdXNsZXkiIDxob3VzbGV5QHZp Z2lsc2VjLmNvbT4gd3JvdGU6DQoNCiAgICBQbGVhc2UgdGFrZSBhIGxvb2sgYXQgZHJhZnQtbXNh aG5pLWxhbXBzLW9jc3Atbm9uY2U7IGl0IGlzIGEgc2hvcnQgZG9jdW1lbnQgIFBsZWFzZSBpbmRp Y2F0ZSB3aGV0aGVyIHlvdSBzdXBwb3J0IGFkb3B0aW9uIG9mIHRoaXMgZG9jdW1lbnQgYnkgdGhl IExBTVBTIFdHLiAgUGxlYXNlIHJlc3BvbmQgYmVmb3JlIEFwcmlsIDIybmQuDQogICAgDQogICAg UnVzcyAmIFRpbQ0KICAgIA0KICAgIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQogICAgU3Bhc20gbWFpbGluZyBsaXN0DQogICAgU3Bhc21AaWV0Zi5vcmcN CiAgICBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NwYXNtDQogICAgDQoN Cg== From nobody Sun Apr 5 22:31:25 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4D03A08C7 for ; Sun, 5 Apr 2020 22:20:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.2 X-Spam-Level: X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=primekey.com header.b=qCkLBLDA; dkim=pass (1024-bit key) header.d=primekey.com header.b=qCkLBLDA Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfzCTGhcc7uJ for ; Sun, 5 Apr 2020 22:19:16 -0700 (PDT) Received: from mail.primekey.com (mail.primekey.com [84.55.121.163]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12FC53A08FB for ; Sun, 5 Apr 2020 22:13:51 -0700 (PDT) Received: from mail.primekey.com (localhost [127.0.0.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPS id A94EF6AA0093 for ; Mon, 6 Apr 2020 07:13:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1586150006; bh=0aF9AzenvBU71Dfvmg/VCzGqSQQwVryK8mtdmMKplYA=; h=Subject:To:References:From:Date:In-Reply-To:From; b=qCkLBLDAkq+uLp2wOOlG/ZPBxELGAgEhR4/6Q3bVhIAzuULuYe0l8ZmcgNY19WCMF Y5DcGKTaFwvJpHMncdV7817tWVg8RIntOWuUO8P5f8zcdZ+aqIx2rorvNVdA8OIICt OWHXthgJlH8AZfKItBEl8QhpXL3bsi5Kn5vRYSnw= Received: from [192.168.1.113] (unknown [85.24.187.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.primekey.com (Postfix) with ESMTPSA id 88D2C6AA0091 for ; Mon, 6 Apr 2020 07:13:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=primekey.com; s=mail; t=1586150006; bh=0aF9AzenvBU71Dfvmg/VCzGqSQQwVryK8mtdmMKplYA=; h=Subject:To:References:From:Date:In-Reply-To:From; b=qCkLBLDAkq+uLp2wOOlG/ZPBxELGAgEhR4/6Q3bVhIAzuULuYe0l8ZmcgNY19WCMF Y5DcGKTaFwvJpHMncdV7817tWVg8RIntOWuUO8P5f8zcdZ+aqIx2rorvNVdA8OIICt OWHXthgJlH8AZfKItBEl8QhpXL3bsi5Kn5vRYSnw= To: spasm@ietf.org References: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> From: Tomas Gustavsson Autocrypt: addr=tomas.gustavsson@primekey.com; prefer-encrypt=mutual; keydata= xsBNBEyuwwYBCAD31Jsxn1lf7rnFc7y3Ol+TE7pU7ohO78kMdoVrZdAMnU9W0P33GedbU+kF 8/RFq7HlXV8a91RkgtdcMAK8tSdtBKDGZCOJZm5qOZ/EHikY8k/7s1wgSQSF4hYSG/IABCCA W139joDFl4L3buWyk2lsYX1HDBpuXGDL5HFyu165T0ZVlt23T04xmAwpIHUViKUWw1QYnlRz s66Desn2WeP+X8/QlqF1zOTUXbgrThB1X/Oh2+wzP08HVoTQCzlrEMeb9x2k+oa8PtVdnflh nZKBtyyBkZxRoHG3tNKcaf7JLoadSXcSKSKvfApcsxpP2JpkQgIhLi3JWik/Z+RR2WD1ABEB AAHNMFRvbWFzIEd1c3RhdnNzb24gPHRvbWFzLmd1c3RhdnNzb25AcHJpbWVrZXkuY29tPsLA dwQTAQgAIQUCWX8yTAIbIwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBibcSbAEP+QGAU CAC82dn8XCQ8Ei7gxQAdRSc2imaP/388i/ObDMYhNhg5j4gXs3tkfxuCvhwkzskUFgOtmaEy uz/gIiVjQIsjQrHh5tl9M0q2tqbDHJpWfE6/SkXPUmTqQ0VGyq1MmZ3/zg2jSoll74qBSfdH V7sWugRXeCBxfaPeYo8DdPCGi27yrdL8zb3xkJ3BxPcDGNdkLm+Yza+qAOrssCD7MSLN+6Sd ML5Xcmw6pgRPlQ0aCsM7scrwgBNb7KrwxaqBxqwcuqF0NMgNjeiEHi2Oj3HOZdYU4Blk2GFq 9zHuCzTWumgNOlfksZ9K3ZMJBn6KLPot5bVXIKdnHwWRzoKMDxkSZjM5zsBNBEyuwwYBCADZ 98eCFQ64zKo1OKkUgEJHO1JdsiqRO1znu6KyaTcd2vXfOCGkFFVBL+vjzzyyYV7Sg1/AaG4r l9TKJCwvx8mUmTJkKQspTfOj6AY33bmfMB/8LBYj2BjtxXyMucPjNTJqbL2r1HeGPV2nwyof MAyo2qcYuiLs20Ob7U8vooOV3GDDKEkXtJYZzTEU6qabGsepGIvMu770OZwvm4akQiCGe5sQ 4+/UH1pMZQNi+/fGbONFx+TUVMM8EkXD6dQ5WoL+xPabPjqiUmR7EBvg0uocr70Ag93tWk1d 4RgFcicjwMFcPg4TZ8Y/3Y7Nmbyo14+4SMNfNPFLgQMawL+cLLkdABEBAAHCwF8EGAECAAkC GwwFAlYXhXUACgkQYm3EmwBD/kA2igf/QNpPe7sLt3KdRD3x4cStxGjLCWyj7x1YLVnV4Nnu TvaNhC+KHx3uG39y1x3PJQwslpeSQ6JipOUmxeQjjGJGQZLV41L1PCJVhCL98Dinr6dJkYB7 cAVhfmW8PI51jiANExLZu8U5gnthj5CGv4428ODQgSoRI0demG3HmVCNrKdap+orhT8zRkq8 DuHTO01U7PKsfvQ2k8AqSAC/JjMOs1mpFe032IApXxlZkE+33Q3dE5BiJmICYg8hsRXvpKTm ZMCdNZJUQLq+XNpg6RtAPQIPMmCepXrE9M/KuH+jFS2G5+Hx5VBSM644E1G2i+HOPCVdHjof iaNi3V/ItEG3jw== Message-ID: Date: Mon, 6 Apr 2020 07:13:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [lamps] Call For Adoption of draft-msahni-lamps-ocsp-nonce X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 05:21:03 -0000 I support adoption. On 2020-04-03 22:46, Russ Housley wrote: > Please take a look at draft-msahni-lamps-ocsp-nonce; it is a short document Please indicate whether you support adoption of this document by the LAMPS WG. Please respond before April 22nd. > > Russ & Tim > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > From nobody Thu Apr 9 17:40:08 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD173A17D7; Thu, 9 Apr 2020 17:39:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hz1PZOGlLhHD; Thu, 9 Apr 2020 17:39:55 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6C643A17D9; Thu, 9 Apr 2020 17:39:54 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 16FF63897F; Thu, 9 Apr 2020 20:38:15 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 175121002; Thu, 9 Apr 2020 20:39:52 -0400 (EDT) From: Michael Richardson To: Esko Dijk , Owen Friel , "anima\@ietf.org" , acme@ietf.org, spasm@ietf.org In-Reply-To: References: <158561301296.11367.9776561744635554098@ietfa.amsl.com> <4603.1585620652@localhost> <20200331150202.GH50174@kduck.mit.edu> <600.1585687336@localhost> <5633.1585770340@localhost> <13227.1586052088@localhost> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [lamps] ACME integrations with BRSKI and cmcRA bit X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2020 00:39:58 -0000 --=-=-= Content-Type: text/plain Esko Dijk wrote: > Currently BRSKI Section 5.5.4 has this text: doc> The MASA MUST verify that the registrar voucher-request is signed by a registrar > If the Registrar would use a non-RA certificate e.g. ACME (LE) standard > EE certificate, then it seems that it cannot get anything from MASA...? > And BRSKI would not work? I agree that there are potential issues here. 1) I think that the MASA may skip that check for recognized registrars, so that the ACME integration work can work. This would be a local configuration. 2) It may be that draft-ietf-acme-integrations and/or draft-friel-acme-subdomains may need to specify a way to ask for cmcRA to be set within ACME, when using ACME when doing the pre-authorization for "domain.com" cf: NOTE: Pre-Authorization of "domain.com" is complete The ACME spec does support authorizations for domains, and maybe that would be the best way to do this. This also supports the concept that the cmcRA bit ought to apply to all RA operations (CMP and well as EST), as proposed in LAMPS. I think that we should perhaps plan a design team meeting/BOF around this discussion. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6PwFcACgkQgItw+93Q 3WVxgAf/bH4cgfOpLLkFmjUcuim8IW/qpFk5zMI+z63nHYE6epWZ/qdb7gGuhTTp kU2IJbkZyFO2y7V/+UlNh+TOyaaheplcw9tJkEcgXN+yVXtXGHLcocUR+e8jN29p O9jFSXeqEF9RjVInsIcNyrOhxxeHnabXsFF78NvHOceeMiGqa/+Ecrv80T5ybwKQ 3P5YRM32siFfSJoWqmuO8fjOMs7irutSUmq3s7apJOdRzjzOItX1jwtxq2PEiJR3 JQfvFFEE1SUI7LLOrrJC274lrF0U3HUVJQxJDurpDmW3R929ZzKt6ATD4HlZQOcJ FXJAG7ZPHl/smMO1vJp0L0fAGOz+jw== =Q3zl -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Apr 19 16:12:27 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 968103A089C for ; Sun, 19 Apr 2020 16:12:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lcc2NmijuOId for ; Sun, 19 Apr 2020 16:12:23 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61893A089B for ; Sun, 19 Apr 2020 16:12:23 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 7FF8BF40721; Sun, 19 Apr 2020 16:12:21 -0700 (PDT) To: housley@vigilsec.com, rdd@cert.org, kaduk@mit.edu, housley@vigilsec.com, tim.hollebeek@digicert.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: motherhens30@gmail.com, spasm@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20200419231221.7FF8BF40721@rfc-editor.org> Date: Sun, 19 Apr 2020 16:12:21 -0700 (PDT) Archived-At: Subject: [lamps] [Technical Errata Reported] RFC8649 (6110) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Apr 2020 23:12:26 -0000 The following errata report has been submitted for RFC8649, "Hash Of Root Key Certificate Extension". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6110 -------------------------------------- Type: Technical Reported by: Linise marie russell Section: America Original Text ------------- I love to website and I will be there. It will not sure how much money as the other side. The only one that is a man what I have a great day. Corrected Text -------------- To get it done, but I think I can do to help you with the sound of a rubber ball rolling out the details. Notes ----- Linise marie russell Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8649 (draft-ietf-lamps-hash-of-root-key-cert-extn-07) -------------------------------------- Title : Hash Of Root Key Certificate Extension Publication Date : August 2019 Author(s) : R. Housley Category : INFORMATIONAL Source : Limited Additional Mechanisms for PKIX and SMIME Area : Security Stream : IETF Verifying Party : IESG From nobody Mon Apr 20 02:10:28 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 807D13A0866; Mon, 20 Apr 2020 02:10:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.021 X-Spam-Level: X-Spam-Status: No, score=0.021 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_SPF_HELO_TEMPERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Yz5kgZOpgtj; Mon, 20 Apr 2020 02:10:06 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60139.outbound.protection.outlook.com [40.107.6.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15CC53A0C3A; Mon, 20 Apr 2020 02:07:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lJXscDC9zDDDTecySWt1KoPHOHj8oDKxyGrnPUfbupcJ00BybQ0ZOBJF4CAqfZMaZOyze0lozSx2u0o7/pyFw4aGwcuHxD4mK/i165eVO66T9d34EkbpQmzO8efG0uPyiLNAlnEZSXuysIwOQkD2F/FifyNqgzhJ8C2aOclaOgGRb4QwNFhds9b4+YbyO4/jqzMlwohdVFxuVSAaDI4JrMxmGcFpbOub/+dBcISUYyhVcyHX6dPUA7MC2Ck8QCSD4XpumUG1YRulB6O7N0TyOQOrYqYYuR8VMucMqq0XzTfSU60HAQzMPzzta2xbHRm9QZN1sU7e4/c1C62S9GDYuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YDROak04Y46vbRHoTJ3yLyIDhW5ilVZp8yOVFl5kX0k=; b=Y7ISPCmaLpUypQOwoGisi1/NTZCJ4yR2LdMzqhyQGXUhr4ZUriC49VvBWBWg+8ttFn6DQb3cVqZMxxoF76/mQcnvGPVLV4TmNBJ9rIrYDGonWLdRpvIeUhT0nlrD4WaQQayphIKCuetADQnoTjwBeZZy2KnE/BKRWppXt6H9G8pF7f9p6OUtjpNKOzBGvLuYVwnJvfPsVBQPsI8wGx1AEaMl3TP/3Z2kfRAhEWXKRpDU+MKyUpHtJHLVjJmbJN1cYLcr7HIMz88zANYO89lTQOTzE51Pz00fB+GH0S7XvX5Ij8E6z/IRNhyKR3957qoWruj4CLWg8EermF9Biu3NsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector2-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YDROak04Y46vbRHoTJ3yLyIDhW5ilVZp8yOVFl5kX0k=; b=UnhB5ZJSXlFhZC3VWJYk4YvjLS0vy3/IJIXoIgm2dR6gZ+BET6UFbyKl4lCa8Y45Lw1QvwbOzzvhWUgvFcuvfdRqetYvuwEsseefXFGRXcSd0qFX9e0fvSVGUpod41fwmXl8m0+IGsBvmlfe8hsjRCH1lbR/229ezmyld3QMx7g= Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM (2603:10a6:206:17::28) by AM5P190MB0292.EURP190.PROD.OUTLOOK.COM (2603:10a6:206:21::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.29; Mon, 20 Apr 2020 09:06:56 +0000 Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::4419:db1e:a5a7:7485]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::4419:db1e:a5a7:7485%6]) with mapi id 15.20.2921.027; Mon, 20 Apr 2020 09:06:56 +0000 From: Esko Dijk To: Michael Richardson , Owen Friel , "anima@ietf.org" , "acme@ietf.org" , "spasm@ietf.org" Thread-Topic: ACME integrations with BRSKI and cmcRA bit Thread-Index: AQHWDtCQLhCHHJtHakyP/U3Af+emZKiBxRrQ Date: Mon, 20 Apr 2020 09:06:55 +0000 Message-ID: References: <158561301296.11367.9776561744635554098@ietfa.amsl.com> <4603.1585620652@localhost> <20200331150202.GH50174@kduck.mit.edu> <600.1585687336@localhost> <5633.1585770340@localhost> <13227.1586052088@localhost> <14837.1586479192@localhost> In-Reply-To: <14837.1586479192@localhost> Accept-Language: en-US, nl-NL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl; x-originating-ip: [85.147.167.236] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5834feaa-5bc9-4104-c586-08d7e50a2cd9 x-ms-traffictypediagnostic: AM5P190MB0292: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 03793408BA x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(396003)(39830400003)(376002)(136003)(346002)(366004)(86362001)(186003)(316002)(6506007)(2906002)(52536014)(81156014)(53546011)(8936002)(508600001)(26005)(110136005)(44832011)(8676002)(33656002)(71200400001)(5660300002)(66446008)(64756008)(66556008)(66476007)(66946007)(76116006)(7696005)(55016002)(9686003); DIR:OUT; SFP:1102; received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: L0oBsuXzSalX1QE2sh1LYPkGbaxQ7L+L31wm+a7qSlkIWpZWx9/ocaEYRXP2tOt7/V5mJMSHoG0t7SH5kVMz8m2j96PZqiwNuyhZJaotWUe0otfu8vGMu7Iu3nA+798jt2B/5pFbdkKGQvwfpRwXgO2bROGnmVpOGw9WwR+efT5A8oCd4l3iP2MOchro+DUZo9aWs4yIyBK7V0Mg9nzwjUp4gAfyjBl4RFZYyJvxxJTe1KRHIhRF6YSQ4QyFJWXADxTjMMXJbSMPOWwhDksqQuwSb5jMZb4tjdFpTIYlUTaoomfp1nUS+lOOXllXhNtrcIfVTdwk+Wi3H9m94IvguY3TTb37lg1oCZTeJysHWjH1fNVaWDriDaAKPSDZtZ00T/EzGxAMqJqyP23HHZePTwoyZEHIEyxRpfb5GreaL7uqWqFeqfykfg+blcsBQhYC x-ms-exchange-antispam-messagedata: kJUFLpTFdTcHHEv4YfQIBLBOptbBqrfX1MqOLuDa2/09rSv9NPvRVNby5sJNvceWGdWH9LtduAmfWM/tayoImVKRkPag0yzwnCtP75iqbow3oirygAQuF4DKVKUm7JfYNNCRiICR7eL4bScfOh8TPQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: iotconsultancy.nl X-MS-Exchange-CrossTenant-Network-Message-Id: 5834feaa-5bc9-4104-c586-08d7e50a2cd9 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2020 09:06:55.9648 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qKqmGEgb3qjWk03+q+288L7eg+reGy8HPMIwNtVL6ticS9bopO+9ZzPnoXm9MIV4zQaQNwBgitfzXkJKByKCrwDAslD3Yqwz8QTWH50daAg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0292 Archived-At: Subject: Re: [lamps] ACME integrations with BRSKI and cmcRA bit X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2020 09:10:18 -0000 PiAxKSBJIHRoaW5rIHRoYXQgdGhlIE1BU0EgbWF5IHNraXAgdGhhdCBjaGVjayBmb3IgcmVjb2du aXplZCByZWdpc3RyYXJzLCBzbw0KPiAgICB0aGF0IHRoZSBBQ01FIGludGVncmF0aW9uIHdvcmsg Y2FuIHdvcmsuICBUaGlzIHdvdWxkIGJlIGEgbG9jYWwNCj4gICAgY29uZmlndXJhdGlvbi4NCg0K VGhpcyBvcHRpb24gc291bmRzIGFjY2VwdGFibGUgdG8gbWUgLSBpZiB0aGUgTUFTQSBpcyBwcmUt Y29uZmlndXJlZCB0byB0cnVzdCBhIHBhcnRpY3VsYXIgY2VydGlmaWNhdGUgc3VwcGxpZWQgYnkg dGhlIGN1c3RvbWVyLCB0aGVuIGl0IGNhbiBiZSBzZXQgYXMgdHJ1c3RlZCBhcyBhbiBhdXRob3Jp emVkIFJBIGZvciB0aGF0IGN1c3RvbWVyLiAgQWx0aG91Z2ggZG9pbmcgdGhlICJSQSBjaGVjayIg b24gdGhlIFJlZ2lzdHJhciBjZXJ0IHdvdWxkIGJlIGFuIGV2ZW4gbW9yZSBzZWN1cmUgc29sdXRp b24sIHRoaW5raW5nIGFib3V0IHNvbWUgcG9zc2libGUgYXR0YWNrcyB3aGVyZSBhbiBlbXBsb3ll ZSBjb3VsZCBtaXN1c2UgdGhpcyBwcm9jZXNzIHRvIGdldCBoaXMvaGVyIG93biBFRSBjZXJ0aWZp Y2F0ZSBhcHByb3ZlZCB0byAnYWN0IGFzIFJBJy4gQnV0IGl0J3MgdXAgdG8gdGhlIG1hbnVmYWN0 dXJlciAmIGN1c3RvbWVyIGhlcmUgdG8gY2hvb3NlIHRoZSBzb2x1dGlvbiB0aGF0IHdvcmtzIGFu ZCBwcm92aWRlcyBzdWZmaWNpZW50IHNlY3VyaXR5IGluIHRoZWlyIHZpZXcuDQoNCj4gMikgSXQg bWF5IGJlIHRoYXQgZHJhZnQtaWV0Zi1hY21lLWludGVncmF0aW9ucyBhbmQvb3INCj4gICAgZHJh ZnQtZnJpZWwtYWNtZS1zdWJkb21haW5zIG1heSBuZWVkIHRvIHNwZWNpZnkgYSB3YXkgdG8gYXNr IGZvciBjbWNSQSB0bw0KPiAgICBiZSBzZXQgd2l0aGluIEFDTUUsIHdoZW4gdXNpbmcgQUNNRSB3 aGVuIGRvaW5nIHRoZSBwcmUtYXV0aG9yaXphdGlvbiBmb3IgImRvbWFpbi5jb20iDQoNCkl0IHdv dWxkIGJlIGdyZWF0IGlmIHN1Y2ggZnVuY3Rpb25hbGl0eSBpcyBzdXBwb3J0ZWQuICBJIGRvIG5v dCBjdXJyZW50bHkgZm9sbG93IEFDTUUgaW4gYW55IHdheSBzbyBJIGhvcGUgb3RoZXJzIGhhdmUg b3Bwb3J0dW5pdHkgdG8gYnJpbmcgdGhpcyBpZGVhIGluLg0KDQpFc2tvDQoNCg0KSW9UY29uc3Vs dGFuY3kubmwgIHwgIEVtYWlsL1NreXBlOiBlc2tvLmRpamtAaW90Y29uc3VsdGFuY3kubmwgDQoN Cg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTWljaGFlbCBSaWNoYXJkc29u IDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E+IA0KU2VudDogRnJpZGF5LCBBcHJpbCAxMCwgMjAyMCAw Mjo0MA0KVG86IEVza28gRGlqayA8ZXNrby5kaWprQGlvdGNvbnN1bHRhbmN5Lm5sPjsgT3dlbiBG cmllbCA8b2ZyaWVsQGNpc2NvLmNvbT47IGFuaW1hQGlldGYub3JnOyBhY21lQGlldGYub3JnOyBz cGFzbUBpZXRmLm9yZw0KU3ViamVjdDogQUNNRSBpbnRlZ3JhdGlvbnMgd2l0aCBCUlNLSSBhbmQg Y21jUkEgYml0DQoNCg0KRXNrbyBEaWprIDxlc2tvLmRpamtAaW90Y29uc3VsdGFuY3kubmw+IHdy b3RlOg0KICAgID4gQ3VycmVudGx5IEJSU0tJIFNlY3Rpb24gNS41LjQgaGFzIHRoaXMgdGV4dDoN Cg0KICAgIGRvYz4gVGhlIE1BU0EgTVVTVCB2ZXJpZnkgdGhhdCB0aGUgcmVnaXN0cmFyIHZvdWNo ZXItcmVxdWVzdCBpcyBzaWduZWQgYnkgYSByZWdpc3RyYXINCg0KICAgID4gSWYgdGhlIFJlZ2lz dHJhciB3b3VsZCB1c2UgYSBub24tUkEgY2VydGlmaWNhdGUgZS5nLiBBQ01FIChMRSkgc3RhbmRh cmQNCiAgICA+IEVFIGNlcnRpZmljYXRlLCB0aGVuIGl0IHNlZW1zIHRoYXQgaXQgY2Fubm90IGdl dCBhbnl0aGluZyBmcm9tIE1BU0EuLi4/DQogICAgPiBBbmQgQlJTS0kgd291bGQgbm90IHdvcms/ DQoNCkkgYWdyZWUgdGhhdCB0aGVyZSBhcmUgcG90ZW50aWFsIGlzc3VlcyBoZXJlLg0KDQoxKSBJ IHRoaW5rIHRoYXQgdGhlIE1BU0EgbWF5IHNraXAgdGhhdCBjaGVjayBmb3IgcmVjb2duaXplZCBy ZWdpc3RyYXJzLCBzbw0KICAgdGhhdCB0aGUgQUNNRSBpbnRlZ3JhdGlvbiB3b3JrIGNhbiB3b3Jr LiAgVGhpcyB3b3VsZCBiZSBhIGxvY2FsDQogICBjb25maWd1cmF0aW9uLg0KDQoyKSBJdCBtYXkg YmUgdGhhdCBkcmFmdC1pZXRmLWFjbWUtaW50ZWdyYXRpb25zIGFuZC9vcg0KICAgZHJhZnQtZnJp ZWwtYWNtZS1zdWJkb21haW5zIG1heSBuZWVkIHRvIHNwZWNpZnkgYSB3YXkgdG8gYXNrIGZvciBj bWNSQSB0bw0KICAgYmUgc2V0IHdpdGhpbiBBQ01FLCB3aGVuIHVzaW5nIEFDTUUgd2hlbiBkb2lu ZyB0aGUgcHJlLWF1dGhvcml6YXRpb24gZm9yICJkb21haW4uY29tIg0KICAgICAgICBjZjogTk9U RTogUHJlLUF1dGhvcml6YXRpb24gb2YgImRvbWFpbi5jb20iIGlzIGNvbXBsZXRlDQogICBUaGUg QUNNRSBzcGVjIGRvZXMgc3VwcG9ydCBhdXRob3JpemF0aW9ucyBmb3IgZG9tYWlucywgYW5kIG1h eWJlIHRoYXQNCiAgIHdvdWxkIGJlIHRoZSBiZXN0IHdheSB0byBkbyB0aGlzLg0KICAgVGhpcyBh bHNvIHN1cHBvcnRzIHRoZSBjb25jZXB0IHRoYXQgdGhlIGNtY1JBIGJpdCBvdWdodCB0byBhcHBs eSB0byBhbGwgUkENCiAgIG9wZXJhdGlvbnMgKENNUCBhbmQgd2VsbCBhcyBFU1QpLCBhcyBwcm9w b3NlZCBpbiBMQU1QUy4NCg0KSSB0aGluayB0aGF0IHdlIHNob3VsZCBwZXJoYXBzIHBsYW4gYSBk ZXNpZ24gdGVhbSBtZWV0aW5nL0JPRiBhcm91bmQgdGhpcyBkaXNjdXNzaW9uLg0KDQotLQ0KTWlj aGFlbCBSaWNoYXJkc29uIDxtY3IrSUVURkBzYW5kZWxtYW4uY2E+LCBTYW5kZWxtYW4gU29mdHdh cmUgV29ya3MNCiAtPSBJUHY2IElvVCBjb25zdWx0aW5nID0tDQoNCg0KDQo= From nobody Tue Apr 21 13:31:57 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E44213A09FB for ; Tue, 21 Apr 2020 13:31:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ju29_HP8VGXT for ; Tue, 21 Apr 2020 13:31:53 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 372543A09E4 for ; Tue, 21 Apr 2020 13:31:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 8D953300B59 for ; Tue, 21 Apr 2020 16:31:50 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ukR0JnxzfkQz for ; Tue, 21 Apr 2020 16:31:48 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id D91AD3005D9; Tue, 21 Apr 2020 16:31:47 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: <20200419231221.7FF8BF40721@rfc-editor.org> Date: Tue, 21 Apr 2020 16:31:49 -0400 Cc: "Roman D. Danyliw" , Ben Kaduk , Tim Hollebeek , motherhens30@gmail.com, spasm@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20200419231221.7FF8BF40721@rfc-editor.org> To: RFC Editor X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] [Technical Errata Reported] RFC8649 (6110) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 20:31:56 -0000 I think this is spam!! > On Apr 19, 2020, at 7:12 PM, RFC Errata System = wrote: >=20 > The following errata report has been submitted for RFC8649, > "Hash Of Root Key Certificate Extension". >=20 > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6110 >=20 > -------------------------------------- > Type: Technical > Reported by: Linise marie russell >=20 > Section: America >=20 > Original Text > ------------- > I love to website and I will be there. It will not sure how much money = as the other side. The only one that is a man what I have a great day.=20= >=20 > Corrected Text > -------------- > To get it done, but I think I can do to help you with the sound of a = rubber ball rolling out the details.=20 >=20 > Notes > ----- > Linise marie russell >=20 > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party =20 > can log in to change the status and edit the report, if necessary.=20 >=20 > -------------------------------------- > RFC8649 (draft-ietf-lamps-hash-of-root-key-cert-extn-07) > -------------------------------------- > Title : Hash Of Root Key Certificate Extension > Publication Date : August 2019 > Author(s) : R. Housley > Category : INFORMATIONAL > Source : Limited Additional Mechanisms for PKIX and SMIME > Area : Security > Stream : IETF > Verifying Party : IESG From nobody Tue Apr 21 13:36:25 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A37133A0A10 for ; Tue, 21 Apr 2020 13:36:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SUraWi0FaySL for ; Tue, 21 Apr 2020 13:36:22 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17E6B3A0A0C for ; Tue, 21 Apr 2020 13:36:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9E7EC300B50 for ; Tue, 21 Apr 2020 16:36:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 4ZtdP2TqrzTK for ; Tue, 21 Apr 2020 16:36:18 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 98F5D3005D9; Tue, 21 Apr 2020 16:36:18 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: Date: Tue, 21 Apr 2020 16:36:20 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Alexey Melnikov X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] Review of draft-ietf-lamps-cms-update-alg-id-protect-01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 20:36:24 -0000 > On Mar 30, 2020, at 12:45 PM, Alexey Melnikov = wrote: >=20 > Hi Russ, >=20 > I just read your draft and I think it is well written and is ready for = publication. You can treat my reply as +1 for WGLC. Just one small = editorial nit: >=20 > 6. Security Considerations >=20 > The last sentence of the 2nd para reads: >=20 > Likewise there us not currently >=20 > I think you meant something like "Likewise there is currently no" = above? >=20 > protection mechanism for the algorithm identifiers used in the >=20 > authenticated-enveloped-data content type defined in [RFC5083]. I have corrected this i my edit buffer. It now says: ... Likewise there is not currently a protection mechanism for the algorithm identifiers used in the authenticated-enveloped-data content type defined in [RFC5083]. Russ= From nobody Tue Apr 21 14:16:16 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4343A0A8F for ; Tue, 21 Apr 2020 14:16:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6KFvMHxHyj0H for ; Tue, 21 Apr 2020 14:16:13 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED6663A0A92 for ; Tue, 21 Apr 2020 14:16:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 80D24300B3E for ; Tue, 21 Apr 2020 17:16:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3xMtEVZHqBpz for ; Tue, 21 Apr 2020 17:16:08 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id AABD6300A02 for ; Tue, 21 Apr 2020 17:16:08 -0400 (EDT) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_BB33E91E-E8ED-4FE9-A08A-41B06A165AC8" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Tue, 21 Apr 2020 17:16:10 -0400 References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> To: LAMPS WG In-Reply-To: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> Message-Id: <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 21:16:15 -0000 --Apple-Mail=_BB33E91E-E8ED-4FE9-A08A-41B06A165AC8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 >=20 > This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. >=20 > The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ = I reviewed the document and it is basically ready, modulo a few minor = things: 1) The title pages should include "Updates: 7030 (if approved)" in the = upper left corner. 2) Section 1: I think it would be more clear to merge this paragraphs: [RFC2616] and later [RFC7231] Appendix A.5 has text specifically deprecating Content-Transfer-Encoding. [RFC7030] calls it out this header incorrectly. I suggest: [RFC2616] and later [RFC7231] Appendix A.5 specifically deprecates Content-Transfer-Encoding. However, [RFC7030] incorrectly uses this = header. 3) Section 1 talks about HTTP-related topics in the beginning and the = middle of the section. I think it would be better to put them near each = other. 4) Section 1: please add a reference for IEC 62351. 5) Please use: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 6) Please add a reference for RFC 8174. 7) Section 4, 2nd para: I find the wording confusing. I suggest: This document updates [RFC7030] to require the POST request and payload response of all endpoints use Base64 encoding as specified in Section 4 of [RFC4648]. In both cases, the Distinguished Encoding Rules (DER) [X690] are used to produce the input for the Base64 encoding routine. This format is to be used regardless of any Content-Transfer-Encoding header, and any value in such a header MUST be ignored. 8) Section 5.1: Since there is only one ATTRIBUTE in the document, why = not reduce the complexity by: OLD: AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } NEW: AttrSet ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, ... } Note: If you accept this change, it needs to be made in the ASN.1 module = too. 9) Section 5.1: s/crypto system/cryptographic algorithm/ (more than one = place) Russ --Apple-Mail=_BB33E91E-E8ED-4FE9-A08A-41B06A165AC8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 =20 =20 

This is =
the LAMPS WG Last Call for "Clarification of Enrollment over Secure =
Transport (EST): transfer encodings and ASN.1=E2=80=9D =
<draft-ietf-lamps-rfc7030est-clarify-02>.  Please review the =
document and send your comments to the list by 19 April 2020.  This is =
longer than usual to accommodate the vast number of virtual interim =
sessions that are taking place right now.

The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/=

I reviewed the document and it is = basically ready, modulo a few minor things:

1) The title pages should include "Updates: 7030 = (if approved)" in the upper left corner.

2) Section = 1: I think it would be more clear to merge this paragraphs:

  =  [RFC2616] and later [RFC7231] Appendix A.5 has text = specifically
   deprecating = Content-Transfer-Encoding.

   [RFC7030] calls it out this header = incorrectly.

I suggest:

   [RFC2616] and later [RFC7231] = Appendix A.5 specifically deprecates
  =  Content-Transfer-Encoding.  However, [RFC7030] incorrectly = uses this header.

3) Section 1 talks about HTTP-related topics in the beginning = and the middle of the section.  I think it would be better to put = them near each other.

4) Section 1: please add a reference for IEC = 62351.

5) = Please use:

   The key words "MUST", "MUST NOT", "REQUIRED", = "SHALL", "SHALL NOT",
   "SHOULD", = "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be = interpreted as described in
   BCP 14 = [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

6) Please add a = reference for RFC 8174.

7) Section 4, 2nd para: I find the wording confusing.  I = suggest:

   This document updates [RFC7030] to require the = POST request and
   payload response of = all endpoints use Base64 encoding as specified in
   Section 4 of [RFC4648].  In both cases, the = Distinguished Encoding
   Rules (DER) = [X690] are used to produce the input for the Base64
   encoding routine. This format is to be used = regardless of any
  =  Content-Transfer-Encoding header, and any value in
   such a header MUST be ignored.

8) Section 5.1: =  Since there is only one ATTRIBUTE in the document, why not reduce = the complexity by:

OLD:

  AttrSet ATTRIBUTE ::=3D { = AttributesDefinedInRFC7030, ... }

NEW:

  AttrSet ATTRIBUTE ::=3D { = aa-asymmDecryptKeyID, ... }

Note: If you accept this change, it = needs to be made in the ASN.1 module too.

9) Section 5.1: =  s/crypto system/cryptographic algorithm/ (more than one = place)

Russ
=
= --Apple-Mail=_BB33E91E-E8ED-4FE9-A08A-41B06A165AC8-- From nobody Tue Apr 21 16:47:21 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 781CA3A0E37 for ; Tue, 21 Apr 2020 16:47:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k0tPn5NDjA1H for ; Tue, 21 Apr 2020 16:47:16 -0700 (PDT) Received: from mail.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34AAF3A0E40 for ; Tue, 21 Apr 2020 16:47:16 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 8DD41204632; Tue, 21 Apr 2020 16:46:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hwwSnxEGivv; Tue, 21 Apr 2020 16:46:38 -0700 (PDT) Received: from [10.0.1.18] (unknown [47.144.155.28]) by c8a.amsl.com (Postfix) with ESMTPA id 3F02D204631; Tue, 21 Apr 2020 16:46:38 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Megan Ferguson In-Reply-To: Date: Tue, 21 Apr 2020 16:47:14 -0700 Cc: RFC System , "Roman D. Danyliw" , Ben Kaduk , Tim Hollebeek , spasm@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <8AA39365-6965-4671-B73D-B2E1C4D9E28A@amsl.com> References: <20200419231221.7FF8BF40721@rfc-editor.org> To: Russ Housley X-Mailer: Apple Mail (2.1878.6) Archived-At: Subject: Re: [lamps] [Technical Errata Reported] RFC8649 (6110) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 23:47:20 -0000 Hi Russ, Thanks for the heads up. This report has been deleted. RFC Editor/mf On Apr 21, 2020, at 1:31 PM, Russ Housley wrote: > I think this is spam!! >=20 >=20 >=20 >> On Apr 19, 2020, at 7:12 PM, RFC Errata System = wrote: >>=20 >> The following errata report has been submitted for RFC8649, >> "Hash Of Root Key Certificate Extension". >>=20 >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6110 >>=20 >> -------------------------------------- >> Type: Technical >> Reported by: Linise marie russell >>=20 >> Section: America >>=20 >> Original Text >> ------------- >> I love to website and I will be there. It will not sure how much = money as the other side. The only one that is a man what I have a great = day.=20 >>=20 >> Corrected Text >> -------------- >> To get it done, but I think I can do to help you with the sound of a = rubber ball rolling out the details.=20 >>=20 >> Notes >> ----- >> Linise marie russell >>=20 >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party =20 >> can log in to change the status and edit the report, if necessary.=20 >>=20 >> -------------------------------------- >> RFC8649 (draft-ietf-lamps-hash-of-root-key-cert-extn-07) >> -------------------------------------- >> Title : Hash Of Root Key Certificate Extension >> Publication Date : August 2019 >> Author(s) : R. Housley >> Category : INFORMATIONAL >> Source : Limited Additional Mechanisms for PKIX and = SMIME >> Area : Security >> Stream : IETF >> Verifying Party : IESG >=20 From nobody Wed Apr 22 23:52:29 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4119E3A1621 for ; Wed, 22 Apr 2020 23:52:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.721 X-Spam-Level: X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 249MhiEK9zKM for ; Wed, 22 Apr 2020 23:52:19 -0700 (PDT) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2088.outbound.protection.outlook.com [40.107.22.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DDC23A1712 for ; Wed, 22 Apr 2020 23:51:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QcjNqBkDAM4M9rnmd117LzgvjNrPLmBZeex8Hzdxr2OEXitWMtN1DxjtBbDAlFw3gHKxnNHzqIoIhMImQxLaAew1GuqPx/bQYbzZY3el2Y0GSx8bGKu1+gpJryLYDUPl322SlWfKdSz+SlVSDTYuVPZKWIbxwGYytmCT+V6IN+Honi6wAOhED9dpooXjjFijVG78zC6AOcC5Jz6L8+2WQI94oTKC0pAASnH7E147d7tbCX3E7OIGNVuyWdsymBL8U3sv1qSo/HDQkMRSK30varjxuy2CjMxnvG/YmeLJPsDUFVlkrFaqYauSKUtKEYkPbTjLKqzsQ1AdqthGrAj8ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=diJpEdGNSl1L3z7LmgPdaHxsE4l2gB7oJPciZ0ILN98=; b=OMAIHAabLBpNwrKeriMA1AChIN1MZv50qz+srW4Kl44nDbtfY1jS/3fe/x1q3MriYpIOy4WqirZj7JiqFFeQhldhnjnyqq62Wat/cVdiot60nUOh2Q9cQUeTd3HczHnSJtzq0JeDpspUXrm7n7bpnnsMAp+Lbnap3En0SdELVO57/tKKGS/mNTPT7VbG2us2P0VTSZWQKTR5mFxfX5rxdPYgKwolJIsGeEFxWTkWMNLg2mHMVeBUqKcItimRAULxZR4X3H6IGJ3ccjkyFsfZAqTAwwQAt65Oirr0a005NBvU5xpXdrCHVKfBifrYgbYLckGas3a9OaXuzHGIRTd3gQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=diJpEdGNSl1L3z7LmgPdaHxsE4l2gB7oJPciZ0ILN98=; b=Lqb0BJfV0WUKUIJhg816gFPN8tDOeqwWvziBjhr90P8q/qxiTdTjAwdljqYj+f2ZW4Fadn/6rNFun6Y5jjZndtRICDnucYQJaI6wS20wIy7MXkoy+ugULTujm+3w1LEpw7LH5PagIIUKWb+LeHkHadUyIg+U5bXLVmlYRQOpaiE= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB2770.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:130::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Thu, 23 Apr 2020 06:51:44 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2921.030; Thu, 23 Apr 2020 06:51:44 +0000 From: "Brockhaus, Hendrik" To: LAMPS WG CC: "steffen.fries@siemens.com" Thread-Topic: draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.3 Thread-Index: AdYZNjYiHxBoSMZCScK+tLsspOtlGw== Date: Thu, 23 Apr 2020 06:51:44 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.164] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8ebb00ac-730b-4e4c-5d6a-08d7e752c8f9 x-ms-traffictypediagnostic: AM0PR10MB2770:|AM0PR10MB2770: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 03827AF76E x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(396003)(39860400002)(136003)(366004)(346002)(33656002)(186003)(64756008)(66946007)(55016002)(107886003)(76116006)(66556008)(6916009)(71200400001)(26005)(55236004)(7696005)(52536014)(6506007)(66476007)(4326008)(8936002)(2906002)(86362001)(9686003)(66446008)(8676002)(5660300002)(81156014)(316002)(478600001); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wVvWETQeiZObsxC+B3k1N8SeAzCO2d6A1k7l25mHdYYO2UAYjyonumv85BjzrvRK1ERoyBuMMXDY6TEdxs9U+yEYzfHxOyuYBMxcqTIYoU5wM/+xKy+1pvyQcHwPlIHJsiXL1IQQym8jbjPAyBB9w4t7dduSjZZKQ05vm7obrGJtWvAQABFNo1TNdgSG38xHH362ys5a/gRY9CEUBTLRgrzwUvdx8mugeF2EP15j4m/aKKNayMDOpSfd1dly+mICiNaBO6+D2yr8muOlWloFY4xeE+EzXI7ohvSCVjSAWxQjRRvLyCmekZZ8I+OqNnXlNSrNTKOQp+MuiA6gmK2aEIgKdNumiC78hMwaFM2japx8CeCJO2MEE9bcZ+v8OuUCGFuzS+1yvkhmzCCRCsdLb/yVtrqXClHDCQriJYFDUVrpH2bCEqVOhBihpSqQyRXi x-ms-exchange-antispam-messagedata: Gacn+oet+XkvJpK9VO4lXGM4gCgmdTe+qxk1u/20KR2M9febxshLc5tQPStrJ0viyoNpW9L1qgw8Zbg+pHjdLIhexA5xV99RzY1HF3PU0UDwDxleNmISSc4IDzHHVS26BYg8eWSlwkyzqXCeoAOK26WQvaF5bHRXyt0ejWQ2tlaUzcsSp+ZigsXY7JL58JzP/S2hzBlYxiIWEK5fFVmxiydz7qSvKUpHzZHZ9a29el2QWqC6RSzGHtMufQNxauxHbRi5SIRlTffke0rhqnDRqGPmE8BXGOHC12fZExnQr2WtmfgMFHmwUh4RmJCy+NWUxYXsvfVVdvRTv5aYlK3d16WQW5zp0VvBmfJYbnDMNcMvKwk2BI4wbcBhLa9FyumKSke9uisE1+OvC9ERhqiN5J3j1yBM7S4VuQZBVA8zs8iRBf1J2uR3DEN9+qG4gGc+Ivq1kLiLegOpHOG1LshsKyWatThLfFoIH2YoYSynLlCGhjWl/nsiMHznuHoT8eP2Ri0vE0HBgyqNSGn9g+gyf8XiUsFtK7CNaVG2GXXvzqnmIWrxyl8tTp6Sc2AGxpXJOwKFYaomCgauTstLozXR7SyEob68/kjOerFFfF6ksfe/zQeIzIz6/VqvTvf538USRumt90IjvU9WO+VNBC7+cTdC5PghHenwSRwCiny6vRGLptYna08oAyLehtUoe+jAjzeP15z0xh3c7d/QJ7wul8eWS/voruHHsLGNHH6/mc4uU7gbBax3/A/0XtvJexRPQKZWoZsbzRgWb3gv7WiVTIaR9FuSeRdOZo6OpypO9i/ksOt3cUEIf91p5POak0tB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8ebb00ac-730b-4e4c-5d6a-08d7e752c8f9 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2020 06:51:44.0764 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: VH8n0gcKwINGJXKd/9OQJXTM1WPPgW8qpBD+P5LkcDTcjpQshaZyDJrEbu15Q5AL/6p+Ev4p3Ail6RzvnOv0QugFeHZ6hcT05vkhIeOsE8U= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2770 Archived-At: Subject: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.3 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 06:52:27 -0000 During the past LAMPS WG online meeting we discussed the root CA certificat= e update structure. I wanted to explain the reasons behind our suggestion t= o change the caKeyUpdateInfo structure. The structure caKeyUpdateInfo contains three certificates (oldWithNew, newW= ithOld and newWithNew) and all are mandatory. Especially in meshed CA arran= gements the oldWithNew and newWithOld certificates are needed. As the numbe= r of certificates transferred and stored is crucial in many environments an= d hierarchical CA arrangements are more common in industrial or IoT environ= ments, we thought about the need for all three certificates. 1. As long as the message is properly authenticated by an authorized entity= (e.g., the existing CA), only newWithNew is really necessary as this is th= e new Root CA certificate. The two other may be helpful for chain building = in a mixed environment where one device needs to authenticate another devic= e using the other root. 2. The newWithOld certificate could be necessary when a Device A needs to a= uthenticate to Device B and Device A uses a certificate under the new root = and Device B only knows the old root. Then Device A should also deliver the= newWithNew and newWithOld certificates to give Device B the chance to buil= d a proper chain.=20 3. The oldWithNew certificate is only necessary if two devices need to auth= enticate each other and one of the devices does not know the old root CA ce= rtificate. I regard the case a quite uncommon as in many environments all d= evices already have a common oldWithOld root certificate when the newWithNe= w root certificate is being rolled out. Having these three points in mind, we think a structure like this would be = good. =A0=A0=A0=A0 RootCaKeyUpdContent ::=3D SEQUENCE { =A0=A0=A0=A0=A0=A0=A0=A0=A0 newWithNew=A0=A0 CMPCertificate,=A0 -- new pub = signed with new priv =A0=A0=A0 =A0=A0=A0=A0=A0=A0newWithOld=A0=A0 [0] CMPCertificate OPTIONAL, -= - new pub signed with old priv =A0=A0=A0=A0=A0=A0=A0=A0=A0 oldWithNew=A0=A0 [1] CMPCertificate OPTIONAL --= old pub signed with new priv =A0=A0=A0=A0=A0 } The Structure should be used in Lightweight CMP Profile section 5.4.3 like = this: rootCaKeyUpdate REQUIRED -- MUST be present and be of type RootCaKeyUpdContent newWithNew REQUIRED -- MUST be present if infoValue is present -- MUST contain the new root CA certificate newWithOld RECOMMENDED -- SHOULD be present if infoValue is present -- MUST contain an X.509 certificate containing the new public -- root CA key signed with the old private root CA key oldWithNew OPTIONAL -- MAY be present if infoValue is present -- MUST contain an X.509 certificate containing the old public -- root CA key signed with the new private root CA key And the uses shall have the flexibility to either fill either - newWithNew,=20 - newWithNew + newWithOld,=20 - newWithNew + oldWithNew, or=20 - newWithNew + newWithOld + oldWithNew. Therefore we changed the order of the certs and added tagging in RootCaKeyU= pdContent for newWithOld and oldWithNew. Is this correct? This structure services the uses cases in scope of the Lightweight CMP Prof= ile best and offers the needed flexibility for reducing the overhead of del= ivering certificates that are not needed. But finally it is also open to co= ver all other use cases. As discussed during the LAMPS WG session, I will suggest a new structure an= d OID in the Lightweight CMP Profile for this structure. Any feedback is welcome. -- Hendrik From nobody Thu Apr 23 14:02:17 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D2E3A13C2 for ; Thu, 23 Apr 2020 14:02:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6LfFIvVlZIg for ; Thu, 23 Apr 2020 14:02:12 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D905B3A13C1 for ; Thu, 23 Apr 2020 14:02:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 6BA05300B50 for ; Thu, 23 Apr 2020 17:02:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JW8_Lp_m_4nO for ; Thu, 23 Apr 2020 17:02:09 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 36499300B4F for ; Thu, 23 Apr 2020 17:02:09 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Thu, 23 Apr 2020 17:02:10 -0400 References: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> To: LAMPS WG In-Reply-To: Message-Id: <925F1E16-DEB1-44BC-AD9E-D759C411C030@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] Call For Adoption of draft-msahni-lamps-ocsp-nonce X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 21:02:15 -0000 I did not see any objections to the LAMPS WG adoption of this document. = Mohit, please post draft-ietf-lamps-ocsp-nonce-00. Russ > On Apr 3, 2020, at 4:46 PM, Russ Housley wrote: >=20 > Please take a look at draft-msahni-lamps-ocsp-nonce; it is a short = document Please indicate whether you support adoption of this document = by the LAMPS WG. Please respond before April 22nd. >=20 > Russ & Tim From nobody Thu Apr 23 14:12:39 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6BD93A1421 for ; Thu, 23 Apr 2020 14:12:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtJmAci_0nha for ; Thu, 23 Apr 2020 14:12:35 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EFB3A13FD for ; Thu, 23 Apr 2020 14:12:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7B485300B50 for ; Thu, 23 Apr 2020 17:12:31 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aJExsqAC09vq for ; Thu, 23 Apr 2020 17:12:30 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 55F22300B4F for ; Thu, 23 Apr 2020 17:12:30 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Thu, 23 Apr 2020 17:12:31 -0400 References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> To: LAMPS WG In-Reply-To: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> Message-Id: <0B19BF5D-F1B7-41C8-AD4C-44A04F648EA0@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 21:12:38 -0000 I saw several reviews. They were mostly a desire for clarify. Please = post an update to resolve the concerns that were raised. Then, we will = ask the reviewers whether the revision addresses their concerns. Russ > On Mar 30, 2020, at 12:11 PM, Russ Housley = wrote: >=20 > This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. >=20 > The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ >=20 > Thanks, > Russ & Tim From nobody Thu Apr 23 18:09:38 2020 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 713F53A0C92; Thu, 23 Apr 2020 18:09:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.127.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <158769057341.17424.4045332841555957570@ietfa.amsl.com> Date: Thu, 23 Apr 2020 18:09:33 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 01:09:34 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : OCSP Nonce Extension Author : Mohit Sahni Filename : draft-ietf-lamps-ocsp-nonce-00.txt Pages : 6 Date : 2020-04-23 Abstract: This document specifies the updated format of the Nonce extension in Online Certificate Status Protocol (OCSP) request and response messages. OCSP is used to check the status of a certificate and the Nonce extension is used in the OCSP request and response messages to avoid replay attacks. This document updates the RFC 6960 The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-ocsp-nonce-00 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-ocsp-nonce-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Apr 24 00:24:37 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E4F3A0E08; Fri, 24 Apr 2020 00:24:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.721 X-Spam-Level: X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01gc1RqSRo57; Fri, 24 Apr 2020 00:24:23 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80045.outbound.protection.outlook.com [40.107.8.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5060B3A0E06; Fri, 24 Apr 2020 00:24:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BKyGnUtbqFZPDf2E5FakhCSK8lkPZa27xyxEJRrkoZT46Xv3udW3v8Xy572BclGNb/JV155VJO7d7gDd+QcA1dDO8N9aEPK+QV+96jKdgDnJYujkjQJuRN6CASnEgHqe4xRjXzfNkDq1tbNpFeIVbz7unlRp4a0cBFuEapaAhrlPxxh3LyzMhk/1pqJB9aWs31E52G5o1fsns88pe3NIIdvroEzz0ThEhE588hlLaMS7MV62noPJFJWutBAfShJaVIMaqPq64pI6dCHPMCy+BePnH/X1YRhAsq9r17rXOqiFH5Xgo64vQCSRHU4nl70+2YwwVcX1I0ynUUoZmJR42A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dm/uqOTEBzc+Z6eS+DHlAjhlKLyA4233V43d26da9/k=; b=jy1YGPVBpQe5QguWIGryF+6YvREp/oppLnSirHKQrUDAh9pS8lZ8hsQqpvdMqfGf6/boeisun+FizSma5smzh7cFNQhPG7d1Uv6aDwv2+H8eWi/MLj4w09ztWXU//dGNeeQSlwQwHL2Dq+LX7bwkxcEIv0xydZqMvmMJLSSq2stkqChYtPsPBGH61ix+IBLDgVj2nhw/6+9p0vy3e7HJ07I1zoE+FMcI9lk+KNSuWOCducyg8qeZ9AvMchwpwm1WPJzFdUNTnsGZK1ZM9cnw0Nd+w5T3hzOIAtbmtTgjLBZqHO8wXg88Y820QxspKBJZ3MozWKuHBZskATkQMp1v9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dm/uqOTEBzc+Z6eS+DHlAjhlKLyA4233V43d26da9/k=; b=Z+fbQxM8min2wfFYITPE/ENfopEMhcwiLFHG++q/b9JyEJye3LMbK4P6veznXyEF4kdUPG8IghXWcI7UBcnTDxQGIZxBk8tdKdZlSapxmp39H1x7h3pDpi+Hxd5KEMgo/IOM5WzCIHOy6p5Daom6t8cT4ALGMIrdvWTVfiycOAY= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB2147.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:d7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Fri, 24 Apr 2020 07:24:21 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2921.030; Fri, 24 Apr 2020 07:24:21 +0000 From: "Brockhaus, Hendrik" To: LAMPS WG , "pkix@ietf.org" CC: "steffen.fries@siemens.com" Thread-Topic: draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AdYaCB2PEbEcCf1RR1Sfxy7I94Cd0w== Date: Fri, 24 Apr 2020 07:24:20 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.174] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 2ec18448-5589-4eab-2da8-08d7e82081cd x-ms-traffictypediagnostic: AM0PR10MB2147:|AM0PR10MB2147: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 03838E948C x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(39860400002)(366004)(396003)(136003)(55016002)(26005)(9686003)(186003)(478600001)(2906002)(4326008)(450100002)(8936002)(71200400001)(52536014)(110136005)(64756008)(66476007)(66946007)(5660300002)(66446008)(76116006)(316002)(55236004)(107886003)(81156014)(86362001)(4744005)(8676002)(7696005)(6506007)(66556008)(33656002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: u0m3I8Mbt/qXFz8rOa9UgVBDdIlv4OLD1edpZqLXhCfyUsfxDT9/9XvSFsrdD+S1/Zc6lEOeDLYgh2KJU1o+ElcNqmsZX+/3RvH56ZBnUHB9EPDUbDeT+F5lbzHAj4j+Csgp8flKrYU9N/zF982NSQocbLRCTsVDN4h4Vw5tIMtbS+P4Dv7ZT+g/i7aXQ/B50C2tSQpj1ByvdyKURUIOON7GA7vKrGX2W5OYQ1rl4GmQYwrGzO6oAIYHZOhlGSYt0DhwOGwHegGFt5HU/2fPqNmLqKssjgpC8RChxKCwZG7BdjfpJUMcw/ybMpuAXyAngGBwx+zTzc4ZdGwNbSfp9cWGXVxOT70+y++wZAwkorHfcXB3pvXG2TlWsqSqWw3o2zruG5l7aYkHyLzBAFUr4oyDvWNmVZ2uo8f8usirIhlHH6iczhelhzGGR30AXSWp x-ms-exchange-antispam-messagedata: sWESZq8hB/jyVBDJY4dCExTMEeqCqc7y668K/fQt8kZw4h1yfze3Q7r90bBSst1c9BKZeUrrPom9ml/F2ispT70RfxtHBMGPVqxSbgE1hXQYZ+L6qPDzxbetGdy6xJuSiIIXUPdDYqB0qk5wUt0mYWxJbDg+BD1DW8DxfUop+0SV1KBaZuS79ji0l8U2pBVt4ZW8p3I2BhIzBlpojOFIekfifIq9bh0XQyUz+wDCk2ydxlyq4IYIQAyEXW4bKGwr5fTc8Orjk1mJC0D2KpzN9BHtMpB6NMJKiS9kHETK3IiP2ND6LiA7AUTPbygmlGbVIK6v3UAWXQAWG2RDul6i3sgc6ha0OTw3aGE+DBzQMzZhuytSqOkLc3QYHz7v2U4TLTmn+1hMUhwfqa57f40dBn6z9m5n4MPKy9w3uTGB7mcNhJGI9O629c2/FMX5HWpfu9iT9coaPOVdGER6OfIGZ5uqUVEwCToMBMIlfIaqspKxqYUuHRJivgDyzm8/TLahfP9Lzq49RaR5OQYNVg+rtF8m/m0x9Um/qoMobe4sVso4vhysAyUHzpLOPvBIGyd76HfgfHdqx5JuLDYsl+Uuk4cdH/zLUXAKJLwhnARBTJ9qM6ETVXplfd4ycHCTkI45CNR9dkl51x3JU5BTDIl5bwE8rGHl/XQquKDKMZU5SpP+3f0GIcDdEXg5F3sihRyZtcDCALzmEx3GMawwTiSJ9mgmgb6GwQxHrLEV6+hKO1xSWO171kWSnPsuGWG3P44r58JokYcSx1AigGisGzsrr8/zQ8aq2R2Ku77RCrUhCOy+23iX08Afwifc8WR1FG+Z Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ec18448-5589-4eab-2da8-08d7e82081cd X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 07:24:20.8840 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xIFTpUwKsFfdCJJuADY9HtCfbJPB/QEc8Oq94QC9VRP31y++FdqGYiwqDIv0wsJKf0tcuBzoKUbm8BveE/zmfGm2sErr7FEZZ2MbZ9GSP1c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2147 Archived-At: Subject: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 07:24:26 -0000 In section 5.4.4 a general message is specified to request requirements for= an upcoming certificate request by the end entity from a PKI management co= mponent. During IETF107's LAMPS meeting the rsaKeyLen parameter as discussed. Curren= tly the rsaKeyLen field is specified as a single INTEGER. The question was,= if a SEQUENCE OF INTEGER should be specified instead to offer a set of all= owed RSA key length values. During the meeting no one was in favor of this change and I would also tend= to stick to the single INTEGER, as the certTemplate also offers only singl= e values for the different attributes and extensions. Is there anyone voting against specifying rsaKeyLen as single INTEGER? -- Hendrik From nobody Fri Apr 24 00:51:34 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9A983A0EA7; Fri, 24 Apr 2020 00:51:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWjb27AOOIm1; Fri, 24 Apr 2020 00:51:06 -0700 (PDT) Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1648D3A0EA6; Fri, 24 Apr 2020 00:51:06 -0700 (PDT) Received: by mail-il1-x134.google.com with SMTP id c16so8436448ilr.3; Fri, 24 Apr 2020 00:51:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hcyw0OMn8isoIWznh4GwtzzmW2VAcaTriRo7y/XU1n0=; b=OWriv+zMoRGqb8utaAliVx0+O5TJHHLXlwlk3OPmbkZdC0rVhSg6Slt3iDTy+EcCWL cqcd0JpIvqHpnxoStAyio89oxkGqDV1DZLoKDYdd0I2Lq8bid22Bip1Au5fSRGXOUBlB +rp1TTjRuq1WRfMXjILH1XblEnGt9nIc8cq2ZEXJKQ0JOCjsJH1pcLRwI7KIWEOG4avv iddTDQli35jb4bRQP1NdS/b5Wgb4fDHIIjreT3QFqgHLjHZzEF24mA80+jhy/b94iN7m xgEKsXP9GmDVwUWOd9MumInC+7Y4KSyPxqJlTST4DzlGepCBV4QhRj7+vZ8iLJ8Jb50F brRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hcyw0OMn8isoIWznh4GwtzzmW2VAcaTriRo7y/XU1n0=; b=DmyQNfpmGu4ziAzJLFCR1KWgrzahp9ERJ1TAdsrUmZySLTfYlIqD+zF1WhhkbfL3BT pjD04ExXQk8jzazxoHYYfqPO8cJXmUlxjBb7VKFltaAo3fA22bkfMdSpAlmhgJNAlPqy 1udZJxqcZ9ctB3ly2GX3cZ7daBcZINT4Jg0/Tz2AcWliLsKor0uP1NwJ3Xtyf9Cbvspw YqUwh39lSHEOIAktIVz6dbuX7q+rvhOW4c/YIOnlcigEIKZhuBUKX9e6sVnZ5wBcez45 /m9j0alddiZxGAIokoGHo0i+mmGHXQhUWebB7qdQemxPrJgH5zwx8qvEySkPMH73V+2O bZSg== X-Gm-Message-State: AGi0PuaXN8LXjydsOUnaET7f6Wdj2X+d3H9HsCROv0RP9F90C2G7u6R0 bm0RclRNi1I0k89OgAHIJPUXbtKaa1PCVZo+t6E= X-Google-Smtp-Source: APiQypL5d0tqn5wepg9PkSdxpUtcJ52sHea54YZZZVFhxeYEEeYqP6nbrP+x0OIhKDSplYTVr/TINzCpB3TP75cXeUA= X-Received: by 2002:a92:ddd2:: with SMTP id d18mr7240246ilr.24.1587714665369; Fri, 24 Apr 2020 00:51:05 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Mohit Sahni Date: Fri, 24 Apr 2020 00:50:54 -0700 Message-ID: To: "Brockhaus, Hendrik" Cc: LAMPS WG , "pkix@ietf.org" , "steffen.fries@siemens.com" Content-Type: multipart/alternative; boundary="000000000000a25aad05a404a012" Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 07:51:08 -0000 --000000000000a25aad05a404a012 Content-Type: text/plain; charset="UTF-8" Hi Hendrik I am not against or for using the sequence but shouldn't this field be generic to support ECDSA/ DSA or RSA key length? -Mohit On Fri, Apr 24, 2020 at 12:25 AM Brockhaus, Hendrik < hendrik.brockhaus@siemens.com> wrote: > In section 5.4.4 a general message is specified to request requirements > for an upcoming certificate request by the end entity from a PKI management > component. > During IETF107's LAMPS meeting the rsaKeyLen parameter as discussed. > Currently the rsaKeyLen field is specified as a single INTEGER. The > question was, if a SEQUENCE OF INTEGER should be specified instead to offer > a set of allowed RSA key length values. > During the meeting no one was in favor of this change and I would also > tend to stick to the single INTEGER, as the certTemplate also offers only > single values for the different attributes and extensions. > > Is there anyone voting against specifying rsaKeyLen as single INTEGER? > > -- Hendrik > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --000000000000a25aad05a404a012 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Hendrik
I am not against or for using the sequence = but shouldn't this field be generic to support=C2=A0ECDSA/ DSA or RSA k= ey length?=C2=A0

-Mohit=C2=A0=C2=A0
On Fri, A= pr 24, 2020 at 12:25 AM Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:
=
In section 5.4.4 a genera= l message is specified to request requirements for an upcoming certificate = request by the end entity from a PKI management component.
During IETF107's LAMPS meeting the rsaKeyLen parameter as discussed. Cu= rrently the rsaKeyLen field is specified as a single INTEGER. The question = was, if a SEQUENCE OF INTEGER should be specified instead to offer a set of= allowed RSA key length values.
During the meeting no one was in favor of this change and I would also tend= to stick to the single INTEGER, as the certTemplate also offers only singl= e values for the different attributes and extensions.

Is there anyone voting against specifying rsaKeyLen as single INTEGER?

-- Hendrik

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--000000000000a25aad05a404a012-- From nobody Fri Apr 24 02:28:15 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F4633A111B; Fri, 24 Apr 2020 02:28:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5qLEQobIy4vT; Fri, 24 Apr 2020 02:28:03 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40062.outbound.protection.outlook.com [40.107.4.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 866BA3A10DF; Fri, 24 Apr 2020 02:28:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A+4uc+W4rtrlpWyOkgROSTkqr93pW4ig9bRxV855yafD/1fEGudTFjzkz3BAVPNrSouqqI+I2MN9pJIJF3lPmNmoSWX9F58nHbz2zn7wWMJLiRyL62KdZiDwC4Tt20npUorv1nndhwQr4qvTEdyMIeRgqOWeXfjF6/wFDG+nFa+mt7BFxsFJN8Zk3skZl6cFvIGjnQBPT5C61mqH3iJNqtFZhRX1v/PHsuAP7Exr+LQkfgSker64jNiOQgTrmYH2Une8kuAhjGSYXAKZvsUWf1KUrgqtBG3jQtu9mmmpHLhYOlSBQxKGb4Mh13B9CxSQKSJYtcN76MEf7rLGATXQgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HLjkaBeG+mjsMU2czXKJg87K8NzD1FSGHHDQxy74tjo=; b=WGftVT/uOIoP4686BRcZPaFBkhgH5DhrmNgVsmKfzxDKnovbv/GLEOL8AYtfiMHBqSDH6FaYPp0g2QKdmWFmNTLnVt677Qu2fmCvucqySB/iia18vzHT2fas8lHbMdxUruOR+/XgZtLAZuV76wCyXk27AWwjbaV2flH9+pKWeun1HzEEdhdf3eeVzxHwzMATqJ/NY8jsxnZm4mXasfmgIXyM4+Reuu21HJySEAaDkbt+d5++PVqZhbL+6Cx/CJacG4g8f1UV5MkSfQEABJJq87PZgXgx/jvYQLayVY1zNy3G3UksvKb3QCy4echB0paWcK21SHUW6zrn4NO+z4m6xQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HLjkaBeG+mjsMU2czXKJg87K8NzD1FSGHHDQxy74tjo=; b=jq4xAF370xa6sPstapTScuob6coS0qE/MmGG5fxsQ5vmMRSe+akwHCS37TCRwe7mM2DNh2mE/U7zUtdqcIuO83+NrjOapTq0v7KU8WaY9+rWevcJOsPIDOkj7UnWm/o4ds+2cGruXjLhDlVMpekiD8oa7BV31c/ALnJKOFfmBfc= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB2963.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:157::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Fri, 24 Apr 2020 09:27:59 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2921.030; Fri, 24 Apr 2020 09:27:59 +0000 From: "Brockhaus, Hendrik" To: Mohit Sahni CC: LAMPS WG , "pkix@ietf.org" , "steffen.fries@siemens.com" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AdYaCB2PEbEcCf1RR1Sfxy7I94Cd0wABPc8AAANHXrA= Date: Fri, 24 Apr 2020 09:27:59 +0000 Message-ID: References: In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.174] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 48a668dd-9d12-47bf-b2a1-08d7e831c761 x-ms-traffictypediagnostic: AM0PR10MB2963:|AM0PR10MB2963: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 03838E948C x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(366004)(39860400002)(396003)(346002)(66946007)(107886003)(52536014)(76116006)(66556008)(71200400001)(4326008)(6916009)(478600001)(9686003)(316002)(64756008)(66476007)(66446008)(55016002)(8936002)(8676002)(186003)(81156014)(5660300002)(6506007)(4744005)(33656002)(2906002)(26005)(7696005)(86362001)(55236004)(54906003); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vYCt5NFCO8uy2p7mgex7SGne7f1D1a1rBUmgPmNzZ/44VcScVLWq2unYrQwMHi76ytdBSnncZkmT8ruIvSZJybcN8630cFVZLGOGQpnP50x1MjqspFRowFueyMvdVZWHDiOhgNt4oAUZqvS3bDh1CtptNgpCYYbyDhMTaCpGJefhmcbk6jiuuBPKZ6CFE3jnkZcpY7lpM5J71WQ5X2I+H5dDrwnzkxhMZwERjI1N4oB1zAMJgOCWgc37NPU2p7MDOW7f2KQXMQPr8SsdxpCDzZIVV7Jj7U8KeQHb+w0lrVvPbZoUg806Je7Ph9HGQrgKqHCArUveEei2FA3rjLlHHz1Xpxxt94YycOT9Eq9hv+14Sql5yPUYFBVe3WeaZWijH3I3/GPY/CVSzgewA0hcr3u7fgCXml3surP6L/YSryJ+GB2mheA7wxyJU5eVn2qF x-ms-exchange-antispam-messagedata: zsaL8R1yhcEV4lz0ZGd2pKbfPbjBV8xRjWdCku71OcVRXqPxT4M5Q397owTPLvzG03+eBPbXlhDdMWBgqwMpu0j7X3XA5Nv93TIQep1zrkEFtK91Ch8PDn6BFwzuAglctWREQkODbcdcig8yB4XbKv9zvAbhyXGcvLLHUXasFGLDR5ZL0JZebzf3ghH1IstUOiyDMU70sTvZMGDLfbp3fKKdjLsMv1Yr0eFKNYdCL39ZsIp4n7vZrRpA8NnbDajDGTmZQb7w/Lj0VOTRCtOptjWlk0h5WB+jM24Ce7Zbnqc4SQ1EAnNgJEc++h5z+IZFJK9g/KmK0J2AMI8oAIMqwJ2MFXiZarPPX2vR1xQI/YnWTxnMzLV7A/xzOA1LuA+E5v4MQKbhhaG/pW/wXN19MGUrlmlNj/P4/zPyuDR18B/ef2FermjSUY1H90S5VTsgYg4+Ws37LmAd3uWoqqlJEA2U1sQviscl8fManIwYzBSdkjfsHLaqCh86WNuCHksUd3VG0FePcv6m4CsQwHwKdCfW52zTtZGbnHLYzAVtVy4FFArwpoVpestVajLbWipOZ0uHI27ZZzJJaH+yix4gproenzZs17S2vqTLSELBO0htDEQg2BpkqZbT3yJjm4sg3KI/Hmy3i/TcbXfU/9HHnpfRPvtSH2CJ1nvmu/kGNVplY0UE2R98Rmrztf73aDtp6OaOj1NHRx/2+8ShmrLsMsqqW8cFearSVl0yAm0/C1tCHR//t7w5JOzWWJEo5CLpXrUdQtjtS50D1w/2BaxNz0r6bgyiPcJa2BM6Lhj2AFUiTV5UwFSPE2bPWh81Gr0S Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 48a668dd-9d12-47bf-b2a1-08d7e831c761 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 09:27:59.1205 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 70srs5rYWYhBwQXGasYL50F5D1G0Gpr5ywrf3DsXYLr0Z4O2zTCHsF4C1sr0MTNXVZLL1VngyhkSqUXs4RKN7Ux1+CwRkFrQ1kk95F2/XfU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2963 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 09:28:13 -0000 Vm9uOiBNb2hpdCBTYWhuaSA8bW9oaXQwNmphbkBnbWFpbC5jb20+IA0KR2VzZW5kZXQ6IEZyZWl0 YWcsIDI0LiBBcHJpbCAyMDIwIDA5OjUxDQoNCj4gSGkgSGVuZHJpaw0KPiBJIGFtIG5vdCBhZ2Fp bnN0IG9yIGZvciB1c2luZyB0aGUgc2VxdWVuY2UgYnV0IHNob3VsZG4ndCB0aGlzIGZpZWxkIGJl IGdlbmVyaWMgdG8gc3VwcG9ydMKgRUNEU0EvIERTQSBvciBSU0Ega2V5IGxlbmd0aD/CoA0KDQpU aGUgc2l0dWF0aW9uIGlzIGRpZmZlcmVudCBmb3IgRUNEU0EgYW5kIFJTQS4gRm9yIEVDRFNBIHdl IHVzZSBkaWZmZXJlbnQgT0lEcyBpbiB0aGUgY2VydFRlbXBsYXRlIHRvIHNwZWNpZnkgdGhlIGRp ZmZlcmVudCBjdXJ2ZXMgYW5kIHRoZXJlZm9yZSBhbHNvIGZvciB0aGUgZGlmZmVyZW50IGtleSBs ZW5ndGguIEZvciBSU0EgdGhlcmUgaXMgb25seSBvbmUgT0lEIGF2YWlsYWJsZSBhbmQgdGhpcyBp cyBub3Qgc3BlY2lmeWluZyBhIHNwZWNpZmljIGtleSBsZW5ndGguIFRoZXJlZm9yZSB3ZSB0aGlu ayBpdCBpcyBzdWZmaWNpZW50IHRvIHNlcGFyYXRlbHkgc3BlY2lmeSBvbmx5IHRoZSBrZXkgbGVu Z3RoIGZvciBSU0EuDQoNCi0tIEhlbmRyaWsNCg== From nobody Fri Apr 24 06:57:50 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E33C93A0414; Fri, 24 Apr 2020 06:57:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbSVH--ryeHH; Fri, 24 Apr 2020 06:57:47 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 990CE3A040A; Fri, 24 Apr 2020 06:57:47 -0700 (PDT) Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03ODvXwM017942; Fri, 24 Apr 2020 14:57:47 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=EaTE+imvPhLx3nupTX+4ToUb+AoBwObZcfimsnR1fRo=; b=iVSMKrmuveFrV44KA57mutnbHAwX9Q8ADiaHSh8wWQzZ6r5wDzwKpF+QbelWmBnYTWtS zdJj7RlI93MwtC8jOxZbW9M14EkEU1SUFOrbCqUFxAPbai2l599YJPOXG3mDJV847WKE gqsOVT/jrl/8Kkf47rh2Nsp9UDBOD8aZQTfEVy2mNdAnj6DxOFw1InqRGjDvTcWDiD5N vzUrwG5wxqFzK/ExRKeqKL+1HwRtOmGhtsvts6LlJh2crbjPGNRlmDkDJjpKOoMuWz5J QqEeyYdQd8HNpDNF4tr/UzRbrbI0TjwNeE2tGMjQXoilCARio5QSA367qh+8UZyZ5qux pQ== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 30fskk0xs2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 14:57:47 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 03ODlefm006848; Fri, 24 Apr 2020 09:57:46 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.114]) by prod-mail-ppoint2.akamai.com with ESMTP id 30fvvvffcc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 09:57:45 -0400 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb1.msg.corp.akamai.com (172.27.165.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 08:57:26 -0500 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Fri, 24 Apr 2020 08:57:18 -0500 From: "Salz, Rich" To: "Brockhaus, Hendrik" , LAMPS WG , "pkix@ietf.org" CC: "steffen.fries@siemens.com" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AQHWGkBDEbEcCf1RR1Sfxy7I94Cd0w== Date: Fri, 24 Apr 2020 13:57:17 +0000 Message-ID: <7F3DBC2C-EE50-4E9F-8925-C3E753141CD3@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.36.20041300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.118.45] Content-Type: text/plain; charset="utf-8" Content-ID: <4C2B045B115D2E468A11E6824C120AA7@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_06:2020-04-24, 2020-04-24 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=696 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004240111 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_06:2020-04-24, 2020-04-24 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 bulkscore=0 lowpriorityscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 mlxlogscore=691 adultscore=0 mlxscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004240112 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 13:57:49 -0000 SSBkbyBub3QgbGlrZSBtdWx0aXBsZSBpbnRlZ2Vycy4gIElmIHlvdSB3YW50IGEgcmFuZ2UsIG1h a2UgaXQgdHdvIGludGVnZXJzIHdpdGggc3BlY2lmaWVkIHNlbWFudGljcy4gIE11bHRpcGxlIGlu dGVnZXJzIGNvdWxkIGJlIHRha2VuIGFzIGEgbXVsdGktcHJpbWUgUlNBIGdlbmVyYXRpb24uDQoN Cg0K From nobody Fri Apr 24 07:46:55 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65C53A08C9; Fri, 24 Apr 2020 07:46:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5vq8BddB7Yc; Fri, 24 Apr 2020 07:46:42 -0700 (PDT) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2085.outbound.protection.outlook.com [40.107.22.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89FE23A08B7; Fri, 24 Apr 2020 07:46:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZCnoosgBbw9hDF7ItpE8/1z8MoxW+vHfcYEnGo/ZE/oobeS/kJ+YrE0uPta3kYd6A6Hld185K4V1vJsLhq9OVyQqadaKvOkbCHW6z1ZFD02X3TlYCR0Akk9t6jnU2Z0QRsxduHYgeG4pnYVv754eme+elctn//dWU10WoO1shbRV3Ie2einwJMoWQO0T/oJ38EOnsrbEMnPb/5PvaYVxKo0Dp8ToESfhsvLcJVyn4CRA4XQdLgS67q1G4Gye0DsFzioBunBnX38p+Sf2iYRJ5hDhEN5DJ+EnSMDKzvhCznWFN/kKAQn9XDAMC7afoNkERDOFDKGFJjxmEzifnwja3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yXg4cLgp9nHmjvh3Y/qZq4tMnmYrssGRNmSpgPTQkuk=; b=N7Hn+UVz3SyyrNIMhLVE9KA224DwUYXxmZJx2e9DiUB8iUdyp8+qI+SDKrpzd+3Y67Bf2nNZfc07B7DRuDcX4hnyq5w4JbTiH6lTAl7yFR8YpXCw7rXZI2SJGtTm6hHgWKzCYnwPObMlrfy8CQPD8NYJ83fZOBb2Byiw+++W3X9NUTDnHdUNkrYyoY5kxez3h9sK7kvGrW9DSni+FH0hIOui2IeoIfzv+nbaL6A3KYdx9qRU6LYUYg7PMQQPfflPIkIbwHn1w5to+1fMc3mEmIB1qjJD2QQoI7d4ZqHfjs5XpMHgBZa14E8tHfd/G/I66rWiKaQZ51gd6vmD5I+Y0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yXg4cLgp9nHmjvh3Y/qZq4tMnmYrssGRNmSpgPTQkuk=; b=j1jj8pFCbsCgbMNjB2GogNSpjJ3TPKUEOoofZsO4mTEVqif2Dz58LJdy/uhZC/15AJELgf/oNCQlMJUgFCiUU1Emv35+MWbCbrcbixrYvMODTenPIFivPLZ+VTUyHIBagGwdwB3IS9vEVqxSVIHBvNxsJcl7C2N7drsO2XTZ1Gg= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB2866.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:158::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.27; Fri, 24 Apr 2020 14:46:39 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2921.030; Fri, 24 Apr 2020 14:46:39 +0000 From: "Brockhaus, Hendrik" To: "Salz, Rich" , LAMPS WG , "pkix@ietf.org" CC: "steffen.fries@siemens.com" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AQHWGkBDEbEcCf1RR1Sfxy7I94Cd06iIWV7w Date: Fri, 24 Apr 2020 14:46:39 +0000 Message-ID: References: <7F3DBC2C-EE50-4E9F-8925-C3E753141CD3@akamai.com> In-Reply-To: <7F3DBC2C-EE50-4E9F-8925-C3E753141CD3@akamai.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.174] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 111bb3ee-204a-4aba-8dff-08d7e85e4be9 x-ms-traffictypediagnostic: AM0PR10MB2866:|AM0PR10MB2866: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 03838E948C x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(376002)(346002)(136003)(39860400002)(396003)(55236004)(7696005)(55016002)(52536014)(107886003)(8936002)(5660300002)(9686003)(316002)(478600001)(76116006)(186003)(2906002)(6506007)(81156014)(66446008)(66946007)(64756008)(66476007)(66556008)(71200400001)(86362001)(4326008)(4744005)(26005)(110136005)(33656002)(8676002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vRt7UhnodfYOkW00effVj7aSsgRdpyzvWmdPOnaUTgM7k7czyEu3wQQUFctvf4CdpeTbzOWoM9CACu+NRW6Pr4c+/IKYjO5I+7aMauORv7ilm8RYoCi5I3O1LxRlgx7mUsCVgd6tH/FphHGaKNaRn9qaQkKb1C9zGXDHdC2iK8ntSDHO0i3onIXSGWIM3Olbx9B8ZHE+0Wl0ujNytzu7wXP4jVouhe5b17nEJ1ZyDohKuG9TnoG98xRmxdVMM9w2KosA/o1MMTp3S+qb0+ZOo5guB78d04zCA5a3cMQ5hbD37ykGPiix7i/5r9MT9rwe0otCCfa1ODn4S+jkP02AmK3sr5PdWmQ/cOtHZcOOmpMln80+vqz9eLW3+sQsCuNBk5zUESQl+4WF1m4IArZ7a2U99CSNHBtvtO64L72GB8uLeu7uRjV+8bOjxTJ5YQcz x-ms-exchange-antispam-messagedata: mWf3/z7qPLNaN40QPAgVqlR97c4DOnHtvqGyVt12dk1W+jmz9xAu79gXq9OJbc6/5f/4Ck+9j/VazHkvgPHAbJIJOX1wZPNDUvM5ugqSbYtsPf3Bb0HmLS9vMZYZYXLMyy2TwMWUxT2Ds7rW9+uKyAIdHuBGTstUoIxdra6ykUi8JIofr2F9w0cWUOWjVUz2OkD5jm9cJH8xjr1sHPc2ue0AKComtuGlkAfqUa6ImPadXbRYIkoMDZNxKDT2YMduOejac/AHjZW6btfx++1+MyPNFvkElX3FuLcZedlwBqmbHzPHxOnezC0qhysfMIiPXFWYHNUWfPcGpyj4Knpyd1fORIwGpH2kbl5iMG6Aeh1xLzf+PCN6L02ocml273G7pAeClegQFcnSx2hJ9XQUM8/RPsD3DzbxLnRxmS6F/q7GELu252sTPAQPSbHdalmeSb/8XJGEp+dl8FThs7Q05rmFa2EYLSc5hIz8k8Age/piV/5likhwopvCPEhg07+/+W98PdSl/8cWknGIk4uNNzO0tpORoGD+zOSB8ekVafvf1kdv2GoQx52x55Gu2Dxn9lpX4EdOEmtCrD1OgBriWJjKyFp//GyydknXoTPxNTUNhzyXEv6JiA9vxyxwn6XGLerezdwjMEGbPdc443Ax0TenFGdTb4HLTsDCjih8gjHmILoE6an5DbnheiCgSvq3EmPJd5FZS96xtimBxdD1dMUTkDsjZeMbzbP1LbKSNaHzWU8wxRJeiSJ2WDimqvFiJj7Z/MAB+4x8lVe98CbFhThwm+tWwOfd5RlBBHf0js0WLaT3GGu8zXUBFdONJTuc Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 111bb3ee-204a-4aba-8dff-08d7e85e4be9 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 14:46:39.2712 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: MKcfLzfXFLPKlP7AgiKClp7vvfZJ1DJN6V+EoDybNixIWLaPF0v+ggrnMBU+43bsaO/tOP3+0VQzhrgkDToi7cARw1eZUUieYVOCkj30mVM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2866 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 14:46:46 -0000 PiBWb246IFNhbHosIFJpY2ggPHJzYWx6QGFrYW1haS5jb20+DQo+IEdlc2VuZGV0OiBGcmVpdGFn LCAyNC4gQXByaWwgMjAyMCAxNTo1Nw0KPiANCj4gSSBkbyBub3QgbGlrZSBtdWx0aXBsZSBpbnRl Z2Vycy4gIElmIHlvdSB3YW50IGEgcmFuZ2UsIG1ha2UgaXQgdHdvIGludGVnZXJzIHdpdGgNCj4g c3BlY2lmaWVkIHNlbWFudGljcy4gIE11bHRpcGxlIGludGVnZXJzIGNvdWxkIGJlIHRha2VuIGFz IGEgbXVsdGktcHJpbWUgUlNBDQo+IGdlbmVyYXRpb24uDQo+IA0KDQpBY3R1YWxseSBJIHdvdWxk IGJlIGZpbmUgd2l0aCBhIHNpbmdsZSBpbnRlZ2VyLiANCkRvIHlvdSB2b3RlIGZvciB0d28gaW50 ZWdlcnMgdG8gc3BlY2lmeSBhbiB1cHBlciBhbmQgYSBsb3dlciBib3JkZXI/DQoNCg== From nobody Fri Apr 24 07:48:52 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024CD3A08EE; Fri, 24 Apr 2020 07:48:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5mH79VfchbIX; Fri, 24 Apr 2020 07:48:17 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA5213A08EA; Fri, 24 Apr 2020 07:48:16 -0700 (PDT) Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 03OEhshD023128; Fri, 24 Apr 2020 15:48:16 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=tEYFipIItp7aydp1EArpV95ZtPhViUaPTDoDMGf22UQ=; b=WVJ9afFfm5cKMXbMx46srZCfafWgbVqDXrDuRJ9G6PJyKG2GD8HXr10K1OHpeS5BsckP mWIKFYOszmYi2Tgcxpk59HaCvKWXQw5krwHX/NKQKB+bIig733eJhdF2uWBj+fZyjH7Y 7V2yMwu7puhqRWdQ+vD66Y+4wFKJV3kxjXhzt0UUWpqAZOjwIEAtuF+zf1ghu7+n/cKY gd0fJf7nXdG58GAvTZSd7NocGXh/Jk9Ot3944Z3FtgVG3zxQ+7gXK2hsEDsx57ed2n+M /3Jid9DPAPEWrj7cqJ6u4Riu2mbX43s7G4eMmWZxZ0mObOeU/WwYvDBFLYYLhG893mWG Aw== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 30frtr2x7e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 15:48:16 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 03OElB48009983; Fri, 24 Apr 2020 10:48:14 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.114]) by prod-mail-ppoint1.akamai.com with ESMTP id 30fvvwfsaq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 10:48:14 -0400 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 09:47:46 -0500 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Fri, 24 Apr 2020 09:47:46 -0500 From: "Salz, Rich" To: "Brockhaus, Hendrik" , LAMPS WG , "pkix@ietf.org" CC: "steffen.fries@siemens.com" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AQHWGkBDEbEcCf1RR1Sfxy7I94Cd06iIWV7wgAARpgA= Date: Fri, 24 Apr 2020 14:47:46 +0000 Message-ID: <4D6BDAC7-2866-4DFB-ACAD-7B22B1750745@akamai.com> References: <7F3DBC2C-EE50-4E9F-8925-C3E753141CD3@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.36.20041300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.118.45] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_08:2020-04-24, 2020-04-24 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=830 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004240117 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_07:2020-04-24, 2020-04-24 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 spamscore=0 suspectscore=0 bulkscore=0 adultscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 mlxscore=0 clxscore=1015 mlxlogscore=833 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004240119 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 14:48:21 -0000 PiAgICBBY3R1YWxseSBJIHdvdWxkIGJlIGZpbmUgd2l0aCBhIHNpbmdsZSBpbnRlZ2VyLiANCiAg ICBEbyB5b3Ugdm90ZSBmb3IgdHdvIGludGVnZXJzIHRvIHNwZWNpZnkgYW4gdXBwZXIgYW5kIGEg bG93ZXIgYm9yZGVyPw0KDQpObywgSSBhbSBhbHNvIGZpbmUgd2l0aCBhIHNpbmdsZSBpbnRlZ2Vy LiAgSSB3YXMgc2F5aW5nIHRoYXQgaWYgc29tZSBmb2xrcyByZWFsbHkgd2FudCBhbiBhcnJheSBv ZiBzaXplcywgcGVyaGFwcyBhIHJhbmdlIGlzIGEgZ29vZCBjb21wcm9taXNlLg0KDQoNCg== From nobody Fri Apr 24 16:36:44 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4633A0F59; Fri, 24 Apr 2020 16:36:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.297 X-Spam-Level: X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRwAyWoCyBbk; Fri, 24 Apr 2020 16:36:34 -0700 (PDT) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D7A63A0F58; Fri, 24 Apr 2020 16:36:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1587771394; x=1619307394; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vFOeQKFtCOZXEbzOyBa4QGuVcIV+4RzHRfzfocqxqA8=; b=OELVMEWDDq78/+b8otgij5nq8X9p9ek/QVznPDzmA4d8JPg0Hwho7yIu QwyAwddIdUkHcueWgjTJdyxDDMVu0CroVCkBxDYCs5w4mZ8O+pYNy855A izro5U718sFeIq9eqbHinx5PWckU4BcxHQh8/c44Nui0YWThdy6PM+n/3 JCae8g1sLzm0Q/elGj15kU+fRI+Rr4/ow2/aeXL6qc4B+A2//ME7YmU29 9iyN74mAIooDuBddtfz0JJl5qs4aBPjtjafHPprvpfLCTV2B4LQHdglHs E43n4Hpuj5v3GtQ5q3cHAKOPgEj28bp1pJHM4qN8viM5NaF/RF1o/h7Ms w==; X-IronPort-AV: E=Sophos;i="5.73,313,1583146800"; d="scan'208";a="130259442" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.4 - Outgoing - Outgoing Received: from uxcn13-ogg-c.uoa.auckland.ac.nz ([10.6.2.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 25 Apr 2020 11:36:30 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-c.UoA.auckland.ac.nz (10.6.2.4) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 25 Apr 2020 11:36:29 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::b018:3f76:5ca:c155]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::b018:3f76:5ca:c155%14]) with mapi id 15.00.1497.006; Sat, 25 Apr 2020 11:36:30 +1200 From: Peter Gutmann To: "Brockhaus, Hendrik" , Mohit Sahni CC: LAMPS WG , "pkix@ietf.org" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AQHWGhrHcDpG1E04t0OmjHwDkdStJKiI7ayG Date: Fri, 24 Apr 2020 23:36:30 +0000 Message-ID: <1587771390263.34621@cs.auckland.ac.nz> References: , In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 23:36:36 -0000 I wasn't aware of this work until now, is there any plan to address the lar= ge=0A= number of problems in CMP that make it almost impossible to create two=0A= interoperable CMP implementations purely from the spec? See for example=0A= section 5.2 of:=0A= =0A= https://www.usenix.org/conference/12th-usenix-security-symposium/plug-and-p= lay-pki-pki-your-mother-can-use=0A= =0A= (Given how fundamentally broken CMP is, rather than profiling it a far simp= ler=0A= option than trying to duct-tape it together would be to just redefine it to= =0A= use CMS, which would fix most of the problems in one stroke, but I'm not su= re=0A= if that's an option).=0A= =0A= Peter.=0A= From nobody Fri Apr 24 16:37:37 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180233A0F58 for ; Fri, 24 Apr 2020 16:37:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5YSsVYDQgYNv for ; Fri, 24 Apr 2020 16:37:35 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06FD43A0F49 for ; Fri, 24 Apr 2020 16:37:35 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id E1502F4070B; Fri, 24 Apr 2020 16:37:25 -0700 (PDT) To: housley@vigilsec.com, rdd@cert.org, kaduk@mit.edu, housley@vigilsec.com, tim.hollebeek@digicert.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: beccasanderson25@gmail.com, spasm@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20200424233725.E1502F4070B@rfc-editor.org> Date: Fri, 24 Apr 2020 16:37:25 -0700 (PDT) Archived-At: Subject: [lamps] [Technical Errata Reported] RFC8649 (6129) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 23:37:36 -0000 The following errata report has been submitted for RFC8649, "Hash Of Root Key Certificate Extension". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6129 -------------------------------------- Type: Technical Reported by: Becca Sanderson X Section: RFC2119 Original Text ------------- Corrected Text -------------- Notes ----- Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8649 (draft-ietf-lamps-hash-of-root-key-cert-extn-07) -------------------------------------- Title : Hash Of Root Key Certificate Extension Publication Date : August 2019 Author(s) : R. Housley Category : INFORMATIONAL Source : Limited Additional Mechanisms for PKIX and SMIME Area : Security Stream : IETF Verifying Party : IESG From nobody Fri Apr 24 16:43:22 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 525853A0F83 for ; Fri, 24 Apr 2020 16:43:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9eTZymeb8cTp for ; Fri, 24 Apr 2020 16:43:19 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D96E23A085E for ; Fri, 24 Apr 2020 16:43:18 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 03ONh8fZ007497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 19:43:11 -0400 Date: Fri, 24 Apr 2020 16:43:07 -0700 From: Benjamin Kaduk To: RFC Errata System Cc: housley@vigilsec.com, rdd@cert.org, tim.hollebeek@digicert.com, beccasanderson25@gmail.com, spasm@ietf.org Message-ID: <20200424234307.GA27494@kduck.mit.edu> References: <20200424233725.E1502F4070B@rfc-editor.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200424233725.E1502F4070B@rfc-editor.org> User-Agent: Mutt/1.12.1 (2019-06-15) Archived-At: Subject: Re: [lamps] [Technical Errata Reported] RFC8649 (6129) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 23:43:21 -0000 RFC Editor, please delete this empty report. Thanks, Ben On Fri, Apr 24, 2020 at 04:37:25PM -0700, RFC Errata System wrote: > The following errata report has been submitted for RFC8649, > "Hash Of Root Key Certificate Extension". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6129 > > -------------------------------------- > Type: Technical > Reported by: Becca Sanderson X > > Section: RFC2119 > > Original Text > ------------- > > > Corrected Text > -------------- > > > Notes > ----- > > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8649 (draft-ietf-lamps-hash-of-root-key-cert-extn-07) > -------------------------------------- > Title : Hash Of Root Key Certificate Extension > Publication Date : August 2019 > Author(s) : R. Housley > Category : INFORMATIONAL > Source : Limited Additional Mechanisms for PKIX and SMIME > Area : Security > Stream : IETF > Verifying Party : IESG From nobody Sat Apr 25 19:55:13 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 360473A0933 for ; Sat, 25 Apr 2020 19:55:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.888 X-Spam-Level: X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ug2nC4qzb9Kp for ; Sat, 25 Apr 2020 19:55:09 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75E733A0931 for ; Sat, 25 Apr 2020 19:55:09 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id EE8653897D; Sat, 25 Apr 2020 22:53:16 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 48CAB9F7; Sat, 25 Apr 2020 22:55:07 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 02:55:12 -0000 --=-=-= Content-Type: text/plain Russ Housley wrote: > I reviewed the document and it is basically ready, modulo a few minor > things: Thank you. I've fixed all the things you suggested, and I also got rid of some text that reflected a need to make an upward compatible system. This included fixing up the Abstract. > 8) Section 5.1: Since there is only one ATTRIBUTE in the document, why > not reduce the complexity by: > OLD: > AttrSet ATTRIBUTE ::= { AttributesDefinedInRFC7030, ... } > NEW: > AttrSet ATTRIBUTE ::= { aa-asymmDecryptKeyID, ... } > Note: If you accept this change, it needs to be made in the ASN.1 > module too. I'm not certain that I got this right. Here is just that diff: https://github.com/mcr/ietf-lamps-rfc7030est-clarifications/commit/25fb70760e3755d06f73adba991ef1b8d791ca88 I'm looking back in the archives to make sure that I found all the reviews, and then I'll post the -03. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6k+AsACgkQgItw+93Q 3WW3Qgf8DUnGRWqcb4qu28F2DVp+ygrN+gdX9rroUjguSX6TzRXlNWNg235QLtOi iyniOoomX/dQnrXpfZsHdpGIhQWHWXSy1vs2unJvg5FfW2neSWjSBInPVQCJ+aMv F9KsCwWOsHEYALym9t9BNa2tMCD2C0OPMftEstw4cwXRk55UiES6oG6SIRYAyIk5 f6GDPqoLRTTaaAtydJiUyKkI/i3lEQBZiMvFNSGzYRVey3E3PK2GSv7zdt82bsbZ 82hN7Y15iGfjS4X0bXWtRYOhWPJ9/XFWDT1UxzZZ0AxVizVuP9t8QwYw3ERi2OKn qrmfbqzONww75nX7F3WgTt+wlgqG6A== =PkGG -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Apr 25 20:14:42 2020 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A329D3A080E; Sat, 25 Apr 2020 20:13:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.127.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <158787083347.7062.11345037432875449028@ietfa.amsl.com> Date: Sat, 25 Apr 2020 20:13:53 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-03.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 03:13:56 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Clarification of Enrollment over Secure Transport (EST): transfer encodings and ASN.1 Authors : Michael Richardson Thomas Werner Wei Pan Filename : draft-ietf-lamps-rfc7030est-clarify-03.txt Pages : 12 Date : 2020-04-25 Abstract: This document updates RFC7030: Enrollment over Secure Transport (EST) to resolve some errata that was reported, and which has proven to cause interoperability issues when RFC7030 was extended. This document deprecates the specification of "Content-Transfer- Encoding" headers for EST endpoints. This document fixes some syntactical errors in ASN.1 that was presented. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-rfc7030est-clarify-03 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc7030est-clarify-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-rfc7030est-clarify-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Apr 26 11:04:36 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53DD73A0CBB for ; Sun, 26 Apr 2020 11:04:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sotHyheLhHAt for ; Sun, 26 Apr 2020 11:04:33 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D08B3A0CBA for ; Sun, 26 Apr 2020 11:04:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1C2BD300B50 for ; Sun, 26 Apr 2020 14:04:30 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 12RyVjzx4pjN for ; Sun, 26 Apr 2020 14:04:27 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 3E046300A11 for ; Sun, 26 Apr 2020 14:04:27 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Sun, 26 Apr 2020 14:04:26 -0400 References: <158787083347.7062.11345037432875449028@ietfa.amsl.com> To: LAMPS WG In-Reply-To: <158787083347.7062.11345037432875449028@ietfa.amsl.com> Message-Id: <8C0DDCB9-73D2-4333-9DCE-4FA8B1B7B379@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-03.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 18:04:34 -0000 Thanks for posting the update. Would all of the people that posted WG = Last Call comment please see if the comments are resolved. Please tell = the list one way or the other. Russ > On Apr 25, 2020, at 11:13 PM, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the Limited Additional Mechanisms for = PKIX and SMIME WG of the IETF. >=20 > Title : Clarification of Enrollment over Secure = Transport (EST): transfer encodings and ASN.1 > Authors : Michael Richardson > Thomas Werner > Wei Pan > Filename : draft-ietf-lamps-rfc7030est-clarify-03.txt > Pages : 12 > Date : 2020-04-25 >=20 > Abstract: > This document updates RFC7030: Enrollment over Secure Transport = (EST) > to resolve some errata that was reported, and which has proven to > cause interoperability issues when RFC7030 was extended. >=20 > This document deprecates the specification of "Content-Transfer- > Encoding" headers for EST endpoints. This document fixes some > syntactical errors in ASN.1 that was presented. From nobody Sun Apr 26 11:21:55 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACEC73A0D2A for ; Sun, 26 Apr 2020 11:21:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmSw9kIs72Tp for ; Sun, 26 Apr 2020 11:21:51 -0700 (PDT) Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52D893A0D29 for ; Sun, 26 Apr 2020 11:21:51 -0700 (PDT) Received: by mail-io1-xd30.google.com with SMTP id z2so16400048iol.11 for ; Sun, 26 Apr 2020 11:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bz+fXtZ4KJlijyd2gBWN4szBiwOYDtGL4BZJdC1etEo=; b=eM++fOrUy9nMWSZbUILJJMtJBW84DLT69l0z3Gu2W+8mEbeqhel7Cbl6omxWV6SjDI eDc2SEP5IxBpWVgcMeKoc3KXzVcR5ZTmibUpq8FmwG9ecWQoLWXeJgWRlg9h1e0ZdKNO woL3/QPUQnw+o2hCcbIj5SaTO6VTDYgDYFd5CDPEWCQ5QA0bVsX/Gr/kUxeJSq+uJ6/H v9rzNrGrt8XgrUnSh2tMwmH8PqLKakvN3XRJv05EF6iDlXBiU6/VzBn0uwE+aA+qHQPm D3UIDfSH68DV9/BZwm/1i9gbVt7e1sSdF721Jvk1n12VpckKlSmyvRN95J8IBhOHnfA8 FG/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bz+fXtZ4KJlijyd2gBWN4szBiwOYDtGL4BZJdC1etEo=; b=dMdz4EAfmx5bw2Qqi9sVtk4hJjH7WiB/0xls/Z3vcOU2K4mBHSS4VKYK7YmI+Accuh It7OAcHei/rbC6o/HETbHDdkyx8UA7JUNpS0TamuC+JOShupSfv8epA790Eh42HuAzup fzC3KITdFqjTnQclBuVyr1mvqTvBC3gs/tC/v8EO3j0dY+1YiCLRgXTIs/YGg5PDIfK5 dnmL2ShkJq1qfWbBB28iiP9ZW3D2FxcDOUugaQLcsNVjH59Mhy7c8qmijEm7hNHmykqs 49fb++yNHjjg621MVP4QWBRZwyL4ScqgVKJA+gEPHOu1ow7M30rDQ8bNO/3J0sU4n8l6 ujLw== X-Gm-Message-State: AGi0Puau9Xtb3brGfAbHEKVzv7fsgMQYCSIFU/Q58JzeD8MdeXT4jeDP fCU8BCeXEIuY6gblhqnO7aFx4KMGlFstJtVkheN7WikQ X-Google-Smtp-Source: APiQypK9Fc1hotql4Zfi94lEgL0/TZbVaT8PcoArngT8Igy2G7K0zNw73bVV6j/PzxVEB3/6lbfl8Gm4LmnVjjEsiuA= X-Received: by 2002:a05:6638:103c:: with SMTP id n28mr16535934jan.114.1587925308787; Sun, 26 Apr 2020 11:21:48 -0700 (PDT) MIME-Version: 1.0 References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> In-Reply-To: <158769057341.17424.4045332841555957570@ietfa.amsl.com> From: Mohit Sahni Date: Sun, 26 Apr 2020 11:21:37 -0700 Message-ID: To: LAMPS WG Cc: Russ Housley Content-Type: multipart/alternative; boundary="000000000000f5d1e805a435ab96" Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 18:21:54 -0000 --000000000000f5d1e805a435ab96 Content-Type: text/plain; charset="UTF-8" Hi All This is the WG adopted version of draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, document name, version, fixed some grammatical errors and added my work address. This is a short document that has been modified as per the valuable comments provided to me by the WG members. I am requesting a working group last call on this document if there is no objection. Thanks Mohit On Thu, Apr 23, 2020 at 6:10 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Limited Additional Mechanisms for PKIX > and SMIME WG of the IETF. > > Title : OCSP Nonce Extension > Author : Mohit Sahni > Filename : draft-ietf-lamps-ocsp-nonce-00.txt > Pages : 6 > Date : 2020-04-23 > > Abstract: > This document specifies the updated format of the Nonce extension in > Online Certificate Status Protocol (OCSP) request and response > messages. OCSP is used to check the status of a certificate and the > Nonce extension is used in the OCSP request and response messages to > avoid replay attacks. This document updates the RFC 6960 > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-lamps-ocsp-nonce-00 > https://datatracker.ietf.org/doc/html/draft-ietf-lamps-ocsp-nonce-00 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --000000000000f5d1e805a435ab96 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi All
This is the WG adopted version of=C2=A0draft-ms= ahni-lamps-ocsp-nonce-03.txt. I have changed the date, document name, versi= on, fixed some grammatical=C2=A0errors and added my work address. This is a= short=C2=A0document=C2=A0that has been modified as per the valuable commen= ts provided to me by the WG members. I am requesting a working group last c= all on this document if there is no objection.=C2=A0

Thanks
Mohit=C2=A0

<= div dir=3D"ltr" class=3D"gmail_attr">On Thu, Apr 23, 2020 at 6:10 PM <internet-drafts@ietf.org> = wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= OCSP Nonce Extension
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Mohi= t Sahni
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-lamps-ocsp-nonce-00.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 6
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-04-23

Abstract:
=C2=A0 =C2=A0This document specifies the updated format of the Nonce extens= ion in
=C2=A0 =C2=A0Online Certificate Status Protocol (OCSP) request and response=
=C2=A0 =C2=A0messages.=C2=A0 OCSP is used to check the status of a certific= ate and the
=C2=A0 =C2=A0Nonce extension is used in the OCSP request and response messa= ges to
=C2=A0 =C2=A0avoid replay attacks.=C2=A0 This document updates the RFC 6960=


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-= ietf-lamps-ocsp-nonce/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-la= mps-ocsp-nonce-00
https://datatracker.ietf.org/doc= /html/draft-ietf-lamps-ocsp-nonce-00


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--000000000000f5d1e805a435ab96-- From nobody Sun Apr 26 12:13:14 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FEC83A0E9E for ; Sun, 26 Apr 2020 12:13:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uy5G3pjgA-ss for ; Sun, 26 Apr 2020 12:13:10 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7794C3A0E93 for ; Sun, 26 Apr 2020 12:13:10 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 0E6F9300B56 for ; Sun, 26 Apr 2020 15:13:08 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id BpUn-IMwWIQ8 for ; Sun, 26 Apr 2020 15:13:06 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 912F3300A11; Sun, 26 Apr 2020 15:13:06 -0400 (EDT) From: Russ Housley Message-Id: <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_D4A6C2C8-007C-4EAC-98B9-2D02EDD3EE30" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Sun, 26 Apr 2020 15:13:07 -0400 In-Reply-To: Cc: LAMPS WG To: Mohit Sahni References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 19:13:12 -0000 --Apple-Mail=_D4A6C2C8-007C-4EAC-98B9-2D02EDD3EE30 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Mohit: It does not appear that you addressed my comment about the ASN.1 in = Section 2.1. Please resolve all of the known comments before we start = WG Last Call. Russ > On Apr 26, 2020, at 2:21 PM, Mohit Sahni wrote: >=20 > Hi All > This is the WG adopted version of = draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, document = name, version, fixed some grammatical errors and added my work address. = This is a short document that has been modified as per the valuable = comments provided to me by the WG members. I am requesting a working = group last call on this document if there is no objection.=20 >=20 > Thanks > Mohit=20 >=20 > On Thu, Apr 23, 2020 at 6:10 PM > wrote: >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the Limited Additional Mechanisms for = PKIX and SMIME WG of the IETF. >=20 > Title : OCSP Nonce Extension > Author : Mohit Sahni > Filename : draft-ietf-lamps-ocsp-nonce-00.txt > Pages : 6 > Date : 2020-04-23 >=20 > Abstract: > This document specifies the updated format of the Nonce extension = in > Online Certificate Status Protocol (OCSP) request and response > messages. OCSP is used to check the status of a certificate and = the > Nonce extension is used in the OCSP request and response messages = to > avoid replay attacks. This document updates the RFC 6960 >=20 --Apple-Mail=_D4A6C2C8-007C-4EAC-98B9-2D02EDD3EE30 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Mohit:

It = does not appear that you addressed my comment about the ASN.1 in Section = 2.1.  Please resolve all of the known comments before we start WG = Last Call.

Russ


On Apr 26, 2020, at 2:21 PM, Mohit Sahni <mohit06jan@gmail.com> wrote:

Hi All
This is the WG adopted version = of draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, = document name, version, fixed some grammatical errors and added my = work address. This is a short document that has been modified = as per the valuable comments provided to me by the WG members. I am = requesting a working group last call on this document if there is no = objection. 

Thanks
Mohit 

On Thu, Apr 23, 2020 at 6:10 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts = directories.
This draft is a work item of the Limited Additional Mechanisms for PKIX = and SMIME WG of the IETF.

        Title          =  : OCSP Nonce Extension
        Author          : = Mohit Sahni
        Filename        : = draft-ietf-lamps-ocsp-nonce-00.txt
        Pages          =  : 6
        Date          =   : 2020-04-23

Abstract:
   This document specifies the updated format of the Nonce = extension in
   Online Certificate Status Protocol (OCSP) request and = response
   messages.  OCSP is used to check the status of a = certificate and the
   Nonce extension is used in the OCSP request and response = messages to
   avoid replay attacks.  This document updates the RFC = 6960


= --Apple-Mail=_D4A6C2C8-007C-4EAC-98B9-2D02EDD3EE30-- From nobody Sun Apr 26 13:52:03 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96D4B3A11C0 for ; Sun, 26 Apr 2020 13:52:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0qiIcHYoQy4R for ; Sun, 26 Apr 2020 13:52:00 -0700 (PDT) Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC3FB3A11C3 for ; Sun, 26 Apr 2020 13:51:59 -0700 (PDT) Received: by mail-il1-x136.google.com with SMTP id i16so14815568ils.12 for ; Sun, 26 Apr 2020 13:51:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nxewElckQiUfwPnVl4pgPlUI/Hh4xE1lexTqd1EA9b4=; b=jhWNtHOPD/29FEkMx/j0vc1s5EUKJiz1CWLBloI/8z7mhrroaOC7zRweUiWcwM2g8i WMUxG6yLMAaOeAOXrpeTseLMWputEzjmamfiDQUayn4kRRLqNfDT+isPzvP9DHfCv93u OAmpqM+BNjDNYqnp1mEMlKxRwxWceB7YhBaDthHTLFUmSRZeky57RPnQDAY92A5t0RZd fRkrVizdVDSSr+/h98sHgoSm8q4kRv0JjQ7phzXOdLXbmZLB6GWk2da59kT47CfSUsrj /iv9UTuSwYAXxhNyUv20Di3QrBDLMDAiFHhXKeDwNbhJrEBG3sImDXbApQ525DsHK9L9 8woA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nxewElckQiUfwPnVl4pgPlUI/Hh4xE1lexTqd1EA9b4=; b=PH4Jun60h5ajbke2VB68v0UNyToW3mNkrzNkfZj2vFcwSvAyhDCeESmHyg5KyKIRak ic7jXTS9ohqqwYg8tRNIQQRQZcXZlsriQMRzufEPIcym1DP1wGkJR1ckETfrt+YxF+Wd QRr/yi785LNxEMarS7vYACrq6JBZ6udcBejN0OcOK/0mQMN7YPNUB893xuwdTIgLyDHY /vSXJ+XZUxMjGPEXribgJTk5JaOzYV3jlH0/pmVw+kBriTilA/EIxGYAbiItpiHKNPQu b/cuTnjei4fPoAUtISKOzFVsRiWwHDcwnQxs34NI3uhZ4UBcWZ3N7ygLgJMrRK6AvG5Z tjKg== X-Gm-Message-State: AGi0PuYTbYAZ1uGK07piRdn31YNJF2dRGkMlTULTCMifBS+Rdw/L1jJv 724GzoJUiPHD3kQKmp44azFQXYtMU33tuqo7jDJUjD41 X-Google-Smtp-Source: APiQypIG1hiGVkYH539xOzlf8zjtCUdiI5rRFhY7/2OMThSjp7kwhangQ2eurTOPk6kr/wgq/g8yUJ6uNYW+3povvYU= X-Received: by 2002:a92:d151:: with SMTP id t17mr10557892ilg.35.1587934318905; Sun, 26 Apr 2020 13:51:58 -0700 (PDT) MIME-Version: 1.0 References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> In-Reply-To: <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> From: Mohit Sahni Date: Sun, 26 Apr 2020 13:51:48 -0700 Message-ID: To: Russ Housley Cc: LAMPS WG Content-Type: multipart/alternative; boundary="000000000000014e4505a437c57b" Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 20:52:02 -0000 --000000000000014e4505a437c57b Content-Type: text/plain; charset="UTF-8" Hi Russ Your comment was regarding ASN.1 in section 5.1 which I fixed in draft-03. Mohit: > > Section 5.1 does not look correct to me. The OIDs are at the bottom of > the ASN.1 module. Only Nonce is not defined. > > I would like to hear what other people think about adopting this > document. If we are going to adopt it, then this small thing can be fixed > in the first WG version. > > Russ > Thanks Mohit On Sun, Apr 26, 2020 at 12:13 PM Russ Housley wrote: > Mohit: > > It does not appear that you addressed my comment about the ASN.1 in > Section 2.1. Please resolve all of the known comments before we start WG > Last Call. > > Russ > > > On Apr 26, 2020, at 2:21 PM, Mohit Sahni wrote: > > Hi All > This is the WG adopted version of draft-msahni-lamps-ocsp-nonce-03.txt. I > have changed the date, document name, version, fixed some > grammatical errors and added my work address. This is a short document that > has been modified as per the valuable comments provided to me by the WG > members. I am requesting a working group last call on this document if > there is no objection. > > Thanks > Mohit > > On Thu, Apr 23, 2020 at 6:10 PM wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Limited Additional Mechanisms for PKIX >> and SMIME WG of the IETF. >> >> Title : OCSP Nonce Extension >> Author : Mohit Sahni >> Filename : draft-ietf-lamps-ocsp-nonce-00.txt >> Pages : 6 >> Date : 2020-04-23 >> >> Abstract: >> This document specifies the updated format of the Nonce extension in >> Online Certificate Status Protocol (OCSP) request and response >> messages. OCSP is used to check the status of a certificate and the >> Nonce extension is used in the OCSP request and response messages to >> avoid replay attacks. This document updates the RFC 6960 >> >> > --000000000000014e4505a437c57b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi=C2=A0Russ
Your comment was regarding ASN.1 in secti= on 5.1 which I fixed in draft-03.=C2=A0

Mohit:

Section 5.1 do= es not look correct to me.=C2=A0 The OIDs are at the bottom of the ASN.1 mo= dule.=C2=A0 Only Nonce is not defined.

I would lik= e to hear what other people think about adopting this document.=C2=A0 If we= are going to adopt it, then this small thing can be fixed in the first WG = version.

Russ

Thanks
Mohit

On Sun, Apr 26, 2020 at 12:13 PM Russ Hou= sley <housley@vigilsec.com&g= t; wrote:
Mohit:

It does not a= ppear that you addressed my comment about the ASN.1 in Section 2.1.=C2=A0 P= lease resolve all of the known comments before we start WG Last Call.
=

Russ


On Apr 26, 2020, at 2:21 PM, Mohit Sahni <mohit06jan@gmail.com> wro= te:

Hi All
This is the WG adopted versio= n of=C2=A0draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, do= cument name, version, fixed some grammatical=C2=A0errors and added my work = address. This is a short=C2=A0document=C2=A0that has been modified as per t= he valuable comments provided to me by the WG members. I am requesting a wo= rking group last call on this document if there is no objection.=C2=A0

Thanks
Mohit=C2=A0

On Thu, Apr 23, 2020= at 6:10 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= OCSP Nonce Extension
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Mohi= t Sahni
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-lamps-ocsp-nonce-00.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 6
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-04-23

Abstract:
=C2=A0 =C2=A0This document specifies the updated format of the Nonce extens= ion in
=C2=A0 =C2=A0Online Certificate Status Protocol (OCSP) request and response=
=C2=A0 =C2=A0messages.=C2=A0 OCSP is used to check the status of a certific= ate and the
=C2=A0 =C2=A0Nonce extension is used in the OCSP request and response messa= ges to
=C2=A0 =C2=A0avoid replay attacks.=C2=A0 This document updates the RFC 6960=


--000000000000014e4505a437c57b-- From nobody Sun Apr 26 14:13:35 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33BF23A1280 for ; Sun, 26 Apr 2020 14:13:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBnELHa4H0wP for ; Sun, 26 Apr 2020 14:13:22 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D2D03A1277 for ; Sun, 26 Apr 2020 14:13:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id DDC1B300B59 for ; Sun, 26 Apr 2020 17:13:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id cVImXYe-ylOY for ; Sun, 26 Apr 2020 17:13:17 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id BFF4E300A11; Sun, 26 Apr 2020 17:13:17 -0400 (EDT) From: Russ Housley Message-Id: <3F195167-A122-4AED-9DE8-FB9F1F7794E5@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_A8F03F3D-6A87-4A7C-AE08-D669727533E2" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Sun, 26 Apr 2020 17:13:19 -0400 In-Reply-To: Cc: LAMPS WG To: Mohit Sahni References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 21:13:33 -0000 --Apple-Mail=_A8F03F3D-6A87-4A7C-AE08-D669727533E2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Mohit: I see that I should have made the comment about both Section 2.1 and = Section 5.1. The object identifiers are already defined in the existing = document. Russ > On Apr 26, 2020, at 4:51 PM, Mohit Sahni wrote: >=20 > Hi Russ > Your comment was regarding ASN.1 in section 5.1 which I fixed in = draft-03.=20 >=20 > Mohit: >=20 > Section 5.1 does not look correct to me. The OIDs are at the bottom = of the ASN.1 module. Only Nonce is not defined. >=20 > I would like to hear what other people think about adopting this = document. If we are going to adopt it, then this small thing can be = fixed in the first WG version. >=20 > Russ >=20 > Thanks > Mohit >=20 > On Sun, Apr 26, 2020 at 12:13 PM Russ Housley > wrote: > Mohit: >=20 > It does not appear that you addressed my comment about the ASN.1 in = Section 2.1. Please resolve all of the known comments before we start = WG Last Call. >=20 > Russ >=20 >=20 >> On Apr 26, 2020, at 2:21 PM, Mohit Sahni > wrote: >>=20 >> Hi All >> This is the WG adopted version of = draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, document = name, version, fixed some grammatical errors and added my work address. = This is a short document that has been modified as per the valuable = comments provided to me by the WG members. I am requesting a working = group last call on this document if there is no objection.=20 >>=20 >> Thanks >> Mohit=20 >>=20 >> On Thu, Apr 23, 2020 at 6:10 PM > wrote: >>=20 >> A New Internet-Draft is available from the on-line Internet-Drafts = directories. >> This draft is a work item of the Limited Additional Mechanisms for = PKIX and SMIME WG of the IETF. >>=20 >> Title : OCSP Nonce Extension >> Author : Mohit Sahni >> Filename : draft-ietf-lamps-ocsp-nonce-00.txt >> Pages : 6 >> Date : 2020-04-23 >>=20 >> Abstract: >> This document specifies the updated format of the Nonce extension = in >> Online Certificate Status Protocol (OCSP) request and response >> messages. OCSP is used to check the status of a certificate and = the >> Nonce extension is used in the OCSP request and response messages = to >> avoid replay attacks. This document updates the RFC 6960 >>=20 >=20 --Apple-Mail=_A8F03F3D-6A87-4A7C-AE08-D669727533E2 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Mohit:

I = see that I should have made the comment about both Section 2.1 and = Section 5.1.  The object identifiers are already defined in the = existing document.

Russ


On Apr 26, 2020, at 4:51 PM, Mohit Sahni <mohit06jan@gmail.com> wrote:

Hi Russ
Your comment was regarding ASN.1 = in section 5.1 which I fixed in draft-03. 

Mohit:

Section 5.1 does not look correct to = me.  The OIDs are at the bottom of the ASN.1 module.  Only = Nonce is not defined.

I would like to hear what other people think about adopting = this document.  If we are going to adopt it, then this small thing = can be fixed in the first WG version.

Russ

Thanks
Mohit

On Sun, Apr 26, 2020 at 12:13 PM Russ Housley = <housley@vigilsec.com> wrote:
Mohit:

It does not appear that you addressed my comment about the = ASN.1 in Section 2.1.  Please resolve all of the known comments = before we start WG Last Call.

Russ


On Apr = 26, 2020, at 2:21 PM, Mohit Sahni <mohit06jan@gmail.com> wrote:

Hi All
This is the = WG adopted version of draft-msahni-lamps-ocsp-nonce-03.txt. I have = changed the date, document name, version, fixed some = grammatical errors and added my work address. This is a = short document that has been modified as per the valuable = comments provided to me by the WG members. I am requesting a working = group last call on this document if there is no = objection. 

Thanks
Mohit 

On Thu, Apr 23, 2020 at 6:10 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts = directories.
This draft is a work item of the Limited Additional Mechanisms for PKIX = and SMIME WG of the IETF.

        Title          =  : OCSP Nonce Extension
        Author          : = Mohit Sahni
        Filename        : = draft-ietf-lamps-ocsp-nonce-00.txt
        Pages          =  : 6
        Date          =   : 2020-04-23

Abstract:
   This document specifies the updated format of the Nonce = extension in
   Online Certificate Status Protocol (OCSP) request and = response
   messages.  OCSP is used to check the status of a = certificate and the
   Nonce extension is used in the OCSP request and response = messages to
   avoid replay attacks.  This document updates the RFC = 6960



= --Apple-Mail=_A8F03F3D-6A87-4A7C-AE08-D669727533E2-- From nobody Sun Apr 26 14:15:04 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 532D23A125B for ; Sun, 26 Apr 2020 14:15:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZJyAtJ6-f1V for ; Sun, 26 Apr 2020 14:14:59 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6572A3A1265 for ; Sun, 26 Apr 2020 14:14:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id DED72300B50 for ; Sun, 26 Apr 2020 17:14:56 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id sE_J1swWoeTp for ; Sun, 26 Apr 2020 17:14:55 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id E2E3D300A11; Sun, 26 Apr 2020 17:14:55 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: <15391.1587869707@localhost> Date: Sun, 26 Apr 2020 17:14:57 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <780D7492-7D28-4401-9F2E-B51BD8D0C575@vigilsec.com> References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> <15391.1587869707@localhost> To: Michael Richardson X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 21:15:01 -0000 Michael: >> 8) Section 5.1: Since there is only one ATTRIBUTE in the document, = why >> not reduce the complexity by: >=20 >> OLD: >=20 >> AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } >=20 >> NEW: >=20 >> AttrSet ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, ... } >=20 >> Note: If you accept this change, it needs to be made in the ASN.1 >> module too. >=20 > I'm not certain that I got this right. Here is just that diff: >=20 > = https://github.com/mcr/ietf-lamps-rfc7030est-clarifications/commit/25fb707= 60e3755d06f73adba991ef1b8d791ca88 Yes, that looks fine to me. Russ From nobody Sun Apr 26 14:17:54 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 220613A125F for ; Sun, 26 Apr 2020 14:17:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrwRc6pSdZ3X for ; Sun, 26 Apr 2020 14:17:48 -0700 (PDT) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B37303A123C for ; Sun, 26 Apr 2020 14:17:48 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id i19so16734310ioh.12 for ; Sun, 26 Apr 2020 14:17:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qIxpZz7esRJm3Gf4jaMTfqT3HpxFu22aKU4G1SzygX4=; b=vG3LfZCSbjDTlcLCzlDn/qXGmm3fzd1HFy5PxWf69NyZSAeV7TaedNBM6JIcAkYNe5 hgIWUH4TTRjNShi8UPF5+BnAhRRQmpq+QC7ZaIYLTx/Vme/EJZoiefiSsAqRL/lUBQb8 Wks9J4auLP4skNBWRawsLllcbHTKLBhNrhV4y7wz9UxljJN1BNI7GXtQCdzgasO/Hj8a m2GmWEmWGV0mTC4HnBMDJi69tA2huHiMeDn8ZiTn9TjPoMNVUjKUCAd+MMCIpIljvIVN nNYthXSHVzxi1wfDT+7+I4wdeGtQXFhqcFExoz4RP7ZL9BA87oGxLJWPy++mCKt1Dh+u BSCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qIxpZz7esRJm3Gf4jaMTfqT3HpxFu22aKU4G1SzygX4=; b=YuTPPfPyOIVaXPzIX4KuYYCbpeUR5CDi4JZY/+CfOjBIsZcxyKg/12H7FuGk7Hnqg+ MQSJX+ObAwVFLHV3aYHISsb16SHweMUZPrTt82UuWvBaFOdU9P3A5e+KBHL6mOf5PE4N 4X561VWIZ+s12LY8lrbtW59Avmgi8f0ZhXl0yaP7R0VgAF9unhjkPPAYySK81/sIW/np wdTckmYp3X30xRy2jWYtbpQpb77FjamkJ5E21WMrQpCo2Y3bSjW9QMt2xAyPdWN2WcM1 yIIQFN/EPZNxIkT8L2lbF5uLvJqlBsGGO8ZEUftMiriBakhMh+EHd9IchuBfrg+8A8kS H/7A== X-Gm-Message-State: AGi0PuaWLavtZtX9Y0L5BLuiDChYp4o2fDXM73Hx/Z2xSiZhYQa4PfWo j26j8/PFgEfI20qG4wDdsYIuzLPiMtzYlrTD8qbPLQ== X-Google-Smtp-Source: APiQypIYLX+2XNaisCFJfqZwEmvwSYzffH6fpBe7W7QrDXJAnr0GGGT9yOhDIa9S3UVWW24EslUIyBjoa5Azhad3uw8= X-Received: by 2002:a02:710c:: with SMTP id n12mr18200279jac.85.1587935867977; Sun, 26 Apr 2020 14:17:47 -0700 (PDT) MIME-Version: 1.0 References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> <3F195167-A122-4AED-9DE8-FB9F1F7794E5@vigilsec.com> In-Reply-To: <3F195167-A122-4AED-9DE8-FB9F1F7794E5@vigilsec.com> From: Mohit Sahni Date: Sun, 26 Apr 2020 14:17:37 -0700 Message-ID: To: Russ Housley Cc: LAMPS WG Content-Type: multipart/alternative; boundary="0000000000005644ed05a43821b7" Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 21:17:53 -0000 --0000000000005644ed05a43821b7 Content-Type: text/plain; charset="UTF-8" Sorry my bad. I will change it and upload new draft. On Sun, Apr 26, 2020 at 2:13 PM Russ Housley wrote: > Mohit: > > I see that I should have made the comment about both Section 2.1 and > Section 5.1. The object identifiers are already defined in the existing > document. > > Russ > > > On Apr 26, 2020, at 4:51 PM, Mohit Sahni wrote: > > Hi Russ > Your comment was regarding ASN.1 in section 5.1 which I fixed in draft-03. > > Mohit: >> >> Section 5.1 does not look correct to me. The OIDs are at the bottom of >> the ASN.1 module. Only Nonce is not defined. >> >> I would like to hear what other people think about adopting this >> document. If we are going to adopt it, then this small thing can be fixed >> in the first WG version. >> >> Russ >> > > Thanks > Mohit > > On Sun, Apr 26, 2020 at 12:13 PM Russ Housley > wrote: > >> Mohit: >> >> It does not appear that you addressed my comment about the ASN.1 in >> Section 2.1. Please resolve all of the known comments before we start WG >> Last Call. >> >> Russ >> >> >> On Apr 26, 2020, at 2:21 PM, Mohit Sahni wrote: >> >> Hi All >> This is the WG adopted version of draft-msahni-lamps-ocsp-nonce-03.txt. I >> have changed the date, document name, version, fixed some >> grammatical errors and added my work address. This is a short document that >> has been modified as per the valuable comments provided to me by the WG >> members. I am requesting a working group last call on this document if >> there is no objection. >> >> Thanks >> Mohit >> >> On Thu, Apr 23, 2020 at 6:10 PM wrote: >> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. >>> This draft is a work item of the Limited Additional Mechanisms for PKIX >>> and SMIME WG of the IETF. >>> >>> Title : OCSP Nonce Extension >>> Author : Mohit Sahni >>> Filename : draft-ietf-lamps-ocsp-nonce-00.txt >>> Pages : 6 >>> Date : 2020-04-23 >>> >>> Abstract: >>> This document specifies the updated format of the Nonce extension in >>> Online Certificate Status Protocol (OCSP) request and response >>> messages. OCSP is used to check the status of a certificate and the >>> Nonce extension is used in the OCSP request and response messages to >>> avoid replay attacks. This document updates the RFC 6960 >>> >>> >> > --0000000000005644ed05a43821b7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorry my bad. I will change it and upload new draft.= =C2=A0


On Sun, Apr 26, 2020 at 2:13 P= M Russ Housley <housley@vigilsec= .com> wrote:
Mohit:

I see that I should have made the comment about both Section 2.1 and Secti= on 5.1.=C2=A0 The object identifiers are already defined in the existing do= cument.

Russ



On Sun, Apr 26= , 2020 at 12:13 PM Russ Housley <housley@vigilsec.com> wrote:
Mohit:

It do= es not appear that you addressed my comment about the ASN.1 in Section 2.1.= =C2=A0 Please resolve all of the known comments before we start WG Last Cal= l.

Russ


On Apr 26, 2020, at 2:21 PM, Mohit Sahni <mohit06jan@gmail.com= > wrote:

Hi All
This is the WG adopte= d version of=C2=A0draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the = date, document name, version, fixed some grammatical=C2=A0errors and added = my work address. This is a short=C2=A0document=C2=A0that has been modified = as per the valuable comments provided to me by the WG members. I am request= ing a working group last call on this document if there is no objection.=C2= =A0

Thanks
Mohit=C2=A0

On Thu, Apr = 23, 2020 at 6:10 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= OCSP Nonce Extension
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Mohi= t Sahni
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-lamps-ocsp-nonce-00.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 6
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-04-23

Abstract:
=C2=A0 =C2=A0This document specifies the updated format of the Nonce extens= ion in
=C2=A0 =C2=A0Online Certificate Status Protocol (OCSP) request and response=
=C2=A0 =C2=A0messages.=C2=A0 OCSP is used to check the status of a certific= ate and the
=C2=A0 =C2=A0Nonce extension is used in the OCSP request and response messa= ges to
=C2=A0 =C2=A0avoid replay attacks.=C2=A0 This document updates the RFC 6960=



--0000000000005644ed05a43821b7-- From nobody Sun Apr 26 14:26:11 2020 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 77C953A12D3; Sun, 26 Apr 2020 14:26:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.127.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <158793636440.25186.11834660131377429918@ietfa.amsl.com> Date: Sun, 26 Apr 2020 14:26:04 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 21:26:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : OCSP Nonce Extension Author : Mohit Sahni Filename : draft-ietf-lamps-ocsp-nonce-01.txt Pages : 6 Date : 2020-04-26 Abstract: This document specifies the updated format of the Nonce extension in Online Certificate Status Protocol (OCSP) request and response messages. OCSP is used to check the status of a certificate and the Nonce extension is used in the OCSP request and response messages to avoid replay attacks. This document updates the RFC 6960 The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-ocsp-nonce-01 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-ocsp-nonce-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-ocsp-nonce-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Apr 26 15:06:31 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA443A13C3 for ; Sun, 26 Apr 2020 15:06:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gZOxBdme__sA for ; Sun, 26 Apr 2020 15:06:28 -0700 (PDT) Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145623A13C0 for ; Sun, 26 Apr 2020 15:06:28 -0700 (PDT) Received: by mail-io1-xd29.google.com with SMTP id y26so6946482ioj.2 for ; Sun, 26 Apr 2020 15:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3Aeuxmu2BcbeoU8yIcg7do54nlEVHR/gVphhJm6K1MQ=; b=lm5sa41mwZghl/x4vdFYzUgNZEUJw8qFq3sRjqABemnk0+nKZbBUe6JJIk3np0qk5p J5Nx1k/+DzVhSurmHszVVLuT78rxyEH9+I9wMOr806m5LgSwNJQDbuzs3vHJXiYZ/QF4 rzhuOMTV0p3gdn27A9ZICZc5LmiIXLQjrzPAwb3afEzeui8rNSheya96TKR1Tb8QwTBO NY94vnHT61nunqcj4NaUS1SFyeibTQxUW5ZZFfYRaFhLg9h+xFmXGflV1+q6aSOtzN+Q vvAi8nCx3vFdyBDQkgYB7rUofYWgmvo/xgTJzyKMKywlpCn0BEopMTOFsWucLHAu6emb N9bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3Aeuxmu2BcbeoU8yIcg7do54nlEVHR/gVphhJm6K1MQ=; b=feh8FHxTsw+epTvgu7rUvrrOMANohqxc9kufhP72RvGLwXJcYxvS9NuCcPS69/aVf8 80pEH/ABaDh0QYBqTFM8iylZB9Dn2+9Q1vS6EV1ScswkKCXyHftPVD6RU0cyifO3NzlN S8XtM52loxgBG4FtMRNSX3Ded2gLeo0fhKzUrmzHPzO4XE0Vu8EpN7DApUUzRCzOt8J9 yJCfzU57Z7Aef0iODMMAGTtN+kdC7Xn4CFMuFQpxtljImH4/8alu+gAC8g9O5mgkbK50 2FQz5GpT2YlAIiT4PQPuAZBSsBdZ8O2hiDodLwSGlj5Sz2YPTEborwvLPVhJ7QpYr2YB fUlw== X-Gm-Message-State: AGi0PuZYt3nhaiHAaRjKpXNn3faYlo2KgG6Ia5vEykCGUPXWJnEZtG+W tjqBf2jTR7FuIMdMfgJecrHfz7EqLhmP7bIV6V2IPayJ X-Google-Smtp-Source: APiQypI0hUQL7IRNbOQib+T58tz7giR4vdEz0Y/vsePWGrrYBKK32pzgWmNpdW6NkOI/00to8Zqt9Pr6//wJuX8RHVI= X-Received: by 2002:a6b:8b05:: with SMTP id n5mr18428384iod.68.1587938787257; Sun, 26 Apr 2020 15:06:27 -0700 (PDT) MIME-Version: 1.0 References: <158769057341.17424.4045332841555957570@ietfa.amsl.com> <04928ADD-56D8-4494-8843-05D1FDBBE890@vigilsec.com> <3F195167-A122-4AED-9DE8-FB9F1F7794E5@vigilsec.com> In-Reply-To: From: Mohit Sahni Date: Sun, 26 Apr 2020 15:06:16 -0700 Message-ID: To: Russ Housley Cc: LAMPS WG Content-Type: multipart/alternative; boundary="00000000000056f20205a438cfbf" Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-ocsp-nonce-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2020 22:06:30 -0000 --00000000000056f20205a438cfbf Content-Type: text/plain; charset="UTF-8" Hi Russ I have just uploaded a new version https://tools.ietf.org/html/draft-ietf-lamps-ocsp-nonce-01, please let me know if it addresses all your concerns and if we can move forward. Thanks Mohit On Sun, Apr 26, 2020 at 2:17 PM Mohit Sahni wrote: > Sorry my bad. I will change it and upload new draft. > > > On Sun, Apr 26, 2020 at 2:13 PM Russ Housley wrote: > >> Mohit: >> >> I see that I should have made the comment about both Section 2.1 and >> Section 5.1. The object identifiers are already defined in the existing >> document. >> >> Russ >> >> >> On Apr 26, 2020, at 4:51 PM, Mohit Sahni wrote: >> >> Hi Russ >> Your comment was regarding ASN.1 in section 5.1 which I fixed in >> draft-03. >> >> Mohit: >>> >>> Section 5.1 does not look correct to me. The OIDs are at the bottom of >>> the ASN.1 module. Only Nonce is not defined. >>> >>> I would like to hear what other people think about adopting this >>> document. If we are going to adopt it, then this small thing can be fixed >>> in the first WG version. >>> >>> Russ >>> >> >> Thanks >> Mohit >> >> On Sun, Apr 26, 2020 at 12:13 PM Russ Housley >> wrote: >> >>> Mohit: >>> >>> It does not appear that you addressed my comment about the ASN.1 in >>> Section 2.1. Please resolve all of the known comments before we start WG >>> Last Call. >>> >>> Russ >>> >>> >>> On Apr 26, 2020, at 2:21 PM, Mohit Sahni wrote: >>> >>> Hi All >>> This is the WG adopted version of draft-msahni-lamps-ocsp-nonce-03.txt. >>> I have changed the date, document name, version, fixed some >>> grammatical errors and added my work address. This is a short document that >>> has been modified as per the valuable comments provided to me by the WG >>> members. I am requesting a working group last call on this document if >>> there is no objection. >>> >>> Thanks >>> Mohit >>> >>> On Thu, Apr 23, 2020 at 6:10 PM wrote: >>> >>>> >>>> A New Internet-Draft is available from the on-line Internet-Drafts >>>> directories. >>>> This draft is a work item of the Limited Additional Mechanisms for PKIX >>>> and SMIME WG of the IETF. >>>> >>>> Title : OCSP Nonce Extension >>>> Author : Mohit Sahni >>>> Filename : draft-ietf-lamps-ocsp-nonce-00.txt >>>> Pages : 6 >>>> Date : 2020-04-23 >>>> >>>> Abstract: >>>> This document specifies the updated format of the Nonce extension in >>>> Online Certificate Status Protocol (OCSP) request and response >>>> messages. OCSP is used to check the status of a certificate and the >>>> Nonce extension is used in the OCSP request and response messages to >>>> avoid replay attacks. This document updates the RFC 6960 >>>> >>>> >>> >> --00000000000056f20205a438cfbf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Russ
I have just uploaded a new version=C2=A0https://to= ols.ietf.org/html/draft-ietf-lamps-ocsp-nonce-01, please let me know if= it addresses all your concerns and if we can move forward.

<= /div>
Thanks
Mohit=C2=A0

On Sun, Apr 26, 2020 at 2:17 PM= Mohit Sahni <mohit06jan@gmail.c= om> wrote:
Sorry my bad. I will change it and upload new draf= t.=C2=A0


On Sun, Apr 26, 2020 at 2:13= PM Russ Housley <housley@vigilsec.com> wrote:
Mohit:
I see that I should have made the comment about both Secti= on 2.1 and Section 5.1.=C2=A0 The object identifiers are already defined in= the existing document.
On Apr 26, 2020, at 4:51 PM, Mohit Sahni <mohit06jan@gmail.com> w= rote:

Hi=C2=A0Russ
Your comment was rega= rding ASN.1 in section 5.1 which I fixed in draft-03.=C2=A0

<= /div>
Mohit:

Section 5.1 does not look correct to me.=C2=A0 The OIDs are at the bo= ttom of the ASN.1 module.=C2=A0 Only Nonce is not defined.

I would like to hear what other people think about adopting this d= ocument.=C2=A0 If we are going to adopt it, then this small thing can be fi= xed in the first WG version.

Russ

Thanks
Mohit

On Sun, Apr 26, 2020= at 12:13 PM Russ Housley <housley@vigilsec.com> wrote:
Mohit:

It does not= appear that you addressed my comment about the ASN.1 in Section 2.1.=C2=A0= Please resolve all of the known comments before we start WG Last Call.

Russ


On Apr 26, 2020, at 2:21 PM, Mohit Sahni <mohit06jan@gmail.com> w= rote:

Hi All
This is the WG adopted vers= ion of=C2=A0draft-msahni-lamps-ocsp-nonce-03.txt. I have changed the date, = document name, version, fixed some grammatical=C2=A0errors and added my wor= k address. This is a short=C2=A0document=C2=A0that has been modified as per= the valuable comments provided to me by the WG members. I am requesting a = working group last call on this document if there is no objection.=C2=A0

Thanks
Mohit=C2=A0

On Thu, Apr 23, 20= 20 at 6:10 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= OCSP Nonce Extension
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Mohi= t Sahni
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-lamps-ocsp-nonce-00.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 6
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-04-23

Abstract:
=C2=A0 =C2=A0This document specifies the updated format of the Nonce extens= ion in
=C2=A0 =C2=A0Online Certificate Status Protocol (OCSP) request and response=
=C2=A0 =C2=A0messages.=C2=A0 OCSP is used to check the status of a certific= ate and the
=C2=A0 =C2=A0Nonce extension is used in the OCSP request and response messa= ges to
=C2=A0 =C2=A0avoid replay attacks.=C2=A0 This document updates the RFC 6960=



--00000000000056f20205a438cfbf-- From nobody Sun Apr 26 18:30:15 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CBC93A098D for ; Sun, 26 Apr 2020 18:30:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLy8z7Xw-gxa for ; Sun, 26 Apr 2020 18:30:11 -0700 (PDT) Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 185D13A098A for ; Sun, 26 Apr 2020 18:30:10 -0700 (PDT) Received: by mail-qk1-x72f.google.com with SMTP id 23so11721875qkf.0 for ; Sun, 26 Apr 2020 18:30:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=Ornix8ee44CFa4+FHyB91mbEG4a2nXyLjhbB+cdnh8vFtbQ2pK9rh8iBzdSohSGpEx zkI6E6qAhC7DW7YKPGo8C926v9uWnaB9FRWzKl/fGuugQi4nDUSnpI18DfrjgMpCBS1l 2aK14mZASIabJFxj8xVeheL9n5T7I0FPwHG38= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=J/t9M4cZhMALYIB1ajiILtVNUltw9HO8PBfOLP49FdSA5YNJLlX/pyGiMeNCnbxWEd ZChPIlxEZajMEG+zFoY0qezsvMSO861RsdZgPkbIDhoa9L2Nfp8O+XbsPyvRqatYUHJj jrlFmckFRRaxKbeuiogTJcM08uUh7yudzPT/attV7j+x4Xbq2S4lKQBygol8GO5E/fj9 TjsTVkfUuGkRVuVieZoORhZir/TX3i7PPUh1VXHBv2+d6RBHjGE6TlBP+zLddxaH6yHJ orN97lngODI1oV9367y6HQth23KAIRmlB4Yd3iQ+cO5aFexyazo5/h6yW0fBjLYh9HIu TjKQ== X-Gm-Message-State: AGi0PuYjtF2E9hof1ZapYATkQFLKHEj1b0BHhLk86QdjqfeaEn5tmVZr WgtyDrxJuGmgJ/ISxOPVPrd2sA== X-Google-Smtp-Source: APiQypKVNKP1nW3kZp7uaGtkyFiGUrPt0dt/xuKwsaSxTCiPPLYFCwieZUgX+8+RmWWXrvH61EELyg== X-Received: by 2002:a37:851:: with SMTP id 78mr20486421qki.352.1587951009858; Sun, 26 Apr 2020 18:30:09 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.34]) by smtp.gmail.com with ESMTPSA id y72sm8859579qkb.86.2020.04.26.18.30.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Apr 2020 18:30:09 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) From: Sean Turner In-Reply-To: <20200330145229.GW50174@kduck.mit.edu> Date: Sun, 26 Apr 2020 21:30:04 -0400 Cc: LAMPS WG , justin.cranford@entrustdatacard.com, pkix@ietf.org, Dan Harkins Content-Transfer-Encoding: quoted-printable Message-Id: <745A0AAC-B5BD-4620-8919-BE1B9DC0570E@sn3rd.com> References: <20191112204840.35508F40737@rfc-editor.org> <20200330145229.GW50174@kduck.mit.edu> To: Benjamin Kaduk X-Mailer: Apple Mail (2.3608.80.23.2.2) Archived-At: Subject: Re: [lamps] [pkix] [Technical Errata Reported] RFC7030 (5904) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 01:30:13 -0000 So there was this errata filed way back in 2013 when EST Extensions (RFC = 8295) was working its way through the IESG, i.e., this addressed a = directorate review and a discuss held by Alexey: https://www.rfc-editor.org/errata/eid5107 Does errata 5107 not address the same issue? spt > On Mar 30, 2020, at 10:52, Benjamin Kaduk wrote: >=20 > Forwarding to the LAMPS WG list since the original seems to have not = made > it into the PKIX archives. >=20 > -Ben >=20 > On Tue, Nov 12, 2019 at 12:48:40PM -0800, RFC Errata System wrote: >> The following errata report has been submitted for RFC7030, >> "Enrollment over Secure Transport". >>=20 >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid5904 >>=20 >> -------------------------------------- >> Type: Technical >> Reported by: Justin Cranford >>=20 >> Section: 4.1.3 >>=20 >> Original Text >> ------------- >> Content-Transfer-Encoding: base64 >>=20 >> Corrected Text >> -------------- >> Transfer-Encoding: base64 >>=20 >> Notes >> ----- >> Content-Transfer-Encoding is not a valid HTTP header. RFC 7030 is not = compliant with RFC 2616. >>=20 >> - "MIME Content-Transfer-Encoding: base64" =3D> Base64 Basic with = CRLFs >> - "HTTP Transfer-Encoding: base64" =3D> Base64 Basic without CRLFs >>=20 >> This is traceable from RFC 7030 (EST) through RFC 2818 (TLS) to RFC = 2616 (HTTP). >>=20 >> - RFC 7030 (EST): EST specifies how to transfer messages securely via = HTTP over TLS (HTTPS) [RFC2818] >> - RFC 2818 (TLS): HTTP [RFC2616] was originally used in the clear on = the Internet. >> - RFC 2616 (HTTP): HTTP does not use the Content-Transfer-Encoding = (CTE) field of RFC 2045. >> - RFC 2616 (HTTP): HTTP/1.1 introduces the Transfer-Encoding header = field (section 14.41). >>=20 >> RFC 7030 sections affected are: >>=20 >> - All references to Content-Transfer-Encoding are not valid: Sections = 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, A.1, A.2, A.3, and A.4. >> - All references to RFC 2045 are not valid: Sections 4.1.3, 4.3.1, = 4.3.2, 4.4.2, 4.5.2, and 7.1. >> - All references to "base64" need to be updated or removed: Sections = 3.5, 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, and 7.1. >>=20 >> RFC 7030 fix options: >>=20 >> Option #1: Change all references from Content-Transfer-Encoding to = Transfer-Encoding. A caveat is that "base64" has a different meaning in = HTTP (no CRLFs) vs MIME (includes CRLFs). >>=20 >> Option #2: Remove all references to Content-Transfer-Encoding and = base64. Responses would be transmitted as binary. This allows the = response to be transported more efficiently without base64 size bloat, = and it allows optional use of Content-Length header so the response can = be parsed more efficiently knowing the length ahead of time. >>=20 >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party =20 >> can log in to change the status and edit the report, if necessary.=20 >>=20 >> -------------------------------------- >> RFC7030 (draft-ietf-pkix-est-09) >> -------------------------------------- >> Title : Enrollment over Secure Transport >> Publication Date : October 2013 >> Author(s) : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed. >> Category : PROPOSED STANDARD >> Source : Public-Key Infrastructure (X.509) >> Area : Security >> Stream : IETF >> Verifying Party : IESG >=20 > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix From nobody Sun Apr 26 20:06:43 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80F0D3A065A for ; Sun, 26 Apr 2020 20:06:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.888 X-Spam-Level: X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HuEMHfwkQ2tD for ; Sun, 26 Apr 2020 20:06:39 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 613E63A0651 for ; Sun, 26 Apr 2020 20:06:38 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3952F3897D; Sun, 26 Apr 2020 23:04:44 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 741D1721; Sun, 26 Apr 2020 23:06:35 -0400 (EDT) From: Michael Richardson To: Sean Turner , LAMPS WG In-Reply-To: <745A0AAC-B5BD-4620-8919-BE1B9DC0570E@sn3rd.com> References: <20191112204840.35508F40737@rfc-editor.org> <20200330145229.GW50174@kduck.mit.edu> <745A0AAC-B5BD-4620-8919-BE1B9DC0570E@sn3rd.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] [pkix] [Technical Errata Reported] RFC7030 (5904) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 03:06:42 -0000 --=-=-= Content-Type: text/plain Sean Turner wrote: > So there was this errata filed way back in 2013 when EST Extensions > (RFC 8295) was working its way through the IESG, i.e., this addressed a > directorate review and a discuss held by Alexey: I'd never heard of this document!!! {can't read them all :-(} RFC8295 does not Update 7030. Of course that probably would have to be a See Also/Extends. And the IANA registry for /.well-known/est does not mention RFC8295!! I take that back, Updates should have been specified, since: This document also extends the /est/serverkeygen PC [RFC7030] to support the following (see Section 8): seems to change this end point, not just adding new ones. Should this update also update the IANA registry to mention 8295? I'm not sure above, what "this" refers to? I looked through the directorate reviews seeking enlightenment. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6mTDsACgkQgItw+93Q 3WUHEQf/Vbi2CybLdCMq9Hgan3AUG0JGxjr+Y0mmTDfkIYJOaEuBp1zSXq9pdQse GaKDY0R+d5NnQ8nryhPVJZGfwFHmpDA5biFFxohNLNZRAsFPo6pyXHK/FcnPEmtx QWm3j3/qYoa06KLcSEBre0X48xfJhzH1x9zCu6cY99tjdsAEXOp/Wqd+gwZUna7P WxGcvKNYAg3ADlZ6NXwchdZn72HByOTaOc/f+R5hq5P57lQ5T6MgusIbD36RDfVp izEgBMRjr8VolvgCs/mLcxa9BbptQXR98jdYYVRclFh7e7BKk7WsWdFlQ1C95NZV mtwwhtKDGMjzip2WwnpXDihP4QxH+g== =yH8P -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Apr 26 23:31:20 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 361B43A0DBA; Sun, 26 Apr 2020 23:31:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.72 X-Spam-Level: X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kl7_QUVGm7X; Sun, 26 Apr 2020 23:31:15 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50048.outbound.protection.outlook.com [40.107.5.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 805433A0DB8; Sun, 26 Apr 2020 23:31:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRdJSP+0doQ0uffizlZYq3F6+v9MgygmrOwI8XLrN8/IXz+DNIdKm3/sf4VFmHJZbYXN0SqJsvauKLJGqr2CwzDsuLicH4zDjSHDDdyQMtUNFGg4Scx/0kcc4DAKk+XcOv3c1F69pbmOVAs9OmKFkDObdC39Kg7CaVJqCSe4Su2ANhXg6XxoVxh7yS5SpG90T2AhgXn3WZjuzeALe3gEpVXYHVPgj+72p0UcflFriQ8Z2zvP/p2GXpFvkUU83GhA7L19Qe1Yy9s0qpCl/P4C/ytkMeqqninDKHcPk5aC054bFtHJFydUhMpbELmbqy63AA1RvKBdaSJIMCNjwfmf8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y8RrKBdEN2GqhYQPO23XxgYz/GP4bqkzPuY38/FcImI=; b=XFMlo7nbpwxdGRpBsV0AwfyeDUFEHxmRBjiOgaJXAjc/ux+25hxW0vtCFwAW/ZKr0R0FNAxCMVQaaCp2yyzJGw5y2adru4Tz2k23a3TtFx7+Nh16FimUlwWopHK6lYqGI7YXd8kjabid6dRJsfsQGfmo/CBodtRdnwWDPsJTjrcLi9m4laLmA4jJ6DE5ZG0AxUBF2Md3yelifOWlhvMQ31v1aWOiF/zmwOzvvKSm3n/3DI/gvZRHWQcfLTnCduyaBi4LbuAzhVAAgZxchvwdnTyI0gefqrFM0TD/OMORAfCrGfu2PMjKziT74O/XIxJ0KDacx3u3DbvbmRIthCwj1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y8RrKBdEN2GqhYQPO23XxgYz/GP4bqkzPuY38/FcImI=; b=NMo3LSLgDhcLyTd3BRQV4HIeYRKDX1Zpjxci01rz2l8NpKpwxGtKTcD+qlAzfSpGMReYt+STYJDDfcHM2XUV5TQ9DspFztjTSPQHQpycRHpl7Q/VygHFfXe1Ehk7k9nac93QR4YBOOZsx8Q/Lyj6GpMHLyuH1wnMd4iz5g6Q+Qw= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:e2::32) by AM0PR10MB1922.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:40::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Mon, 27 Apr 2020 06:31:13 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::85a4:2ab:a6b9:e1a3%6]) with mapi id 15.20.2937.020; Mon, 27 Apr 2020 06:31:13 +0000 From: "Brockhaus, Hendrik" To: Peter Gutmann , Mohit Sahni CC: LAMPS WG , "pkix@ietf.org" Thread-Topic: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 Thread-Index: AdYaCB2PEbEcCf1RR1Sfxy7I94Cd0wABPc8AAANHXrAAHb71AABx+vSA Date: Mon, 27 Apr 2020 06:31:13 +0000 Message-ID: References: , <1587771390263.34621@cs.auckland.ac.nz> In-Reply-To: <1587771390263.34621@cs.auckland.ac.nz> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [165.225.200.151] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 114fec76-540e-468f-54d7-08d7ea7494ee x-ms-traffictypediagnostic: AM0PR10MB1922: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0386B406AA x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(39860400002)(346002)(376002)(366004)(9686003)(33656002)(4326008)(966005)(478600001)(83080400001)(71200400001)(2906002)(76116006)(86362001)(55016002)(55236004)(8936002)(5660300002)(64756008)(66446008)(66556008)(66946007)(45080400002)(6506007)(54906003)(110136005)(7696005)(8676002)(186003)(26005)(316002)(52536014)(66476007)(81156014); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gCI1Z+ejmLgA68BuErCdjVxD8hhcj9gUa9px/KLAWtXbERVdDxSEF3NeOTfNWTmPuVOcw7hghbdihUAPwqqNYgRhCxETsw7qTK9PFo5xQmu4gPxMB77z2kWX0vG64qG4f5tDDKnrfB0LONhvB4HFQACf4ukQMmxxDHV4IZ0YSJTidRbJM1ujTV1W3VVdDhCwvefMWNDcZnJM/s2ePBaKf1aXM4czvCtDd/XH26O+bvB0Y+5ury/zU92M8tXNO8FmTl35hdtBgcZSkuqJooeOS0e4d6uGAgvkM9AYdK0jxt0r5ad9IDvwy2fGfsZOMgHqzv17QLretaRtlt0cCHmaCUiRM/OFY86qdt5kr5zK/1Kn5gN1pxE9tFiVWDInYaQTIIrDIsIkDN5CH2ozp36VeeQ7dsq/JsayXyPxlFFIxALqbTCxS7x+EoNonivAN8PObeMtkgk9C9G3Jgo7HBEI5W/X4BunBLt5wcaZNsPSujKt14CWhtTbi8spUQoJf2Ids2yvQDDKLRaYLXxplcjHeg== x-ms-exchange-antispam-messagedata: r9zQtWGB0yHrVNgojZmvBUdA1nKDHiynd0RqVzc9X7pU2V6FYm8Y81Xwh49GlnEwTzBXf7+Be+c/hQwma86Rhb+z5r+NK9doyn0ODpn9oJnWFbLR7h9zHGXTioN5iXf11B6UPZTSZpR3WPUjN8cBFCy3xgSZ/oZCMM0RvMtmFdpj4GXlFuQR1qSIYuvDYgZrvL8ZXzLi2x2u2pUBCTPMyaIqZAL8gqmoGlNxodC3Nf+WvipGrAuij+lR2q8S6E31HL1AQsliRVsrJWazXbe7E35Fu68kq8wElmrbysBo2DpcL1wu4yV/az2EbvoN2FtLwYvl/6k1KZLOc5HXjYzd33lSmzBvWDhmjAYQWP8DYVWYbj4zlRjcuvKQmAOwfXC+JfF/JRiM+nSVFblKqK8/3ZJXhGAGnBtXqQUjeoJN2IVaFoIgo6NRIm0b81YYIN1xnCPFDFo+VXA5Wnf2x5o5IsvUAbAOWNx7Eo48GQk2EgN2Shxr423QMmLnUy29ul6GBMq01829SaoiU0XWFRdt3Cic84POZEFbZleovwJV/f19ITvW9EdaF8IFBdi7BrQaxQRX/gGqML6NHFAnY6qD0W1rEiM+Xl6oPfCfMkZHan7iGDJ+G5txgZ7SXSoZeP6EBLX5pQ78NNJ0VqyKVSUG+3YrJp/0T2P5n6B6PXRD1JyIqOUD+TBmD6cov1YPwPBc+WBKXDXbHVPdnGvDFl0w3qb9+EuPHm4RKnRFloIz2iCz3CQYnXsll5xR2oox+unwQflg+zeafIqwktIZ0fK4x/KkjRK0itK1JYeNmU152Ly8JyzeVCrSY2j1Il+bNbFV x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 114fec76-540e-468f-54d7-08d7ea7494ee X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 06:31:13.1248 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SSQjhfYYoKbYFG2u+Cu/PwrwRw+7tFwEktxCGg/LBQyEbBLhDwiyb52HwLJ0F2uc2hygv5TGGIM4vXaag5RqYcoYDH87J0KdpccsjMtRvq8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB1922 Archived-At: Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-01, section 5.4.4 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 06:31:19 -0000 > Von: Peter Gutmann > Gesendet: Samstag, 25. April 2020 01:37 >=20 > I wasn't aware of this work until now, is there any plan to address the l= arge > number of problems in CMP that make it almost impossible to create two > interoperable CMP implementations purely from the spec? =20 Next to the Lightweight CMP Profile there is the Updates CMP draft (https:/= /datatracker.ietf.org/doc/draft-brockhaus-lamps-cmp-updates/). This draft a= ddresses some changes and general clarification on CMP.=20 The scope of the Lightweight CMP Profile draft is to profile the existing p= rotocol to foster interoperable implementations. See section 2 (https://too= ls.ietf.org/html/draft-ietf-lamps-lightweight-cmp-profile-01#section-2) of = the document for more details on the scope. Especially interoperability wit= h existing profile in the industrial space like in ETSI-3GPP and UNISIG is = a goal of the profile. See section 2.3 and 2.4. > See for example section 5.2 of: >=20 > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.u= sen > ix.org%2Fconference%2F12th-usenix-security-symposium%2Fplug-and-play-pki- > pki-your-mother-can- > use&data=3D02%7C01%7Chendrik.brockhaus%40siemens.com%7Cf11d5fbf2 > 10a4e96cce008d7e8a8554f%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7 > C1%7C637233682004627707&sdata=3DO9VyYVvf9uxPkhAGLEQ3ghAJTw7gZL > 695a744HQ%2BP%2Fs%3D&reserved=3D0 >=20 Thanks for this link. If you have concrete suggestions on what is worth adding to the CMP Updates= or the Lightweight CMP Profile, you are welcome. If possibly complete por= tions of test are helpful for me. Then your concrete suggestion becomes mor= e clear to me. > (Given how fundamentally broken CMP is, rather than profiling it a far si= mpler > option than trying to duct-tape it together would be to just redefine it = to use > CMS, which would fix most of the problems in one stroke, but I'm not sure= if > that's an option). Generally speaking, this is an option if you would drop interoperability wi= th existing implementations in ETCI-3GPP and UNISIG. CMS is definitely a go= od format for the content of certificate management messages. But currently= there are already several approaches (2 RFCs as well as 2 drafts) out ther= e that use CMS. I think, adding another flavor of certificate management wi= ll not foster interoperability. Therefore our approach was, to take a proto= col that is in industrial use for a long time and profile it to clarify its= use and ease interoperable implementations.=20 Any suggestions for further clarification are very welcome. -- Hendrik From nobody Mon Apr 27 07:56:29 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A1E3A0C2B for ; Mon, 27 Apr 2020 07:56:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TNlOeo35k7F for ; Mon, 27 Apr 2020 07:56:24 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 689413A0C28 for ; Mon, 27 Apr 2020 07:56:24 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id EEC43300AED for ; Mon, 27 Apr 2020 10:56:21 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id s8-3wnc-zAsX for ; Mon, 27 Apr 2020 10:56:20 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id C7AD8300A02 for ; Mon, 27 Apr 2020 10:56:20 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Message-Id: <31FF8CDA-9A6B-4C16-ABD0-800E06325748@vigilsec.com> Date: Mon, 27 Apr 2020 10:56:22 -0400 To: LAMPS WG X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 14:56:27 -0000 This is the LAMPS WG Last Call for "OCSP Nonce Extension=E2=80=9D = . Please review the document and send = your comments to the list by 12 May 2020. The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce/ Thanks, Russ & Tim From nobody Mon Apr 27 08:07:13 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE6163A0C96 for ; Mon, 27 Apr 2020 08:07:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.599 X-Spam-Level: X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hih2p8lk; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=sUsa3HpP Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFTtCR4rF5YX for ; Mon, 27 Apr 2020 08:07:06 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB64A3A0C8F for ; Mon, 27 Apr 2020 08:07:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7573; q=dns/txt; s=iport; t=1588000026; x=1589209626; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DpsWcb6e5h3+350lYuvsXrRuzJJOugPR4f0TgzuG+1w=; b=hih2p8lknhTQTmjQb28+HpHGX3MWDojcNozv9Z878d4ui+0YceBGPfhd ua6vZWqXC4CxEOnotYp5Oeb1eBxTA87xC6qVDKNrw76aSUanVDgBrqZ8U ypw5lvA4HbuJSkZsnVWZVOrE3XSw50X+16CjHybyJ/QsIk3PBnnKYlKiz 8=; X-Files: smime.p7s : 4024 IronPort-PHdr: =?us-ascii?q?9a23=3A8ZM/AhBlaa/+z3C4f+gAUyQJPHJ1sqjoPgMT9p?= =?us-ascii?q?ssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHw?= =?us-ascii?q?QAld1QmgUhBMCfDkiuNP3jajQzGs1qX15+9Hb9Ok9QS47z?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DxBwB79KZe/5pdJa1mHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBPIFHgVRRBWwrLSAECyoKh1sDinJOghGYL4JSA1QEBwEBAQkDAQE?= =?us-ascii?q?YCwoCBAEBhEQCgigkOBMCAwEBCwEBBQEBAQIBBQRthVYMhXEBAQEBAgEBARA?= =?us-ascii?q?uAQEsDAQHBAIBCBEEAQEBLgIlCx0IAgQBCQkIBhSDBYF+TQMOEQ8BDqdBAoE?= =?us-ascii?q?5iGF0gTSDAAEBBYUjGIIHBwMGgTiBU4EQiVoagUE/gRFDgk0+gmcBAYE8K4N?= =?us-ascii?q?Cgi2YeJkuCoJFhBGCSZFDgluIV5FJj3qBVpswAgQCBAUCDgEBBYFpIoFWcBU?= =?us-ascii?q?aIYJpUBgNkTSDcoUUhUJ0NQIGCAEBAwl8i1uBNQGBDwEB?= X-IronPort-AV: E=Sophos;i="5.73,324,1583193600"; d="p7s'?scan'208";a="743908804" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Apr 2020 15:07:05 +0000 Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 03RF75aV018079 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 Apr 2020 15:07:05 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Apr 2020 10:07:05 -0500 Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Apr 2020 11:07:04 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 27 Apr 2020 11:07:04 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nJxdrx/ojQ50t49GNlpH0PAry7jpDA1qCS+nj1bi/F90vh4KmpOFrSFHi4bDfjZmqRYDuvkxdu8nzkyPfYjHgX6OvFYyuddjzA1fvHO09e7o5WG7dWEQgypFtQ7HCZ2z6f14/kdoRm4hJdxcuRknF4jqWC1wq3a6DTM/8rjWsPJrz5w4Bc3TNZphDRDLRdfgasQWT1U4N85fUTFWnlfYhS71h4UODnJsWP2W8b+YRxDBW3wzoVzHM9bQA/jvZMtmqOTvaL1bGpNJ0kWZWWxVOvaPYggh4z4n1o82EscRVuUEeFt/idWwHUqi/E5//x8vVtvvp60+xeL3Ny10sOgSfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h1gleZzVNvNaDulKoDHOzG64OKzD7EemuTpJS9/pLBA=; b=bU1dmKf/WWdplab8MalEDNpKJytqZx9Ubfyt64YkujxpO1LnlWa8yePq6cAozOm4bvDSc2ayhQsSWzzNKw3iq3gQWpBDBRgMKS+OwCZkAQ+acOQoVPo1u1sw5zdPygeEdsT/c03zz6QPs2rbky+cWy8e0J7EiVJixW51hWKAcjTX968KqP3SeZX9Ugioly1TAQXWfSMaZasvc1ZEKREY4Oew8UT1hMGzqJcUTClQioki1aPBQpAQY3boAzGhr+g+CR1cjT5PGheGCR6J0hl24JV3b81xWzNXGhaSAjKzfMozh7rjbJDJub43w9W5PrX6C0SQ7Krj4W0D1TZSJnpJuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h1gleZzVNvNaDulKoDHOzG64OKzD7EemuTpJS9/pLBA=; b=sUsa3HpPX2nPJ4RfncwvANSRn3CXYQzCHn5OSbh47AnLczRdfhlsV1QLHNF8llUj0MmFWdR+YTXDoXFbke5gw1gMoatQ0H12oMEZ6WqbLmHa+UXeAsWulvaugkJCDGstuXr1c+gpQAC7ApTYOPHtXinzc7OJpQMWIZThLHVXVFY= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN7PR11MB2562.namprd11.prod.outlook.com (2603:10b6:406:b4::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Mon, 27 Apr 2020 15:07:02 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::7d1c:98b:2131:d35]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::7d1c:98b:2131:d35%3]) with mapi id 15.20.2937.023; Mon, 27 Apr 2020 15:07:02 +0000 From: "Panos Kampanakis (pkampana)" To: Russ Housley , LAMPS WG Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-03.txt Thread-Index: AQHWG3jjSQfABltd10+1a2eoC1uJ4qiLs0wAgAFffXA= Date: Mon, 27 Apr 2020 15:07:02 +0000 Message-ID: References: <158787083347.7062.11345037432875449028@ietfa.amsl.com> <8C0DDCB9-73D2-4333-9DCE-4FA8B1B7B379@vigilsec.com> In-Reply-To: <8C0DDCB9-73D2-4333-9DCE-4FA8B1B7B379@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [68.93.142.48] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 73d9bb88-6b43-4d61-38c9-08d7eabca468 x-ms-traffictypediagnostic: BN7PR11MB2562: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0386B406AA x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(39860400002)(396003)(376002)(136003)(366004)(316002)(110136005)(71200400001)(186003)(478600001)(6506007)(5660300002)(7696005)(8936002)(8676002)(86362001)(81156014)(53546011)(33656002)(966005)(26005)(9686003)(66574012)(66476007)(66946007)(99936003)(66556008)(76116006)(66616009)(55016002)(64756008)(66446008)(52536014)(2906002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: E+uPiY+FQEQNZgcFtBOMqXZWCinQAMpSm+dtGXccRF2WIqBljxM18mkSyqfptUI5K7xLVkVbqcqBAy+Z3V9CZVBDaUdV3thDCkyozgEw4I0XddaDsNCB+MyEOEPzG+pqdgcbRHKC9z4p2mE7XSNm48XSvmHYi62uZUYdrxno3bgJRNDYBjAK96Un8IcTeqbYUbtZQ0IXWC2j9/qTOnlTkcpSNh6dPf9st1hgE5je8r8kc0phWUkps14ldpLD62SQTn71lPLoJZAWx4Q9oWHQilpPU2gutMCn6wE+3odrDIG2hzgwGGCO8f+bGKgr1cZ/Bs71In5EZktxT8ktqZPIIg6qMrvFc38qVtWxpsCYU8xsdcj7sSLrtv7qU1sD2HhdZciyxoRQOSXnzVeagUehazkL3oEyb9Cj6LFE1OaUsk4RsJ4G+UgtOkJdZ2cM6JrGoLL2GeNLSgWJQxHTzg9Lj3TAiaaOWyNJFWJBmSnT1+LbgVIM93rFslNHPaECwSthOHmcx25ppTC2NKojdaApGQ== x-ms-exchange-antispam-messagedata: Q8IhrZiZm3WFRZ54o2ddFtpOo6e391usBVbvQ4xDXYKBto1/HhYW3EvHEP9DwpCIhDxNZMx6FXckaLW3gR94RMwShgH5YKLmvmhzs1i5Mks/E/6OQDanmN5kKOuqIQUuZqgVrG7b+aXvd+jjDWEXctqZDMU15UY1+LOdOD5bBgv+SrsPf65QA2tMBNBWeZ+SqEypX68v4qmppIKLxX61jxZY4ahgAm20U0xyAAzD9YkkqhpQ0RBK4WeF0ZOfn1u1P1oQm9WyG/JiRPurUspyB+jtcfD2WWukwkBNAtVYNOcdnY3i7VjTaEpy0s+taJd+jryMy/X1qBlwb2bXVN/Xo9CLvyHdpj3+Rre6nPcC+RbGLWNvrbkwAcn6TAm+f3YpUuLVqR6AKPskqIJRaCfgzzmnJqJyQJACGZEtIg/Eq1ToFf3mIrRB+l6UU5Sz6JG5wGQ3be3X9Rw2sdwEtn6gjzO8iUZrpifAsuWkEqoVWZc3jcl+BtZZLb/gTRUVOiVeTUhMCC/c5BeYt+q5oyq7mspeYj02CGBNHtGTkoS5jqQwcREhFPzgWEHCVS+w8lb31Epaa96fwo/j+MJl1to+/cxB2p3NsESPV9fiEPrQ2HqpaENlbluw+ksx3GcBxiBZb/lL65l62cfFwBwnToQvr9Ketm+WMO2QQm2XlyRZ7INvLQlqYltb7sCGUmPefIgJ4lk774HtzrC8CLbNdJLUcmPenLP7f8tB3/a442CD2oPoTELafPUkJ7Yq4+pk6Mg0jX8Pi2V+BMRQml/vWBkWU0ms+Pwdv3juNfEft2GRS+Q= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_004D_01D61C83.FA117570" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 73d9bb88-6b43-4d61-38c9-08d7eabca468 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 15:07:02.8150 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wZypeqwWz6vwPLHKc6yA0oIwYqlZqYEwO7iRXSsDiq7iYlnDdeXqV2WWS3DBvkQfBYbq5GblynEfo0Zb+l/fbw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2562 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-03.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 15:07:09 -0000 ------=_NextPart_000_004D_01D61C83.FA117570 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi Michael, Russ, My comments are resolved by -03. Thanks, Panos -----Original Message----- From: Spasm On Behalf Of Russ Housley Sent: Sunday, April 26, 2020 2:04 PM To: LAMPS WG Subject: Re: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-03.txt Thanks for posting the update. Would all of the people that posted WG Last Call comment please see if the comments are resolved. Please tell the list one way or the other. Russ > On Apr 25, 2020, at 11:13 PM, internet-drafts@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. > > Title : Clarification of Enrollment over Secure Transport (EST): transfer encodings and ASN.1 > Authors : Michael Richardson > Thomas Werner > Wei Pan > Filename : draft-ietf-lamps-rfc7030est-clarify-03.txt > Pages : 12 > Date : 2020-04-25 > > Abstract: > This document updates RFC7030: Enrollment over Secure Transport (EST) > to resolve some errata that was reported, and which has proven to > cause interoperability issues when RFC7030 was extended. > > This document deprecates the specification of "Content-Transfer- > Encoding" headers for EST endpoints. This document fixes some > syntactical errors in ASN.1 that was presented. _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm ------=_NextPart_000_004D_01D61C83.FA117570 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCDGkw ggNDMIICK6ADAgECAhBf+HsoK1TcjUKjFbVoya3/MA0GCSqGSIb3DQEBBQUAMDUxFjAUBgNVBAoT DUNpc2NvIFN5c3RlbXMxGzAZBgNVBAMTEkNpc2NvIFJvb3QgQ0EgMjA0ODAeFw0wNDA1MTQyMDE3 MTJaFw0yOTA1MTQyMDI1NDJaMDUxFjAUBgNVBAoTDUNpc2NvIFN5c3RlbXMxGzAZBgNVBAMTEkNp c2NvIFJvb3QgQ0EgMjA0ODCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBALCauaunrwp3 p+JxtrRmYpR4iEfGYlWEQDK/wKsupRxx1rxue6iqum7SFYhIRZ2i/IPQzLmM4CZocEp43yEXnvRh BckVyM8W2jVhiZRDqISoMZh4m7lObyxTEmzNHa0rJLsxxCv/g0Rvtj0kdwnqvyqoH2pW9iAPEVSX gXWnJc5ZaoJl77fq5+KNdYtu8t1Ppl5inM8QCmTQTm3OK8xb9WClJ0eNafR/zhtw3nAbINZuzaYB qDwS0qk/oGteu44gi3qR47Vo7qDnxAF0qFMLK0qaD2USDoJNjmP97+ubGttTphNgr8J918dsFyXU c/tHZFCBgJRM4b+uSxzfku0uBd8CAQOjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/ MB0GA1UdDgQWBBQn88gVHm6aAgkWrSugiWBf2nsvqjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG 9w0BAQUFAAOCAQEAnZ2EhKNBqXx3DLdTyk5EUGLvVHzTdRcc6ODGSEu2/kw6GYFWsFbuGZZiqlqj ZMH2TlQzxnf+xRy65V0lyvXwk5qDES7my/h0Rf7nBbir59/LS+E3hNq5i5dwHvDii9ew2A6dsWnW KpF7qUlPfuaOldiDJzzVaEkO1J32LuunvuswpKwfRPyVqzMG+31gCt60imOwnKnypLlTAYfQaKQn f6v/6frJQDiIZ7Q5xoRvV8lT27qO7sBDsvgJg27/Zs8+7xezWBglCTRe48vWFLbs8pJvdOQvgSrV kpHg4Jc8MmgFhUvR91fiUh2TGlSfBXDASnFgHkMLYB7+o86BGeELNTCCBG4wggNWoAMCAQICCmEQ gG0AAAAAAA4wDQYJKoZIhvcNAQEFBQAwNTEWMBQGA1UEChMNQ2lzY28gU3lzdGVtczEbMBkGA1UE AxMSQ2lzY28gUm9vdCBDQSAyMDQ4MB4XDTE0MDQwNDIwMjQxOFoXDTI5MDUxNDIwMjU0MlowLDEO MAwGA1UEChMFQ2lzY28xGjAYBgNVBAMTEUNpc2NvIEVtcGxveWVlIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAyt9+FkxTFfsjVs3GuWUKBJXl3kxFZ4wMxwbgqx9tXzcqe+fto62A fxHI84Lr7p9Q2cm/PaEvuzwRBzXvuKXZUU7ZsPdToJSALCySZa0Qb6GGa19ACpmlUEQakE3P5kz7 RgaNSOMH1+GtY9fV6CcAFb9uB7JDu2UGL332WV2bEsUsfb3rRLBS4cL8Hu2dWfcdk6erMaZCQjkn 04FixlQsJozbPRTQqI4V6iikG/69rDyeTdbVTK+My/9LnwVsD3GBMiRh7RmrvupxtGiMu8j05Is/ d1OifhWecwvjV3Reg9Lok8bMNJEMAped1weTdVS0X4MsAheosJBld9lS5O4idwIDAQABo4IBhzCC AYMwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFJ+VNrSOXdVLwwrBpymTQ1EG/YlRMBkGCSsG AQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB8G A1UdIwQYMBaAFCfzyBUebpoCCRatK6CJYF/aey+qMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93 d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9jcmwvY3JjYTIwNDguY3JsMFAGCCsGAQUFBwEBBEQw QjBABggrBgEFBQcwAoY0aHR0cDovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL2NlcnRzL2Ny Y2EyMDQ4LmNlcjBcBgNVHSAEVTBTMFEGCisGAQQBCRUBFQAwQzBBBggrBgEFBQcCARY1aHR0cDov L3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtpL3BvbGljaWVzL2luZGV4Lmh0bWwwDQYJKoZIhvcN AQEFBQADggEBAD5OviMaRgKNXmvbigI0C2Ob5QE8Jl2McLIk62Be7IqEZC4bWRWjZxrhFuP94E19 RJojKNLttveiH+dEze1t6oYhVCisbGG8+8hlUARAiiqL/J9uGJ71xT6loqkcAK5xphe7STJLSlgT k0w26fcvDeiA6zhdVHnKhVKkpOJWd9MNByFOnCQyDOK+pcNxLU6IN9TwL1ZoRkdFa11QiCX3Oimk 8YhBrVN+VzGGKtbgZ4fYU6uBo3V3vtshyDpHtGkn1e7f9/TWcY26etFzL33dzaZ4lChlw4l3XkLq 6AfCEDF5djpBdiCRjwpBUIIbCSmyESBvA+sL4j8i1vo/uEartrAwggSsMIIDlKADAgECAgoBhhEi QTzquitVMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNVBAoTBUNpc2NvMRowGAYDVQQDExFDaXNjbyBF bXBsb3llZSBDQTAeFw0xOTEyMjAxOTQ5MDJaFw0yMTEyMTkxOTU5MDJaMIGfMSQwIgYDVQQDExtQ YW5vcyBLYW1wYW5ha2lzIChwa2FtcGFuYSkxFDASBgNVBAsTC0Npc2NvIFVzZXJzMRIwEAYDVQQL EwlFbXBsb3llZXMxEzARBgoJkiaJk/IsZAEZEwNjb20xFTATBgoJkiaJk/IsZAEZEwVjaXNjbzEh MB8GCSqGSIb3DQEJAQwScGthbXBhbmFAY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAmIHTLIzoAnuMUiHMx8V+PF9JpAcB7zrNHOY1Vj1R1Vx7ty7m9yo9G991T2n7zHo4 UzF6tnB9NxzQOKCY54oqP5KjVGYOPPo+qZ+2rx1GABzdKUF4LwUUKOTf9uXAtvsvIRUc5J/csShT jcUIvtVmiAzWXWRfMYShjBYBVtx/h8fDqAqfFAzd6HG0TcdsN/BRb9k6QEW1afHjPKlRUaDRELyj nFGJZd2OsUJ7/aKMdFmQFd2CAJYzsuwLYjeqJsuGNzBc/k6mzQPf6FW17nz17G41KReU0UdZf2yZ jvimkwCQ/yW8SVTOcGBP+Zk+Lq5EYEGQMu1qtNK/97bXMc5kuwIDAQABo4IBWjCCAVYwDgYDVR0P AQH/BAQDAgTwMAwGA1UdEwEB/wQCMAAwegYIKwYBBQUHAQEEbjBsMDwGCCsGAQUFBzAChjBodHRw Oi8vd3d3LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY2VydHMvY2VjYS5jZXIwLAYIKwYBBQUHMAGG IGh0dHA6Ly9wa2ljdnMuY2lzY28uY29tL3BraS9vY3NwMB8GA1UdIwQYMBaAFJ+VNrSOXdVLwwrB pymTQ1EG/YlRMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jaXNjb2NlcnRzLmNpc2NvLmNvbS9m aWxlL2NlY2EuY3JsMB0GA1UdEQQWMBSBEnBrYW1wYW5hQGNpc2NvLmNvbTAdBgNVHQ4EFgQUjrl7 6Mrrdw3ZYFiTpZBdtrUm5P4wHwYDVR0lBBgwFgYKKwYBBAGCNwoDDAYIKwYBBQUHAwQwDQYJKoZI hvcNAQELBQADggEBAMhR6xCTygu68lppjWebXTXYznix5961hcmwiJRkPtUIGQ5JQwXyCwq/Juuq yc5ebeq9cQEO5iqyxik/UAQ35BlmKb7SNLi75RtFE/AIZrRsEjTUoO2EtCMQOEMcenWa2XE8fEID BkwzreKeaOchCbDd4L9PvKFht6nDDFtb6VZdWs4ort+J3iFeilVf3oI5MSVi+qroWaFLnLYTQGTn qEjWANfKw3RRBAMdoPCZ+N4eftAk1TWVS08nOsPoKWXtIqX6y0ZPs/EZjBSk57v1TPLpYhEqYGXI oGJlIvzIAfYNoUg8yP8toG5T7x+7hRz0MMUGWcCDsS9PMFxH6SnrUSMxggMNMIIDCQIBATA6MCwx DjAMBgNVBAoTBUNpc2NvMRowGAYDVQQDExFDaXNjbyBFbXBsb3llZSBDQQIKAYYRIkE86rorVTAN BglghkgBZQMEAgEFAKCCAaQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMjAwNDI3MTUwNzAxWjAvBgkqhkiG9w0BCQQxIgQgTWNh0zf+ZE8eE3SuI2Dozq6UY9HwCtH9 75mCEe3V6VAwSQYJKwYBBAGCNxAEMTwwOjAsMQ4wDAYDVQQKEwVDaXNjbzEaMBgGA1UEAxMRQ2lz Y28gRW1wbG95ZWUgQ0ECCgGGESJBPOq6K1UwSwYLKoZIhvcNAQkQAgsxPKA6MCwxDjAMBgNVBAoT BUNpc2NvMRowGAYDVQQDExFDaXNjbyBFbXBsb3llZSBDQQIKAYYRIkE86rorVTCBoAYJKoZIhvcN AQkPMYGSMIGPMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUD BAECMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDALBglghkgBZQMEAgEwCwYJKoZIhvcN AQEKMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEA ZL9T0KKnlgDZeutlAksvUGA15zVOUCc4v6Ww/aG5PMArRLltfl9oRfdPMxzF2DaAimKxgGT/VSsH qE9hisHOMFTama2VpaEcc+c+LgSgAEU0z7g5ygLiYZ95PLFAUVa70uGgJfphBXMX3ueIgUwlBqeX lNkl4vZ4rpDKnLeFoxrwSe0rw3tyN24sfp2zfJnhlO8iMd1ZWFndjRQesffh3caWn0u0StnEVANp 6UjGMhEKNnDMfXP5OHVvKu3Ozh5MK7r7jFiMkkp+ThTLF8joO43ABn4GCUDizNJMoGrfCpPZuGPJ rDp9NLb7hHIJG/Dm20qyMyjJD3lSsMfd/0aN8QAAAAAAAA== ------=_NextPart_000_004D_01D61C83.FA117570-- From nobody Mon Apr 27 09:31:57 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88C7F3A0EE3 for ; Mon, 27 Apr 2020 09:31:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Rd1HnhUsw1d for ; Mon, 27 Apr 2020 09:31:51 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831393A0EE7 for ; Mon, 27 Apr 2020 09:31:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 104E4300AF9 for ; Mon, 27 Apr 2020 12:31:44 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GoZ0YyYspw50 for ; Mon, 27 Apr 2020 12:31:41 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id D5CFD300A01 for ; Mon, 27 Apr 2020 12:31:41 -0400 (EDT) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_CEB425E2-5572-4E73-9563-7F525E05DF22" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Mon, 27 Apr 2020 12:31:43 -0400 References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> To: LAMPS WG In-Reply-To: <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> Message-Id: <65EDFD81-BDF7-4F2B-B450-F8EB40AD1BF5@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 16:31:54 -0000 --Apple-Mail=_CEB425E2-5572-4E73-9563-7F525E05DF22 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Thanks for making the updates. I compiled the ASN.1 module, and the = compiler caught something that I read past. There is a missing letter = "a" in the ASN.1 module. Also the text in Section 4.1 has a third = spelling. Please make them all match ... OLD: AttrSet ATTRIBUTE ::=3D { aa-symmDecrytKeyID, ... } NEW: AttrSet ATTRIBUTE ::=3D { aa-asymmDecrytKeyID, ... } Russ > On Apr 21, 2020, at 5:16 PM, Russ Housley = wrote: >=20 >>=20 >> This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. >>=20 >> The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ = > I reviewed the document and it is basically ready, modulo a few minor = things: >=20 > 1) The title pages should include "Updates: 7030 (if approved)" in the = upper left corner. >=20 > 2) Section 1: I think it would be more clear to merge this paragraphs: >=20 > [RFC2616] and later [RFC7231] Appendix A.5 has text specifically > deprecating Content-Transfer-Encoding. >=20 > [RFC7030] calls it out this header incorrectly. >=20 > I suggest: >=20 > [RFC2616] and later [RFC7231] Appendix A.5 specifically deprecates > Content-Transfer-Encoding. However, [RFC7030] incorrectly uses = this header. >=20 > 3) Section 1 talks about HTTP-related topics in the beginning and the = middle of the section. I think it would be better to put them near each = other. >=20 > 4) Section 1: please add a reference for IEC 62351. >=20 > 5) Please use: >=20 > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", = and > "OPTIONAL" in this document are to be interpreted as described in > BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. >=20 > 6) Please add a reference for RFC 8174. >=20 > 7) Section 4, 2nd para: I find the wording confusing. I suggest: >=20 > This document updates [RFC7030] to require the POST request and > payload response of all endpoints use Base64 encoding as specified = in > Section 4 of [RFC4648]. In both cases, the Distinguished Encoding > Rules (DER) [X690] are used to produce the input for the Base64 > encoding routine. This format is to be used regardless of any > Content-Transfer-Encoding header, and any value in > such a header MUST be ignored. >=20 > 8) Section 5.1: Since there is only one ATTRIBUTE in the document, = why not reduce the complexity by: >=20 > OLD: >=20 > AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } >=20 > NEW: >=20 > AttrSet ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, ... } >=20 > Note: If you accept this change, it needs to be made in the ASN.1 = module too. >=20 > 9) Section 5.1: s/crypto system/cryptographic algorithm/ (more than = one place) >=20 > Russ --Apple-Mail=_CEB425E2-5572-4E73-9563-7F525E05DF22 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Thanks for making the updates.  I compiled the ASN.1 = module, and the compiler caught something that I read past.  There = is a missing letter "a" in the ASN.1 module.  Also the text in = Section 4.1 has a third spelling.  Please make them all match = ...

OLD:

  = AttrSet ATTRIBUTE ::=3D { aa-symmDecrytKeyID, ... }

NEW:

  = AttrSet ATTRIBUTE ::=3D { aa-asymmDecrytKeyID, ... }

Russ


On Apr 21, 2020, at 5:16 PM, = Russ Housley <housley@vigilsec.com> wrote:

=20 =20 

This is =
the LAMPS WG Last Call for "Clarification of Enrollment over Secure =
Transport (EST): transfer encodings and ASN.1=E2=80=9D =
<draft-ietf-lamps-rfc7030est-clarify-02>.  Please review the =
document and send your comments to the list by 19 April 2020.  This is =
longer than usual to accommodate the vast number of virtual interim =
sessions that are taking place right now.

The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/=

I reviewed the document and it is = basically ready, modulo a few minor things:

1) The title pages should include "Updates: 7030 = (if approved)" in the upper left corner.

2) Section = 1: I think it would be more clear to merge this paragraphs:

  =  [RFC2616] and later [RFC7231] Appendix A.5 has text = specifically
   deprecating = Content-Transfer-Encoding.

   [RFC7030] calls it out this header = incorrectly.

I suggest:

   [RFC2616] and later [RFC7231] = Appendix A.5 specifically deprecates
  =  Content-Transfer-Encoding.  However, [RFC7030] incorrectly = uses this header.

3) Section 1 talks about HTTP-related topics in the beginning = and the middle of the section.  I think it would be better to put = them near each other.

4) Section 1: please add a reference for IEC = 62351.

5) = Please use:

   The key words "MUST", "MUST NOT", "REQUIRED", = "SHALL", "SHALL NOT",
   "SHOULD", = "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be = interpreted as described in
   BCP 14 = [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

6) Please add a = reference for RFC 8174.

7) Section 4, 2nd para: I find the wording confusing.  I = suggest:

   This document updates [RFC7030] to require the = POST request and
   payload response of = all endpoints use Base64 encoding as specified in
   Section 4 of [RFC4648].  In both cases, the = Distinguished Encoding
   Rules (DER) = [X690] are used to produce the input for the Base64
   encoding routine. This format is to be used = regardless of any
  =  Content-Transfer-Encoding header, and any value in
   such a header MUST be ignored.

8) Section 5.1: =  Since there is only one ATTRIBUTE in the document, why not reduce = the complexity by:

OLD:

  AttrSet ATTRIBUTE ::=3D { = AttributesDefinedInRFC7030, ... }

NEW:

  AttrSet ATTRIBUTE ::=3D { = aa-asymmDecryptKeyID, ... }

Note: If you accept this change, it = needs to be made in the ASN.1 module too.

9) Section 5.1: =  s/crypto system/cryptographic algorithm/ (more than one = place)

Russ
=

= --Apple-Mail=_CEB425E2-5572-4E73-9563-7F525E05DF22-- From nobody Mon Apr 27 10:40:41 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6DC3A125B for ; Mon, 27 Apr 2020 10:40:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P32MPyKkrz4k for ; Mon, 27 Apr 2020 10:40:39 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 342ED3A1257 for ; Mon, 27 Apr 2020 10:40:39 -0700 (PDT) Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03RHcpFV007299; Mon, 27 Apr 2020 18:40:38 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=1czcTNgcv9qlHdDsNyD06KwhAoZVu0NlQnF252Q/SfE=; b=LVlD1oaa2WiIadiTDlKXpAC6CcSv211St/18Pdjl75/Yb3WlAtIt7TS1VLUm5hETxsDt 4yGI4AS831FgLNglZELwZD4zbX5Ns4cOFhNsfqHepqmG2iHeuImQKc5DNhZmEQv5AhYq 2VhACU4mwcVFupISHjYKv1nuOFIaljKfi+rtr9V4l9+fn1b1PMACRK9+25xKiYYhjzSi 9tVviIKZO2F2iy+pRqhYoOLFKofbgZoDtRv9AuEY037otnoCZkJNKxFDjIhXEnEjzRw/ 89Uuj5bx+LyT7+usPhYlBeNyvdJAKEyMf+gmVcwca9diNmTg842hDweEyNrPJOf9xBjv zw== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 30mcf815um-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 27 Apr 2020 18:40:38 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 03RHH7UT020194; Mon, 27 Apr 2020 13:40:37 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.113]) by prod-mail-ppoint1.akamai.com with ESMTP id 30mghvb1ev-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 27 Apr 2020 13:40:36 -0400 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.165.122) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Apr 2020 12:40:12 -0500 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Mon, 27 Apr 2020 12:40:01 -0500 From: "Salz, Rich" To: Russ Housley , LAMPS WG Thread-Topic: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 Thread-Index: AQHWHKP3acpH3fhkZUSGo0rdnbWt6qiNTWMA Date: Mon, 27 Apr 2020 17:40:00 +0000 Message-ID: <679B73FC-7C1B-4F9B-87E9-ADF5AB70BCDB@akamai.com> References: <31FF8CDA-9A6B-4C16-ABD0-800E06325748@vigilsec.com> In-Reply-To: <31FF8CDA-9A6B-4C16-ABD0-800E06325748@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.36.20041300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.112.195] Content-Type: text/plain; charset="utf-8" Content-ID: <24644F4E33D16D4F9BD9150B4BCC8BC4@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-27_12:2020-04-27, 2020-04-27 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=905 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004270142 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-27_12:2020-04-27, 2020-04-27 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 phishscore=0 mlxlogscore=900 bulkscore=0 mlxscore=0 spamscore=0 malwarescore=0 suspectscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004270144 Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 17:40:40 -0000 Tml0IGluIHRoZSBhYnN0cmFjdDoNCglPQ1NQIHJlc3BvbmRlciBbaW5zZXJ0IG94Zm9yZCBjb21t YSBoZXJlXSBhbmQgcG9zc2libGUgZXZhc2lvbnMNCg0KU2VjdGlvbiAyLjENCgluZXdlciBPQ1NQ IGNsaWVudHMgTVVTVCB1c2UgbGVuZ3RoIG9mIGF0IGxlYXN0IDE2IG9jdGV0cyBmb3IgTm9uY2UN ClNob3VsZCBNVVNUIGJlIGEgU0hPVUxEPyAgRG9uJ3QgY2FyZSBlaXRoZXIgd2F5IHNpbmNlIGl0 IHNheXMgIm5ld2VyIGNsaWVudHMiDQoNCkxvb2tzIGdvb2QgdG8gbWUsIHNoaXAgaXQuDQoNCg0K From nobody Mon Apr 27 11:05:59 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5C9A3A1332 for ; Mon, 27 Apr 2020 11:05:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CqOB4-6JXYHz for ; Mon, 27 Apr 2020 11:05:56 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2767B3A1331 for ; Mon, 27 Apr 2020 11:05:56 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3D5BB38981; Mon, 27 Apr 2020 14:04:03 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F173310E; Mon, 27 Apr 2020 14:05:54 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: <65EDFD81-BDF7-4F2B-B450-F8EB40AD1BF5@vigilsec.com> References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> <65EDFD81-BDF7-4F2B-B450-F8EB40AD1BF5@vigilsec.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 18:05:58 -0000 --=-=-= Content-Type: text/plain Thank you for catching that. BEFORE: % grep aa- rfc7030est-clarify-03.txt AttrSet ATTRIBUTE ::= { aa-asymDecryptKeyId, ... } AttrSet ATTRIBUTE ::= { aa-symmDecrytKeyID, ... } aa-asymmDecryptKeyID ATTRIBUTE ::= IDENTIFIED BY id-aa-asymmDecryptKeyID } id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2) AFTER (-04): %grep aa- rfc7030est-clarify-04.txt AttrSet ATTRIBUTE ::= { aa-asymmDecryptKeyId, ... } AttrSet ATTRIBUTE ::= { aa-asymmDecrytKeyID, ... } aa-asymmDecryptKeyID ATTRIBUTE ::= IDENTIFIED BY id-aa-asymmDecryptKeyID } id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2) I think that they ALL match now. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6nHwIACgkQgItw+93Q 3WUj8wf/UIsxTmKNGiAYOp7RfIOA0K/Pv0grYDdNWVXvkXnVmttNgyDJskGYqaRx YErx6VuMOvZYX2clShDVZcSkuIgm5kMmuCxRjh0hicDtskWNOeNrGWt3DDuahzow TBSKRCSaw1NfqSeNlIZn9tVCST6AefmN6aZi5Bq/MaCGU12JaLcclgiJGEfuieS/ 6OunOInrKHgWSArJ+9LInDvvI1nYLCNqXOrEForbK6m7LJ4iLLtNAA5F3m3Ew5p5 vgkSzkDR5z0Aghn7sOVLViEiYOs+uTuTbdLYTy0BQPJo+QTt21a8r13XGuasEHEg tXoSxB2sj+e+0raOuY17l3aNWAxvIA== =TzIw -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Apr 27 11:37:51 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA4F3A1652 for ; Mon, 27 Apr 2020 11:37:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3hQeVSLGoN4 for ; Mon, 27 Apr 2020 11:37:47 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C6D63A164E for ; Mon, 27 Apr 2020 11:37:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2FEF0300B5D for ; Mon, 27 Apr 2020 14:37:45 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6zqJhFLLAItz for ; Mon, 27 Apr 2020 14:37:43 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id E52F7300471; Mon, 27 Apr 2020 14:37:43 -0400 (EDT) From: Russ Housley Message-Id: <7B37A940-1D94-477D-A035-9CA90538B796@vigilsec.com> Content-Type: multipart/signed; boundary="Apple-Mail=_54BBB0CF-01AE-4E33-9924-D4FE1BC60CDB"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Mon, 27 Apr 2020 14:37:44 -0400 In-Reply-To: <6257.1588010754@localhost> Cc: LAMPS WG To: Michael Richardson References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> <65EDFD81-BDF7-4F2B-B450-F8EB40AD1BF5@vigilsec.com> <6257.1588010754@localhost> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 18:37:49 -0000 --Apple-Mail=_54BBB0CF-01AE-4E33-9924-D4FE1BC60CDB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Not quite. I see two spellings of KeyID and KeyId. RFC 7030 uses = KeyID. Russ > On Apr 27, 2020, at 2:05 PM, Michael Richardson = wrote: >=20 > Signed PGP part >=20 > Thank you for catching that. >=20 > BEFORE: > % grep aa- rfc7030est-clarify-03.txt > AttrSet ATTRIBUTE ::=3D { aa-asymDecryptKeyId, ... } > AttrSet ATTRIBUTE ::=3D { aa-symmDecrytKeyID, ... } > aa-asymmDecryptKeyID ATTRIBUTE ::=3D > IDENTIFIED BY id-aa-asymmDecryptKeyID } > id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::=3D { iso(1) = member-body(2) >=20 > AFTER (-04): > %grep aa- rfc7030est-clarify-04.txt > AttrSet ATTRIBUTE ::=3D { aa-asymmDecryptKeyId, ... } > AttrSet ATTRIBUTE ::=3D { aa-asymmDecrytKeyID, ... } > aa-asymmDecryptKeyID ATTRIBUTE ::=3D > IDENTIFIED BY id-aa-asymmDecryptKeyID } > id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::=3D { iso(1) = member-body(2) >=20 > I think that they ALL match now. >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 >=20 >=20 --Apple-Mail=_54BBB0CF-01AE-4E33-9924-D4FE1BC60CDB Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iF0EARECAB0WIQRJuTEKFXbtfFQz5huK5O7Q9ZwRywUCXqcmeAAKCRCK5O7Q9ZwR y7IAAKC1i+ey5teLrimIVkkj8bD4jDOxjwCg3AzTINpmX4AR2m2iXPDqwSZObEQ= =l5E0 -----END PGP SIGNATURE----- --Apple-Mail=_54BBB0CF-01AE-4E33-9924-D4FE1BC60CDB-- From nobody Mon Apr 27 12:20:40 2020 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF543A0D2E; Mon, 27 Apr 2020 12:20:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.127.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <158801523144.20027.3103338300133180589@ietfa.amsl.com> Date: Mon, 27 Apr 2020 12:20:31 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-04.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 19:20:32 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Clarification of Enrollment over Secure Transport (EST): transfer encodings and ASN.1 Authors : Michael Richardson Thomas Werner Wei Pan Filename : draft-ietf-lamps-rfc7030est-clarify-04.txt Pages : 12 Date : 2020-04-27 Abstract: This document updates RFC7030: Enrollment over Secure Transport (EST) to resolve some errata that was reported, and which has proven to cause interoperability issues when RFC7030 was extended. This document deprecates the specification of "Content-Transfer- Encoding" headers for EST endpoints. This document fixes some syntactical errors in ASN.1 that was presented. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-rfc7030est-clarify-04 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-rfc7030est-clarify-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-rfc7030est-clarify-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Apr 27 12:21:26 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B063A0D30 for ; Mon, 27 Apr 2020 12:21:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQRQb6ABFA9q for ; Mon, 27 Apr 2020 12:21:22 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FF443A0D2E for ; Mon, 27 Apr 2020 12:21:18 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 6AC9738981; Mon, 27 Apr 2020 15:19:24 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 33DEE10E; Mon, 27 Apr 2020 15:21:16 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: <7B37A940-1D94-477D-A035-9CA90538B796@vigilsec.com> References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <7099E9D5-6254-4052-A881-0F86E7A68FA4@vigilsec.com> <65EDFD81-BDF7-4F2B-B450-F8EB40AD1BF5@vigilsec.com> <6257.1588010754@localhost> <7B37A940-1D94-477D-A035-9CA90538B796@vigilsec.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 19:21:25 -0000 --=-=-= Content-Type: text/plain Russ Housley wrote: > Not quite. I see two spellings of KeyID and KeyId. RFC 7030 uses > KeyID. cancelled my submission and trying again. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6nMKsACgkQgItw+93Q 3WVqfQf/eQDVamsIYyEb8QbHQVQXQLHt3ANXkKZwrVaBEirDE6bLNFuN8GZLr00V DWoLaE8thaJdJRvdpa4jXfe0a5lUn+LFVKELj9FLReBNx/v3447VfrsY3QBILhLY axYzmN+I1gnYo4FmjhVl/pacmdOMhcD/4zoy3UP/WhpDjp7dkkHChtdS3dUVA+r8 8pzlWmegeCkZGD4FcVi0eZb4gmYQIEdFLdkfegcYSSgNRMkR6iBlE3HSrlqtvA3o JY1jtOqF/SMFxNS9IhzYWv7UGLxpbtnetxdGrGquSSSxsXQo4y5M9WeT0s8YAT9d Uv6Q3GSLRvGHqWL+obtjuK32VTdM/w== =ZbQI -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Apr 27 12:23:25 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA413A1AD8 for ; Mon, 27 Apr 2020 12:23:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yCoPpvLv7_x for ; Mon, 27 Apr 2020 12:23:22 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E21863A1AE1 for ; Mon, 27 Apr 2020 12:23:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 874AF300B53 for ; Mon, 27 Apr 2020 15:23:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MHiSsDXX9W9f for ; Mon, 27 Apr 2020 15:23:18 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 6FE95300471 for ; Mon, 27 Apr 2020 15:23:18 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Mon, 27 Apr 2020 15:23:19 -0400 References: <158801523144.20027.3103338300133180589@ietfa.amsl.com> To: spasm@ietf.org In-Reply-To: <158801523144.20027.3103338300133180589@ietfa.amsl.com> Message-Id: X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-rfc7030est-clarify-04.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2020 19:23:23 -0000 Thanks Michael. With this change, the comments that I submitted are = resolved. Russ > On Apr 27, 2020, at 3:20 PM, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the Limited Additional Mechanisms for = PKIX and SMIME WG of the IETF. >=20 > Title : Clarification of Enrollment over Secure = Transport (EST): transfer encodings and ASN.1 > Authors : Michael Richardson > Thomas Werner > Wei Pan > Filename : draft-ietf-lamps-rfc7030est-clarify-04.txt > Pages : 12 > Date : 2020-04-27 >=20 > Abstract: > This document updates RFC7030: Enrollment over Secure Transport = (EST) > to resolve some errata that was reported, and which has proven to > cause interoperability issues when RFC7030 was extended. >=20 > This document deprecates the specification of "Content-Transfer- > Encoding" headers for EST endpoints. This document fixes some > syntactical errors in ASN.1 that was presented. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ From nobody Tue Apr 28 07:58:12 2020 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 112193A1557; Tue, 28 Apr 2020 07:58:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.128.0 Auto-Submitted: auto-generated Precedence: bulk Cc: housley@vigilsec.com, The IESG , rfc-editor@rfc-editor.org, draft-ietf-lamps-5480-ku-clarifications@ietf.org, rdd@cert.org, spasm@ietf.org, Russ Housley , lamps-chairs@ietf.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <158808588405.11245.13995874182148658796@ietfa.amsl.com> Date: Tue, 28 Apr 2020 07:58:04 -0700 Archived-At: Subject: [lamps] Protocol Action: 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key Information' to Proposed Standard (draft-ietf-lamps-5480-ku-clarifications-03.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2020 14:58:04 -0000 The IESG has approved the following document: - 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key Information' (draft-ietf-lamps-5480-ku-clarifications-03.txt) as Proposed Standard This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-5480-ku-clarifications/ Technical Summary This document updates RFC 5480 to specify semantics for the keyEncipherment and dataEncipherment key usage bits when used in certificates that support Elliptic Curve Cryptography. Working Group Summary There is consensus for this document in the LAMPS WG. Document Quality The information in this mail list posting shows that this guidance is needed: https://mailarchive.ietf.org/arch/msg/spasm/mSDS2rOYWoX6jb-d9TmXug3OgPo Personnel Russ Housley is the document shepherd. Roman Danyliw is the responsible area director. From nobody Tue Apr 28 08:34:49 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 637C43A170F for ; Tue, 28 Apr 2020 08:34:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id thkI-4Lgoqt2 for ; Tue, 28 Apr 2020 08:34:46 -0700 (PDT) Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C233A1730 for ; Tue, 28 Apr 2020 08:34:45 -0700 (PDT) Received: by mail-lj1-x230.google.com with SMTP id l19so21947264lje.10 for ; Tue, 28 Apr 2020 08:34:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=3BJLi6+QVJenLufDJeHoQr6djGyB3Niw1rzZz/S5ARE=; b=yvCedKG9BO8FivsS+7Qu/WEHuXvlQZpnWsaOOYo65m5NkDnWWvCR70zXuZt7xL6Uba pzbM2mSuvlvRtLjg2HUGWMIu/evgUBtiYE7ykKJZKDKsv6zN3GQI76Bdiq117apL7vre SzmiNDE/29pgVVnN25GEy4ENFDOpu2IWLfN0Y4IVpdXi4jG6ujUJlWEsrsWrn0A2HNFX w6WunTXU2d6S4L4ngepKy+V2r4Nwz0a20kq/qHo23ekXdqF/upjVLndRSMJQB67luCh6 IOB41pUxvqNUYlCSF+Oj+vwu00aKQVjK4HV0rsz9Z+HFXk9cYJChtcxmosORP5BSU4mV 37xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=3BJLi6+QVJenLufDJeHoQr6djGyB3Niw1rzZz/S5ARE=; b=egXLRgUF1EQxEXWPUV6hnO+W2L6k6EhTjD4ibXAoowWI5hant+I8xnFiqTiKcfcm9A 1OEaa818nEJN0aR2SKi4lLAJMGLlEE7Il/ewofoLIgH2qAhje+ugmg15xKPS1jDs0MbK 3gnDZffdTkelejlFP5kW3LoH3XWRXGHT3BhfV0YvKs/fE+CbCrAOwLnta4BMEwK8+c0I iK1hs1fARNFp2cxHxF2gXolm2h7BVEMDWu0etwQ6BRX8jz/GRK8mQqMogDjcBxeDxBz7 2Sa3PRW/L24ZEJRvVU040ekuuR9UaNwguPRcumTZ/SdulclYNa9x1WcFcYAzUMu6bCKK JK/w== X-Gm-Message-State: AGi0PuYY0uSTyS6gzD+3bv0cQmz7kqFgw66ALGGk0I1WECeuUimKf3QB +vFHAdddrk2UGAIa9TzZlrpbdA/Qz36K9jSQXE/NkuLE0os= X-Google-Smtp-Source: APiQypINitD7mk9Y0TwlD45+vAXdMbQWZXF8+gyZwLkZNrxtoFrOaCajvxfhe1gNRPQ4H7DGu9C8Y7/WmBQXhVxY9EA= X-Received: by 2002:a2e:953:: with SMTP id 80mr18183668ljj.276.1588088083291; Tue, 28 Apr 2020 08:34:43 -0700 (PDT) MIME-Version: 1.0 From: Warren Kumari Date: Tue, 28 Apr 2020 11:34:06 -0400 Message-ID: To: LAMPS WG , Mark Nottingham , draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [lamps] draft-ietf-anima-bootstrapping-keyinfra will be updating RFC7030 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2020 15:34:48 -0000 Hi there all, draft-ietf-anima-bootstrapping-keyinfra (https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/) was recently approved for publication. Back in October the designated expert for the well-known URIs (Mark Nottingham) had sent "I think this document needs to update RFC7030, if it's changing how the well-known URI is handled." - unfortunately this comment was lost during the transition of the draft between ADs (and was caught by the IANA). There has been some back and forth with the authors and Mark, and it seems like the correct outcome is for this document to be listed as Updates RFC7030. Benjamin Kaduk suggested that inform LAMPS... So, unless anyone *strongly* objects, this document will be listed as "Updates: RFC7030" (and, we hope, in the future, to have more clarity / granularity around Updates, so that we can have things like "Extends", "See Also", etc.) Thank you, W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf From nobody Tue Apr 28 09:04:58 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EAAB3A074E for ; Tue, 28 Apr 2020 09:04:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X_zqK2AJ7Bpe for ; Tue, 28 Apr 2020 09:04:55 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 858C53A0771 for ; Tue, 28 Apr 2020 09:04:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C713D300B56 for ; Tue, 28 Apr 2020 12:04:52 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ykU_c7djJ3QU for ; Tue, 28 Apr 2020 12:04:51 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id D28D0300A01; Tue, 28 Apr 2020 12:04:50 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: Date: Tue, 28 Apr 2020 12:04:51 -0400 Cc: LAMPS WG , Mark Nottingham , draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Warren Kumari X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] draft-ietf-anima-bootstrapping-keyinfra will be updating RFC7030 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2020 16:04:57 -0000 Warren: Would it be better to put that part in = draft-ietf-lamps-rfc7030est-clarify? That I-D is in WG Last Call now, = so the dependency should not cause a big delay. Russ > On Apr 28, 2020, at 11:34 AM, Warren Kumari wrote: >=20 > Hi there all, >=20 > draft-ietf-anima-bootstrapping-keyinfra > = (https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/= ) > was recently approved for publication. >=20 > Back in October the designated expert for the well-known URIs (Mark > Nottingham) had sent > "I think this document needs to update RFC7030, if it's changing how > the well-known URI is handled." - unfortunately this comment was lost > during the transition of the draft between ADs (and was caught by the > IANA). >=20 > There has been some back and forth with the authors and Mark, and it > seems like the correct outcome is for this document to be listed as > Updates RFC7030. Benjamin Kaduk suggested that inform LAMPS... >=20 > So, unless anyone *strongly* objects, this document will be listed as > "Updates: RFC7030" (and, we hope, in the future, to have more clarity > / granularity around Updates, so that we can have things like > "Extends", "See Also", etc.) >=20 > Thank you, > W >=20 >=20 > --=20 > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Tue Apr 28 09:51:36 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1B023A07E9; Tue, 28 Apr 2020 09:51:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9Zw5I7FvpfX; Tue, 28 Apr 2020 09:51:26 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0CA73A05A7; Tue, 28 Apr 2020 09:51:25 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7296238983; Tue, 28 Apr 2020 12:49:32 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 086C3AA9; Tue, 28 Apr 2020 12:51:25 -0400 (EDT) From: Michael Richardson To: Russ Housley , Warren Kumari , LAMPS WG CC: draft-ietf-anima-bootstrapping-keyinfra.all@ietf.org, Mark Nottingham In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] draft-ietf-anima-bootstrapping-keyinfra will be updating RFC7030 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Apr 2020 16:51:34 -0000 --=-=-= Content-Type: text/plain Russ Housley wrote: > Would it be better to put that part in > draft-ietf-lamps-rfc7030est-clarify? That I-D is in WG Last Call now, > so the dependency should not cause a big delay. I don't think that this helps. The point is that RFC7030 would acquire, via meta-data, a forward reference to https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/ Warren, > So, unless anyone *strongly* objects, this document will be listed as > "Updates: RFC7030" (and, we hope, in the future, to have more clarity > / granularity around Updates, so that we can have things like > "Extends", "See Also", etc.) I think that it is worth saying somewhere (to avoid the IESG timesink) https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/ "Updates" is of the form Extends. While the draft-ietf-lamps-rfc7030est-clarify Updates is of the form Amends. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6oXwwACgkQgItw+93Q 3WWtZAf/SCdQ7VaqIWF9fFC27KrVrhOP/57ICy38pOcuMFcLp70tYjS7dvCADpTp bQo4+JPbAqBPwRvu/0aaNIDMZp6JPjeOWyBWIJwl2VOCX8pHo2SLM3GHl/wXBwlT qPvT1Tvu6XOrX5YW5Le/qwVC0QUTfm8oaUGupg4uCduMPpQdHtklKKko0NO/Il68 7ArsAWOjsbIIulwYq43LNdwKhr8ag3ttoO7TsLos3VvGWPmG4J7bzJa/ObmwT3+A xy0OFDOBbObrk2SHNPxYKQ5PDRS3j2sabdo73JKchnCS9JczpcueeymfzCa6XvIs Q2BWsvzkpyOn3GEZ8QCv+bLoHapKBA== =Ctyk -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Apr 29 14:32:29 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2AD33A182E for ; Wed, 29 Apr 2020 14:32:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbLcIteSM3e3 for ; Wed, 29 Apr 2020 14:32:24 -0700 (PDT) Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AFD73A0D40 for ; Wed, 29 Apr 2020 14:32:23 -0700 (PDT) Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 03TLNTBq056277 for ; Wed, 29 Apr 2020 21:32:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2020-01-29; bh=isGf8LKyWVbMxbe/aSSMI/DPKKrQFdMRWs99cd4c2VQ=; b=nYiD58iAuT8r1uxEmjGuCFPeYGLUjcvvbFemneuMk4LtAlqo1wvRxLPyDxSOUspmW2hf gux6w92/em2nSwC+ancILQgIGA6UN8HHTdb4sALZV+MkgokqY1lVyQ4Ia4p1CH+FMwSE f3RtGCX1SnQxbIEEpWmclo99f9MFicKYI6V9r/V8Uu+sapXvjHNDHxYfv64RdldYSB0X HLVtSYx4PJkp8cczDnI3Pw7+lxf3XhXsAmx9oSFoAPlWzyr80g4daP0Jm6BW+NHZATQt E8wSLCrJkGQqoZKSJTY3WQeAre22f/Jl2DTTCDNQ75i7E1LgdPTVcUKJU3NgPWsk0D+b 6Q== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 30p2p0dmvv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 29 Apr 2020 21:32:22 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 03TLM6Jm044209 for ; Wed, 29 Apr 2020 21:32:21 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3030.oracle.com with ESMTP id 30mxrvye7m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 29 Apr 2020 21:32:21 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 03TLWKLp005321 for ; Wed, 29 Apr 2020 21:32:20 GMT Received: from [10.39.192.115] (/10.39.192.115) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 29 Apr 2020 14:32:20 -0700 To: spasm@ietf.org References: <158808588405.11245.13995874182148658796@ietfa.amsl.com> From: Sean Mullan Organization: Oracle Corporation Message-ID: Date: Wed, 29 Apr 2020 17:32:18 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <158808588405.11245.13995874182148658796@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9606 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 suspectscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004290154 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9606 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 phishscore=0 clxscore=1011 bulkscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 mlxscore=0 suspectscore=0 mlxlogscore=999 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004290154 Archived-At: Subject: Re: [lamps] Protocol Action: 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key Information' to Proposed Standard (draft-ietf-lamps-5480-ku-clarifications-03.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Apr 2020 21:32:27 -0000 There is a typo in the title: "Cryptogtaphy" -> "Cryptography" --Sean On 4/28/20 10:58 AM, The IESG wrote: > The IESG has approved the following document: > - 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key > Information' > (draft-ietf-lamps-5480-ku-clarifications-03.txt) as Proposed Standard > > This document is the product of the Limited Additional Mechanisms for PKIX > and SMIME Working Group. > > The IESG contact persons are Benjamin Kaduk and Roman Danyliw. > > A URL of this Internet Draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-5480-ku-clarifications/ > > > > > > Technical Summary > > This document updates RFC 5480 to specify semantics for the > keyEncipherment and dataEncipherment key usage bits when used > in certificates that support Elliptic Curve Cryptography. > > Working Group Summary > > There is consensus for this document in the LAMPS WG. > > Document Quality > > The information in this mail list posting shows that this > guidance is needed: > > https://mailarchive.ietf.org/arch/msg/spasm/mSDS2rOYWoX6jb-d9TmXug3OgPo > > Personnel > > Russ Housley is the document shepherd. > Roman Danyliw is the responsible area director. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > From nobody Wed Apr 29 14:48:53 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61D333A040B for ; Wed, 29 Apr 2020 14:48:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxLYW4q2Tlcz for ; Wed, 29 Apr 2020 14:48:49 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C98493A0400 for ; Wed, 29 Apr 2020 14:48:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 33E29300AFB for ; Wed, 29 Apr 2020 17:48:47 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ujUx0BTCY4o1 for ; Wed, 29 Apr 2020 17:48:45 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id DAAA6300A93; Wed, 29 Apr 2020 17:48:45 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) From: Russ Housley In-Reply-To: Date: Wed, 29 Apr 2020 17:48:47 -0400 Cc: spasm@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <51A2186B-1B2F-44D7-AC88-5D98D540AEDC@vigilsec.com> References: <158808588405.11245.13995874182148658796@ietfa.amsl.com> To: Sean Mullan X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] Protocol Action: 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key Information' to Proposed Standard (draft-ietf-lamps-5480-ku-clarifications-03.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Apr 2020 21:48:51 -0000 Thanks. Authors, please make sure this is corrected in AUTH48 if the = RFC Editor does not notice. Russ > On Apr 29, 2020, at 5:32 PM, Sean Mullan = wrote: >=20 > There is a typo in the title: >=20 > "Cryptogtaphy" -> "Cryptography" >=20 > --Sean >=20 > On 4/28/20 10:58 AM, The IESG wrote: >> The IESG has approved the following document: >> - 'Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key >> Information' >> (draft-ietf-lamps-5480-ku-clarifications-03.txt) as Proposed = Standard >> This document is the product of the Limited Additional Mechanisms for = PKIX >> and SMIME Working Group. >> The IESG contact persons are Benjamin Kaduk and Roman Danyliw. >> A URL of this Internet Draft is: >> = https://datatracker.ietf.org/doc/draft-ietf-lamps-5480-ku-clarifications/ >> Technical Summary >> This document updates RFC 5480 to specify semantics for the >> keyEncipherment and dataEncipherment key usage bits when used >> in certificates that support Elliptic Curve Cryptography. >> Working Group Summary >> There is consensus for this document in the LAMPS WG. >> Document Quality >> The information in this mail list posting shows that this >> guidance is needed: >> = https://mailarchive.ietf.org/arch/msg/spasm/mSDS2rOYWoX6jb-d9TmXug3OgPo >> Personnel >> Russ Housley is the document shepherd. >> Roman Danyliw is the responsible area director. >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Wed Apr 29 18:22:02 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 877BD3A0C41 for ; Wed, 29 Apr 2020 18:21:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.918 X-Spam-Level: X-Spam-Status: No, score=-2.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzk0xidx_XVn for ; Wed, 29 Apr 2020 18:21:56 -0700 (PDT) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2065.outbound.protection.outlook.com [40.92.22.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904A43A0C3D for ; Wed, 29 Apr 2020 18:21:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dAaPx/5uc3l6lnjow8FLI352g6+M4zStwbszNp79bj6FcTUj3EHbUSVOT8vdLna8BPQuaSXswmE+BBnhC99ExjMCSx5z7TdihZqYPRaDAKJoVBHEllm4L2YjeAlPygcUL+KKFHA16qw/WbtBX806SJYn1Hv/V+rYQP8JICoV7LJJBPTmVly2U5o7hR7PpSHP6SEE04PSGIuaapo72gIwftCgiON7xTOs2Sd2V8W23xQ/WZrmqEZrguRpzBBL/7WWsJ0V+IT3qMGBprJkfJE0qyrmoedkfpqY3jSTaL2i1dWrHvwwSZjdcvbckZVKNwyqoCuVvDI1Z4aflQp3PnPIHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l5b8y50192VgDEGeK348scoNrwP43fQ2uUNMXc7xoN0=; b=AHOUstZY0DxOsOC1judbxHo4s6F4rabTrX1vfIo0+t2TrIEsZkuce8AJwlhkY/UFKm3yEC0aGmmMIodrA1asWUlZkDl3wOa8Y+d+unc/8EeR6JxyHENx7a/e5Xn+reV7mbEj7cwNJqdpEb2TtfYyEGWppyFKqrhlrirvAIzsN6nbA2s7qCT9nEM6MbjpzNi2QdfMAml4v008+Gr+D2MDS6ghGL/vGntqR6T2Cb23mhtFV9Gb+zy8wzliNKPO3EynjRzSjmXhOXsvFlKjAz6T5lKCm9WZH7pv5sPWVb+Sfa8Twb7CsMAETK1ReXHarPBIsdyvgDvpmrFCJd67J++LnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l5b8y50192VgDEGeK348scoNrwP43fQ2uUNMXc7xoN0=; b=UJGqAJwYEoF6oY3XC9cpcpPPjHqC+Nql4r7a0ClIsvzCASF6hawg8KjhFOXll1hc6pai0urxpopbXb9/2RGBHNultPn84rLHS1j0go9DABERVnBgCWi/eILE+p2Tz7fSqXhtFgWwojOXuMjxiiQweMZJdvzFoSle5kuZpN6mJPTK01Hsvn9FTAngNJMzD52eJ48xjnzjksjj4pa1uG3SyHVF6ukJr/FmRLuJPWnBDqNGukab7nGJ5tAOE3Silfj+frwPrK0ovOJFCyWlVYzkdiOC5qhpd8Ef2qoxpOsjMg1xIlcdKFogVpvetC3yPmyman9GjW/nyS6jt8U/NMF8mA== Received: from MW2NAM12FT004.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::4f) by MW2NAM12HT240.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::402) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.12; Thu, 30 Apr 2020 01:21:54 +0000 Received: from MN2PR18MB3264.namprd18.prod.outlook.com (2a01:111:e400:fc65::45) by MW2NAM12FT004.mail.protection.outlook.com (2a01:111:e400:fc65::71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.12 via Frontend Transport; Thu, 30 Apr 2020 01:21:54 +0000 Received: from MN2PR18MB3264.namprd18.prod.outlook.com ([fe80::ed17:1554:5a59:cd4c]) by MN2PR18MB3264.namprd18.prod.outlook.com ([fe80::ed17:1554:5a59:cd4c%7]) with mapi id 15.20.2937.028; Thu, 30 Apr 2020 01:21:54 +0000 From: Corey Bonnell To: "Salz, Rich" , Russ Housley , LAMPS WG Thread-Topic: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 Thread-Index: AQHWHKQM9zyLNeGXGEKZjf7LXygMvqiNPHcAgAOj10E= Date: Thu, 30 Apr 2020 01:21:54 +0000 Message-ID: References: <31FF8CDA-9A6B-4C16-ABD0-800E06325748@vigilsec.com>, <679B73FC-7C1B-4F9B-87E9-ADF5AB70BCDB@akamai.com> In-Reply-To: <679B73FC-7C1B-4F9B-87E9-ADF5AB70BCDB@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:70EFCB4978A27E4637893B119AECCEB1220CE8C224FDEAD18F57CD53EB6711EE; UpperCasedChecksum:AF7BEDCB8E4A8D5038E2BD5ECCBAF09F88194C06AEFA40E0619A8BF8956BB798; SizeAsReceived:7032; Count:45 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [1QvWi9S6cE9GWtsg0P1BtRGbgh9xORMe] x-ms-publictraffictype: Email x-incomingheadercount: 45 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 8ba55a87-8731-423a-8b12-08d7eca4de6d x-ms-traffictypediagnostic: MW2NAM12HT240: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cywEjYdxDx2EpoxDBaptMR9BvqBE9xF4MhGQgxWpv6p8dWp4zmBx56VymKEbes72LXT3JFQ4bVOmQi6UEPGBVrDeFVxf0jCn/0kSG8HNz503LrJWahVRivF/sVCi8cLjSU5Ejr987BfWdMU3soibok4i/Cw3KiNer7YWtKyphUUFCi93P0uJTC4VprQ+aMRH+Mqrr65QXh+1/0XOzZkt2Uj1Q8ozTwbNMyYRrNT0KOvF9GJ1pUYnLDpgtfnuA0zZ x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:0; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR18MB3264.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:; DIR:OUT; SFP:1901; x-ms-exchange-antispam-messagedata: B0Kr7+saiQJyHYGkfhk7roWjYeb3dyth1q7cruelKuHnWyVJXXprAu+2r4SOvFP+0AQXpjaxAs3Uss0spYO2e3mpKMtxI881AsMMPTSdUw9nlnKO1umsC4gcRDWm2DqRcSz/4jW5v83mjc5bb8tyMw== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_MN2PR18MB3264D1191332AA6B7B631F4FC3AA0MN2PR18MB3264namp_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 8ba55a87-8731-423a-8b12-08d7eca4de6d X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2020 01:21:54.5288 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM12HT240 Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 01:22:00 -0000 --_000_MN2PR18MB3264D1191332AA6B7B631F4FC3AA0MN2PR18MB3264namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Section 2.1 mandates that "newer clients" MUST send a nonce of at least 16 = octets output from a CSPRNG. However, section 3.2 specifies that clients SH= OULD send 32-octet nonces. Given that newer clients would not be bound by legacy limitations and could= presumably support 32-octet nonces, is there a compelling reason to specif= y two different lengths in the two sections? It seems to me it would be pre= ferable to have alignment with the guidance for newer client implementation= s and recommended best practice in the Security Considerations. Thanks, Corey ________________________________ From: Spasm on behalf of Salz, Rich Sent: Monday, April 27, 2020 1:40 PM To: Russ Housley ; LAMPS WG Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 Nit in the abstract: OCSP responder [insert oxford comma here] and possible evasions Section 2.1 newer OCSP clients MUST use length of at least 16 octets for Nonce Should MUST be a SHOULD? Don't care either way since it says "newer client= s" Looks good to me, ship it. _______________________________________________ Spasm mailing list Spasm@ietf.org https://nam10.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.iet= f.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7C%7C89e67c46d5fd4966= ff0a08d7ead21ddc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6372360604788= 59670&sdata=3DOl3rSY9uu7Fi3Rjv17KXVV4M%2FWNXJjBgXpWZSxB0oOg%3D&rese= rved=3D0 --_000_MN2PR18MB3264D1191332AA6B7B631F4FC3AA0MN2PR18MB3264namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Section 2.1 mandates that "newer clients" MUST send a nonce of at= least 16 octets output from a CSPRNG. However, section 3.2 specifies that = clients SHOULD send 32-octet nonces.

Given that newer clients would not be bound by legacy limitations and could= presumably support 32-octet nonces, is there a compelling reason to specif= y two different lengths in the two sections? It seems to me it would be pre= ferable to have alignment with the guidance for newer client implementations and recommended best practice in= the Security Considerations.

Thanks,
Corey

From: Spas= m <spasm-bounces@ietf.org> on behalf of Salz, Rich <rsalz=3D40akam= ai.com@dmarc.ietf.org>
Sent: Monday, April 27, 2020 1:40 PM
To: Russ Housley <housley@vigilsec.com>; LAMPS WG <spasm@ie= tf.org>
Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01=
 
Nit in the abstract:
        OCSP responder [insert oxford co= mma here] and possible evasions

Section 2.1
        newer OCSP clients MUST use leng= th of at least 16 octets for Nonce
Should MUST be a SHOULD?  Don't care either way since it says "ne= wer clients"

Looks good to me, ship it.


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://nam10.safelinks.protect= ion.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsp= asm&amp;data=3D02%7C01%7C%7C89e67c46d5fd4966ff0a08d7ead21ddc%7C84df9e7f= e9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637236060478859670&amp;sdata=3DOl3rS= Y9uu7Fi3Rjv17KXVV4M%2FWNXJjBgXpWZSxB0oOg%3D&amp;reserved=3D0
--_000_MN2PR18MB3264D1191332AA6B7B631F4FC3AA0MN2PR18MB3264namp_-- From nobody Wed Apr 29 21:02:26 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 218E33A10B5 for ; Wed, 29 Apr 2020 21:02:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PicB6UAlErA for ; Wed, 29 Apr 2020 21:02:18 -0700 (PDT) Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A3823A10AE for ; Wed, 29 Apr 2020 21:02:18 -0700 (PDT) Received: by mail-io1-xd2c.google.com with SMTP id z2so19677iol.11 for ; Wed, 29 Apr 2020 21:02:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pl6KGQiKPaUPESIu7R/JYbwDzAb/aOpy5ZGEFrUfMGc=; b=T3in9MC4DHLPWM2Yy/5Eo9NVbeNr8m9BmT3gYUCFSQpMWmc+7RjTzMJb1s1QrRuIiQ qxN9SZHb0K5AS8HImNdMn7slghUvtMlVZpZLhQ/hdBbay1Dhso0uSyNGOsDvJA1PO/mN z6dyseI7/rPUyZwpGHPUEpYl11wRP6AcS5nLehpkSfThol9swUB/spNSg6eYP0dEvk0I oxwuzje+U9oWn6VVGUqor8OuckDV6CudrH/GqKAjJOgoqyr+1wQqpdAEANR6kyCeTZrh nC5ON2Yey6seW72cDN/Gzzw1vKdB1akqmYusZ1X+wRxnF4Kq+laGGP69dsgCiRtU9Jym DGAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pl6KGQiKPaUPESIu7R/JYbwDzAb/aOpy5ZGEFrUfMGc=; b=p3+AV1+4bBLPhrjGkNzIoFrsecrwiCSwZ3q7+LzDavoB/EjR/PoRlsZWErLfnOmVgk oSkstDi847nwxqggIj4EbZEsYi/R0jOaP08fVMihCdfEX0MknZZ90cOoMbBTpzlha7Bc m054Cs1q3jAoi+XsexwCEuXlP8skqYRMGrVmN5z9bX1sOqBn63Llq0frQZHnzZEXFrx8 uS1JowuWVaUCIWhQ5TYqGMVtMiuOXlc5YPVkheSnXaXVcVRdKekotypjNmAP0UZe9uja t+VpXVafd8ZL3X65yEUXGi7Kt5szMRcSzSDIWOqXVuwZ6mAmZw4P5Oq3v7vPnRKAZdzC 08BQ== X-Gm-Message-State: AGi0PuaQUmJ5nWE/4/Si3RjApf7rZbc/UBPMMGtTObg5E2Wcz1pwgOM2 GdR6q1qDHz/ZI30452Nhi5V2bDitNFu55RHNNys= X-Google-Smtp-Source: APiQypIALDkrmbZottLC1swBI8dcHlToNigpQH5ZVcXqtxlRYXBsDtxFA6ctNkU35s3t3G3Z/S6L7Xq1+gxXPkk7eTs= X-Received: by 2002:a5d:9604:: with SMTP id w4mr42886iol.105.1588219337393; Wed, 29 Apr 2020 21:02:17 -0700 (PDT) MIME-Version: 1.0 References: <31FF8CDA-9A6B-4C16-ABD0-800E06325748@vigilsec.com> <679B73FC-7C1B-4F9B-87E9-ADF5AB70BCDB@akamai.com> In-Reply-To: From: Mohit Sahni Date: Wed, 29 Apr 2020 21:02:06 -0700 Message-ID: To: Corey Bonnell Cc: "Salz, Rich" , Russ Housley , LAMPS WG Content-Type: multipart/alternative; boundary="0000000000006e4b9905a47a2173" Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 04:02:23 -0000 --0000000000006e4b9905a47a2173 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Corey The intention here is to provide a recommended value of 32 bytes and set a lower bound of 16 bytes along with making sure the specification is backward compatible for older clients that talk to new responders. I choose a lower bound of 16 bytes as most of the implementations including OpenSSL uses 16 bytes of nonce by default. Giving a range instead of fixed length provides more flexibility and makes it even more secure by adding one more attribute for an attacker to figure out to guess the nonce. Think of it as trying to guess a fixed size password compared to a variable size password. Thanks Mohit On Wed, Apr 29, 2020 at 6:22 PM Corey Bonnell wrote: > Section 2.1 mandates that "newer clients" MUST send a nonce of at least 1= 6 > octets output from a CSPRNG. However, section 3.2 specifies that clients > SHOULD send 32-octet nonces. > > Given that newer clients would not be bound by legacy limitations and > could presumably support 32-octet nonces, is there a compelling reason to > specify two different lengths in the two sections? It seems to me it woul= d > be preferable to have alignment with the guidance for newer client > implementations and recommended best practice in the Security > Considerations. > > Thanks, > Corey > > ------------------------------ > *From:* Spasm on behalf of Salz, Rich 40akamai.com@dmarc.ietf.org> > *Sent:* Monday, April 27, 2020 1:40 PM > *To:* Russ Housley ; LAMPS WG > *Subject:* Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01 > > Nit in the abstract: > OCSP responder [insert oxford comma here] and possible evasions > > Section 2.1 > newer OCSP clients MUST use length of at least 16 octets for Nonc= e > Should MUST be a SHOULD? Don't care either way since it says "newer > clients" > > Looks good to me, ship it. > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > > https://nam10.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.i= etf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7C%7C89e67c46d5fd49= 66ff0a08d7ead21ddc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63723606047= 8859670&sdata=3DOl3rSY9uu7Fi3Rjv17KXVV4M%2FWNXJjBgXpWZSxB0oOg%3D&re= served=3D0 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --0000000000006e4b9905a47a2173 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Corey
The intention here is to provide a=C2=A0recom= mended value of 32 bytes and set a lower bound of 16 bytes along with makin= g sure the specification is backward compatible for older clients that talk= to new responders. I choose a lower bound of 16 bytes as most of the imple= mentations including OpenSSL uses 16 bytes of nonce by default. Giving a ra= nge instead of fixed length provides more=C2=A0flexibility=C2=A0and makes i= t even more secure by adding one more attribute for an attacker to figure o= ut to guess the nonce. Think of it as trying to guess a fixed size password= compared to a variable size password.=C2=A0

Thank= s
Mohit=C2=A0

On Wed, Apr 29, 2020 at 6:22 PM Corey Bonnell= <cbonnell@outlook.com> w= rote:
Section 2.1 mandates that "newer clients" MUST send a nonce of at= least 16 octets output from a CSPRNG. However, section 3.2 specifies that = clients SHOULD send 32-octet nonces.

Given that newer clients would not be bound by legacy limitations and could= presumably support 32-octet nonces, is there a compelling reason to specif= y two different lengths in the two sections? It seems to me it would be pre= ferable to have alignment with the guidance for newer client implementations and recommended best practice in= the Security Considerations.

Thanks,
Corey

Fro= m: Spasm <spasm-bounces@ietf.org> on behalf of Salz, Rich <rsalz=3D40akamai.com@dma= rc.ietf.org>
Sent: Monday, April 27, 2020 1:40 PM
To: Russ Housley <housley@vigilsec.com>; LAMPS WG <spasm@ietf.org>
Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-ocsp-nonce-01=
=C2=A0
Nit in the abstract:
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 OCSP responder [insert oxford co= mma here] and possible evasions

Section 2.1
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 newer OCSP clients MUST use leng= th of at least 16 octets for Nonce
Should MUST be a SHOULD?=C2=A0 Don't care either way since it says &quo= t;newer clients"

Looks good to me, ship it.


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://nam10.safelinks.= protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistin= fo%2Fspasm&amp;data=3D02%7C01%7C%7C89e67c46d5fd4966ff0a08d7ead21ddc%7C8= 4df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637236060478859670&amp;sdata= =3DOl3rSY9uu7Fi3Rjv17KXVV4M%2FWNXJjBgXpWZSxB0oOg%3D&amp;reserved=3D0
_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--0000000000006e4b9905a47a2173-- From nobody Thu Apr 30 00:12:45 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 051703A09EF for ; Thu, 30 Apr 2020 00:12:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.004 X-Spam-Level: * X-Spam-Status: No, score=1.004 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZL7gdAk-uvJf for ; Thu, 30 Apr 2020 00:12:41 -0700 (PDT) Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D50FF3A099F for ; Thu, 30 Apr 2020 00:12:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id 650C040691DC for ; Thu, 30 Apr 2020 09:12:38 +0200 (CEST) Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rf5KDbhcBOU2 for ; Thu, 30 Apr 2020 09:12:37 +0200 (CEST) Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id 6D7DE40691DB for ; Thu, 30 Apr 2020 09:12:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1588230757; bh=sJIjZmSaRDr1VhE/GBACi1lVvRXdXdlwM4g+Vos0frU=; h=From:To:Subject:Date:From; b=C5obA86dKWbl3OVlKZLQ0xo/V7JgFmlsGzloduhDyo9Vqla5k0xNEu5Hdwsw4qiLT 4jFYdD1pfeiaXJK2iD2E/ln2Oo0TwqE5FoT916GBTrIJ6GZZniwqaGCJyd0fRRh5g/ 74UvmT2ibDduC2K0NSIfOix662XSsZ+PMa8EUTIOmaRU7KkY9w+Y5lsmEAvC4NpjsU In0GM53D3aeuphmDCtk08Ce8VCrP/c6V5u0fZWUR473wHfqZJ3EgfKBDkH+kfO/vb1 CsGduCsS9I5nkB9Z40uydJOoJFgU6KItG8jA2S/Rpy5j6a9GzMGIKuCDhtEbTcZc+a Kts5+fz9CmBjg== From: "Erik Andersen" To: "LAMPS" Date: Thu, 30 Apr 2020 09:12:37 +0200 Message-ID: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0014_01D61ECF.7E255E10" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdYevgqDi0dGX1mVSPqLn2VRAI4QCA== Content-Language: en-gb Archived-At: Subject: [lamps] MAC (or ICV) generation X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 07:12:43 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0014_01D61ECF.7E255E10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit What is best when generating a MAC (also called Integrity Check Value or ICV) over an PDU to be encrypted: Generating the ICV over the clear text or over the encrypted text? Best regards, Erik ------=_NextPart_000_0014_01D61ECF.7E255E10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

What is best when generating a MAC = (also called Integrity Check Value or ICV) over an PDU to be encrypted: = Generating the ICV over the clear text or over the encrypted = text?

 

Best regards,

 

Erik

------=_NextPart_000_0014_01D61ECF.7E255E10-- From nobody Thu Apr 30 06:23:23 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C1303A09B3 for ; Thu, 30 Apr 2020 06:23:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UX1HWQzWN6i for ; Thu, 30 Apr 2020 06:23:18 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 494923A098C for ; Thu, 30 Apr 2020 06:23:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1BE67300B5A for ; Thu, 30 Apr 2020 09:23:15 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 7cN95fVqzqAE for ; Thu, 30 Apr 2020 09:23:13 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id A692A300A26; Thu, 30 Apr 2020 09:23:13 -0400 (EDT) From: Russ Housley Message-Id: <5CB31AAA-B35E-4F28-B0B0-FE0EEFC6EBFE@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_ABDB6CBC-3640-456A-93A8-9FE17D3A3DB1" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Thu, 30 Apr 2020 09:23:14 -0400 In-Reply-To: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> Cc: LAMPS To: Erik Andersen References: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] MAC (or ICV) generation X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 13:23:21 -0000 --Apple-Mail=_ABDB6CBC-3640-456A-93A8-9FE17D3A3DB1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you use an AEAD, the encryption and integrity check are one = operations, but the authentication tag (a.k.a. ICV) needs to have a = place to be carried in the PDU. If you are using separate encryption and integrity algorithms, you will = find HMAC, CMAC, KMAC, and GMAC in use in different contexts. There are = probably more. Russ > On Apr 30, 2020, at 3:12 AM, Erik Andersen wrote: >=20 > What is best when generating a MAC (also called Integrity Check Value = or ICV) over an PDU to be encrypted: Generating the ICV over the clear = text or over the encrypted text? > =20 > Best regards, > =20 > Erik --Apple-Mail=_ABDB6CBC-3640-456A-93A8-9FE17D3A3DB1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If = you use an AEAD, the encryption and integrity check are one operations, = but the authentication tag (a.k.a. ICV) needs to have a place to be = carried in the PDU.

If= you are using separate encryption and integrity algorithms, you will = find HMAC, CMAC, KMAC, and GMAC in use in different contexts. =  There are probably more.

Russ


On Apr 30, 2020, at 3:12 AM, Erik Andersen <era@x500.eu> = wrote:

What is best when generating a MAC (also = called Integrity Check Value or ICV) over an PDU to be encrypted: = Generating the ICV over the clear text or over the encrypted text?
 
Best = regards,
 
Erik

= --Apple-Mail=_ABDB6CBC-3640-456A-93A8-9FE17D3A3DB1-- From nobody Thu Apr 30 07:39:57 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD6E3A090D for ; Thu, 30 Apr 2020 07:39:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.696 X-Spam-Level: X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cIefRAqLXbdz for ; Thu, 30 Apr 2020 07:39:52 -0700 (PDT) Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7240E3A0908 for ; Thu, 30 Apr 2020 07:39:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id 3E2FA4069186 for ; Thu, 30 Apr 2020 16:39:50 +0200 (CEST) Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1JGk9fXA14G for ; Thu, 30 Apr 2020 16:39:49 +0200 (CEST) Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id 3A9CD406917C for ; Thu, 30 Apr 2020 16:39:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1588257589; bh=VDW8f0iWI30lzan/rJRteTfCqAMcjG3P5s01qAUdnec=; h=From:To:References:In-Reply-To:Subject:Date:From; b=p9c5VMESLuOLXL6WqclcWU2z59VkphjE7l2NBve5PwaTEAcBZE/6friJFDePQ4ZM1 rwBp0j77FO420zaJxnQhbu9Ae79rdkVSKnmt5hhjmYDw1XFkJIyTH9/1aA0jVT7I3f /7kL1GSoaHfRPvlrd5SBQXfdm7jo3MaM6BEpJtkw8U9PEL5kpqgvg/8Nv7M85JMUjp jCnOn06AuFw+SGlibhcGRdSJTtk7JAZNJgvy5WcDoG0moZ/LR9AhHTxTsCqDgS4swe 9y8EjDLPuvHyqZ5wUkPBLjpumS/oZxx3Exx8bf20HXooLeyW+VvUD2ND8o0rYmDlxt 9ih7jy4QcbHKw== From: "Erik Andersen" To: "LAMPS" References: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> <5CB31AAA-B35E-4F28-B0B0-FE0EEFC6EBFE@vigilsec.com> In-Reply-To: <5CB31AAA-B35E-4F28-B0B0-FE0EEFC6EBFE@vigilsec.com> Date: Thu, 30 Apr 2020 16:39:49 +0200 Message-ID: <002301d61efd$339f5ed0$9ade1c70$@x500.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0024_01D61F0D.F7282ED0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQIeXTH8vmX/yjfa7b81JlFsI9TmBQIuclCip+/Ag4A= Content-Language: en-gb Archived-At: Subject: Re: [lamps] MAC (or ICV) generation X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 14:39:55 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0024_01D61F0D.F7282ED0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hi Russ, Thanks for the information. However, that was not my question. Erik From: Russ Housley Sent: 30 April 2020 15:23 To: Erik Andersen Cc: LAMPS Subject: Re: [lamps] MAC (or ICV) generation If you use an AEAD, the encryption and integrity check are one operations, but the authentication tag (a.k.a. ICV) needs to have a place to be carried in the PDU. If you are using separate encryption and integrity algorithms, you will find HMAC, CMAC, KMAC, and GMAC in use in different contexts. There are probably more. Russ On Apr 30, 2020, at 3:12 AM, Erik Andersen > wrote: What is best when generating a MAC (also called Integrity Check Value or ICV) over an PDU to be encrypted: Generating the ICV over the clear text or over the encrypted text? Best regards, Erik ------=_NextPart_000_0024_01D61F0D.F7282ED0 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

Hi Russ,

 

Thanks for the information. = However, that was not my question.

 

Erik

 

From: Russ Housley = <housley@vigilsec.com>
Sent: 30 April 2020 = 15:23
To: Erik Andersen <era@x500.eu>
Cc: = LAMPS <spasm@ietf.org>
Subject: Re: [lamps] MAC (or ICV) = generation

 

If you use = an AEAD, the encryption and integrity check are one operations, but the = authentication tag (a.k.a. ICV) needs to have a place to be carried in = the PDU.

 

If you are using separate encryption and integrity = algorithms, you will find HMAC, CMAC, KMAC, and GMAC in use in different = contexts.  There are probably more.

 

Russ

 

 

On Apr 30, 2020, at 3:12 AM, Erik Andersen <era@x500.eu> = wrote:

 

What is best when generating a MAC = (also called Integrity Check Value or ICV) over an PDU to be encrypted: = Generating the ICV over the clear text or over the encrypted = text?

 

Best = regards,

 

Erik

 

------=_NextPart_000_0024_01D61F0D.F7282ED0-- From nobody Thu Apr 30 07:45:44 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937D43A09F8 for ; Thu, 30 Apr 2020 07:45:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Yc2o1znQwLa for ; Thu, 30 Apr 2020 07:45:41 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 491743A09E5 for ; Thu, 30 Apr 2020 07:45:41 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 03UEc5Jb028130; Thu, 30 Apr 2020 15:45:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=2UI+u5Ob2gKuVqtLFNgo3MQ8AiXO0u9RUyvkwxirVP4=; b=Qbd6WTddSospoToLNlQbePoAuz2T7iz7ruUHwhKLkSA+a1dFZlYwP71x0kgW2y7WckAX ZNF4I7x+V8+3f8BX7aZtLgZUk36SfDCixHPSfniMQ/lOO99DLXqhGF1h4x9txFWaAlET G3IrCQDpMWoYRwckLn+++b5JVI5/9G+hvpM+mb3f+LiIb52jMcCH4LONdThuKTZvdGKr ZLnKTrr9y+A/hwpQlclm2CXCJFRKBmiXXm88y42xg82a4SYWhikqdz+IpD81YRrY4T4k Ma7lR7KBzDOeybXk7FMGbkMiad/T8MDCvz5f42IBgJJowmm7X3nvwIxvTmkt/qbpZFJ8 Aw== Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 30pfym2ywm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Apr 2020 15:45:40 +0100 Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 03UEX10p009827; Thu, 30 Apr 2020 07:45:39 -0700 Received: from email.msg.corp.akamai.com ([172.27.165.113]) by prod-mail-ppoint5.akamai.com with ESMTP id 30mk68wj4r-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 30 Apr 2020 07:45:38 -0700 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.165.122) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 30 Apr 2020 09:45:32 -0500 Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Thu, 30 Apr 2020 09:45:31 -0500 From: "Salz, Rich" To: Erik Andersen , LAMPS Thread-Topic: [lamps] MAC (or ICV) generation Thread-Index: AdYevgqDi0dGX1mVSPqLn2VRAI4QCAAXl7EAAAKstoD//76IAA== Date: Thu, 30 Apr 2020 14:45:31 +0000 Message-ID: References: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> <5CB31AAA-B35E-4F28-B0B0-FE0EEFC6EBFE@vigilsec.com> <002301d61efd$339f5ed0$9ade1c70$@x500.eu> In-Reply-To: <002301d61efd$339f5ed0$9ade1c70$@x500.eu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.36.20041300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.117.67] Content-Type: multipart/alternative; boundary="_000_E68D170CAF304A36A82F0C23015E2474akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-30_09:2020-04-30, 2020-04-30 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=540 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004300120 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-30_09:2020-04-30, 2020-04-30 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 priorityscore=1501 suspectscore=0 mlxlogscore=529 adultscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1011 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004300120 Archived-At: Subject: Re: [lamps] MAC (or ICV) generation X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 14:45:43 -0000 --_000_E68D170CAF304A36A82F0C23015E2474akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 aHR0cHM6Ly9jcnlwdG8uc3RhY2tleGNoYW5nZS5jb20vcXVlc3Rpb25zLzIwMi9zaG91bGQtd2Ut bWFjLXRoZW4tZW5jcnlwdC1vci1lbmNyeXB0LXRoZW4tbWFjDQoNCg== --_000_E68D170CAF304A36A82F0C23015E2474akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <083CC82BDA81804DA4E19C15521856DF@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250 LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29D aHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4w cHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjox LjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNl Y3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0i Ymx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxhIGhyZWY9Imh0dHBzOi8vY3J5cHRvLnN0YWNrZXhjaGFu Z2UuY29tL3F1ZXN0aW9ucy8yMDIvc2hvdWxkLXdlLW1hYy10aGVuLWVuY3J5cHQtb3ItZW5jcnlw dC10aGVuLW1hYyI+aHR0cHM6Ly9jcnlwdG8uc3RhY2tleGNoYW5nZS5jb20vcXVlc3Rpb25zLzIw Mi9zaG91bGQtd2UtbWFjLXRoZW4tZW5jcnlwdC1vci1lbmNyeXB0LXRoZW4tbWFjPC9hPjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_E68D170CAF304A36A82F0C23015E2474akamaicom_-- From nobody Thu Apr 30 08:38:55 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D943A0C8B for ; Thu, 30 Apr 2020 08:38:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.696 X-Spam-Level: X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBM9QLXK0Kem for ; Thu, 30 Apr 2020 08:38:50 -0700 (PDT) Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F288E3A0D9C for ; Thu, 30 Apr 2020 08:37:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id 3082C40691C7; Thu, 30 Apr 2020 17:37:43 +0200 (CEST) Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BlCTFD3PyS9D; Thu, 30 Apr 2020 17:37:42 +0200 (CEST) Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id 06E144068C95; Thu, 30 Apr 2020 17:37:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1588261062; bh=b05TX16cIqYf1iin/6t3AfEEBqAol/QV1Rzig0m0ypg=; h=From:To:References:In-Reply-To:Subject:Date:From; b=I7f+cMaVXtfuXPfU6x3BHxejjXrCY3iR4yfHtPlHmx20TpBQJ14KDOzXFyLHYAW/2 XnkcV29Cs6vuYn1R8Omjbr4r9BDYXN3KRc73+RC5T8WqL8tk78HO0xfy16Yf0gbuvd E5tOlTtcgVq4mLPzLhuNJqezKcZTrq2ev80HPEYe9gvj6vZQwzSfAjLMFd+RCyUDQy feSQQ68ibsDe+hHVPoyXIquX7/QhHyLGuLNsNn5a5oSV/F4P7Mqg+C8XlF5FNqbl98 xaA5ADD9aNqp7QKZ4jaiHy0OatIt3MdW6fK5zrMmKJ21AGafn9EiZOHEeDKV1OtRc8 ZiZC0uyDrzDpQ== From: "Erik Andersen" To: "'Salz, Rich'" , "'LAMPS'" References: <001301d61ebe$ba9b2e80$2fd18b80$@x500.eu> <5CB31AAA-B35E-4F28-B0B0-FE0EEFC6EBFE@vigilsec.com> <002301d61efd$339f5ed0$9ade1c70$@x500.eu> In-Reply-To: Date: Thu, 30 Apr 2020 17:37:40 +0200 Message-ID: <003401d61f05$49a27750$dce765f0$@x500.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0035_01D61F16.0D2C7FD0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQIeXTH8vmX/yjfa7b81JlFsI9TmBQIuclCiAicLjrABV/Pu36fT5Cig Content-Language: en-gb Archived-At: Subject: Re: [lamps] MAC (or ICV) generation X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 15:38:53 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0035_01D61F16.0D2C7FD0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thanks Rich, just what I need. =20 Erik =20 From: Salz, Rich =20 Sent: 30 April 2020 16:46 To: Erik Andersen ; LAMPS Subject: Re: [lamps] MAC (or ICV) generation =20 https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt= -or-encrypt-then-mac =20 ------=_NextPart_000_0035_01D61F16.0D2C7FD0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Thanks Rich, just what = I need.

 

Erik

 

From: Salz, Rich = <rsalz@akamai.com>
Sent: 30 April 2020 = 16:46
To: Erik Andersen <era@x500.eu>; LAMPS = <spasm@ietf.org>
Subject: Re: [lamps] MAC (or ICV) = generation

 

------=_NextPart_000_0035_01D61F16.0D2C7FD0-- From nobody Thu Apr 30 14:24:56 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CD253A138C for ; Thu, 30 Apr 2020 14:24:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.887 X-Spam-Level: X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyghGVi1d7g7 for ; Thu, 30 Apr 2020 14:24:52 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BF3F3A1389 for ; Thu, 30 Apr 2020 14:24:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BF088300AEF for ; Thu, 30 Apr 2020 17:24:49 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1Tjurwl9jL9s for ; Thu, 30 Apr 2020 17:24:48 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 2588D300471 for ; Thu, 30 Apr 2020 17:24:48 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Thu, 30 Apr 2020 17:24:49 -0400 References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> To: LAMPS WG In-Reply-To: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> Message-Id: <4E7C3690-6F3F-45C1-817E-F9D4DB1B184E@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 21:24:54 -0000 I have two last minute questions about some of the normative references. (1) The Introduction states: [I-D.ietf-anima-bootstrapping-keyinfra] extends [RFC7030], adding new functionality, and interop testing of the protocol has revealed that unusual processing called out in [RFC7030] causes confusion. EST is currently specified as part of [IEC62351], and is widely used in Government, Utilities and Financial markets today. It is my understanding that the extensions in = [I-D.ietf-anima-bootstrapping-keyinfra] are not required for the = clarifications that appear in this document. There is no MUST or SHOULD = relationship to either of the referenced documents, so I wonder if they = should be an informational references. What do others think? (2) Several errata are listed in the Introduction: This document deals with errata numbers [errata4384], [errata5107], [errata5108], and [errata5904]. I think these are informative references. What do others think? Russ > On Mar 30, 2020, at 12:11 PM, Russ Housley = wrote: >=20 > This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. >=20 > The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ >=20 > Thanks, > Russ & Tim From nobody Thu Apr 30 14:39:28 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9DF33A13C5 for ; Thu, 30 Apr 2020 14:39:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yojT_dg6bJb for ; Thu, 30 Apr 2020 14:39:22 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EED83A13C1 for ; Thu, 30 Apr 2020 14:39:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B8E83300AA1 for ; Thu, 30 Apr 2020 17:39:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xLVRQNPlIK_v for ; Thu, 30 Apr 2020 17:39:18 -0400 (EDT) Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 7A9E2300471 for ; Thu, 30 Apr 2020 17:39:18 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Date: Thu, 30 Apr 2020 17:39:19 -0400 References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> To: LAMPS WG In-Reply-To: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> Message-Id: <5722FEEB-5F93-4D4F-9A3F-BA9FECD8BD15@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.14) Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 21:39:24 -0000 I have a last minute questions about a missing normative reference. I see [RFC6268] is referenced in the ASN.1 Module. I think it needs to = be a normative reference. Also, the PKIX-CommonTypes-2009 module is defined in RFC 5912. I think = that should be noted as a comment in the ASN.1 module and included as a = normative reference. Russ > On Mar 30, 2020, at 12:11 PM, Russ Housley = wrote: >=20 > This is the LAMPS WG Last Call for "Clarification of Enrollment over = Secure Transport (EST): transfer encodings and ASN.1=E2=80=9D = . Please review the document = and send your comments to the list by 19 April 2020. This is longer = than usual to accommodate the vast number of virtual interim sessions = that are taking place right now. >=20 > The datatracker page for the document is = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030est-clarify/ >=20 > Thanks, > Russ & Tim From nobody Thu Apr 30 15:37:46 2020 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81B0E3A0659 for ; Thu, 30 Apr 2020 15:37:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8gd7yGuQ4vBi for ; Thu, 30 Apr 2020 15:37:41 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3FD03A0F49 for ; Thu, 30 Apr 2020 15:37:30 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id F008B38985; Thu, 30 Apr 2020 18:35:34 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 61E3CD41; Thu, 30 Apr 2020 18:37:29 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: <4E7C3690-6F3F-45C1-817E-F9D4DB1B184E@vigilsec.com> References: <63B58892-60CB-42C9-8168-E5476E2F40CB@vigilsec.com> <4E7C3690-6F3F-45C1-817E-F9D4DB1B184E@vigilsec.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-rfc7030est-clarify-02 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 22:37:45 -0000 --=-=-= Content-Type: text/plain Russ Housley wrote: > I have two last minute questions about some of the normative references. > (1) The Introduction states: > [I-D.ietf-anima-bootstrapping-keyinfra] extends [RFC7030], adding new > functionality, and interop testing of the protocol has revealed that > unusual processing called out in [RFC7030] causes confusion. > EST is currently specified as part of [IEC62351], and is widely used > in Government, Utilities and Financial markets today. > It is my understanding that the extensions in > [I-D.ietf-anima-bootstrapping-keyinfra] are not required for the > clarifications that appear in this document. There is no MUST or SHOULD > relationship to either of the referenced documents, so I wonder if they > should be an informational references. What do others think? I agree, it should be informative, and I've adjusted the markdown. > (2) Several errata are listed in the Introduction: > This document deals with errata numbers [errata4384], [errata5107], > [errata5108], and [errata5904]. I asked that question... I thought that I heard that they should be normative. > I think these are informative references. What do others think? Russ Housley wrote: > I see [RFC6268] is referenced in the ASN.1 Module. I think it needs to > be a normative reference. okay. > Also, the PKIX-CommonTypes-2009 module is defined in RFC 5912. I think > that should be noted as a comment in the ASN.1 module and included as a > normative reference. okay, done. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl6rUykACgkQgItw+93Q 3WVFfAgAtFSGts7OMiun83ZGPD0ZCwWN2NxlheN6IKLv54mUl2Ks/89038oYtPMi i/2E/m+MbHy3+u0B9Sd2a2KddCjm5iF8aHqDi/rtWKhg761fS5CTHQykvEmBvV7N KPgDKOmc3fGzNRsBA9v+ZSwftsFgIprKHYsZKGpc3CWNYQlvkXKaggk6jUPtNN8h +A8OEPg6r0CoqjvSSwUgJFxyt9zPkhqg6Jye6Hwhg23+d+hVp/Z14J1B73yVguF6 uUCwYONEHYj71byGuqSsa8g5nl4fW5eZ6hd3anHM3KQQrI4qxVT9AnAzB8u3LQVo dlE8qKy+RdO62P4g7jCDwUn+00zyrg== =mgqt -----END PGP SIGNATURE----- --=-=-=--