--- 1/draft-ietf-lamps-cmp-updates-13.txt 2021-11-19 10:13:42.341679380 -0800 +++ 2/draft-ietf-lamps-cmp-updates-14.txt 2021-11-19 10:13:42.469682605 -0800 @@ -1,20 +1,20 @@ LAMPS Working Group H. Brockhaus, Ed. Internet-Draft D. von Oheimb Updates: 4210, 5912, 6712 (if approved) Siemens Intended status: Standards Track J. Gray -Expires: 28 April 2022 Entrust - 25 October 2021 +Expires: 23 May 2022 Entrust + 19 November 2021 Certificate Management Protocol (CMP) Updates - draft-ietf-lamps-cmp-updates-13 + draft-ietf-lamps-cmp-updates-14 Abstract This document contains a set of updates to the syntax and transfer of Certificate Management Protocol (CMP) version 2. This document updates RFC 4210, RFC 5912, and RFC 6712. The aspects of CMP updated in this document are using EnvelopedData instead of EncryptedValue, clarifying the handling of p10cr messages, improving the crypto agility, as well as adding new general message @@ -38,98 +38,98 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 28 April 2022. + This Internet-Draft will expire on 23 May 2022. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components - extracted from this document must include Simplified BSD License text - as described in Section 4.e of the Trust Legal Provisions and are - provided without warranty as described in the Simplified BSD License. + extracted from this document must include Revised BSD License text as + described in Section 4.e of the Trust Legal Provisions and are + provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Convention and Terminology . . . . . . . . . . . . . . . 4 2. Updates to RFC 4210 - Certificate Management Protocol (CMP) . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. New Section 1.1. - Changes since RFC 4210 . . . . . . . . 4 2.2. New Section 4.5 - Extended Key Usage . . . . . . . . . . 5 2.3. Update Section 5.1.1. - PKI Message Header . . . . . . . 7 - 2.4. New Section 5.1.1.4. - CertProfile . . . . . . . . . . . 7 + 2.4. New Section 5.1.1.3. - CertProfile . . . . . . . . . . . 7 2.5. Update Section 5.1.3.1. - Shared Secret Information . . . 8 2.6. Replace Section 5.1.3.4 - Multiple Protection . . . . . . 8 2.7. Replace Section 5.2.2. - Encrypted Values . . . . . . . . 9 2.8. Update Section 5.3.4. - Certification Response . . . . . 11 2.9. Update Section 5.3.18. - Certificate Confirmation Content . . . . . . . . . . . . . . . . . . . . . . . . 12 2.10. Update Section 5.3.19.2. - Signing Key Pair Types . . . . 13 2.11. Update Section 5.3.19.3. - Encryption/Key Agreement Key Pair Types . . . . . . . . . . . . . . . . . . . . . . . 13 2.12. Replace Section 5.3.19.9. - Revocation Passphrase . . . . 13 2.13. New Section 5.3.19.14 - CA Certificates . . . . . . . . . 14 2.14. New Section 5.3.19.15 - Root CA Certificate Update . . . 14 2.15. New Section 5.3.19.16 - Certificate Request Template . . 15 - 2.16. New Section 5.3.19.17 - CRL update retrieval . . . . . . 17 + 2.16. New Section 5.3.19.17 - CRL update retrieval . . . . . . 16 2.17. Update Section 5.3.21 - Error Message Content . . . . . . 17 - 2.18. Replace Section 5.3.22 - Polling Request and Response . . 18 - 2.19. Update Section 7 - Version Negotiation . . . . . . . . . 23 + 2.18. Replace Section 5.3.22 - Polling Request and Response . . 17 + 2.19. Update Section 7 - Version Negotiation . . . . . . . . . 22 2.20. Update Section 7.1.1. - Clients Talking to RFC 2510 - Servers . . . . . . . . . . . . . . . . . . . . . . . . 25 + Servers . . . . . . . . . . . . . . . . . . . . . . . . 24 2.21. Add Section 8.4 - Private keys for certificate signing and - CMP message protection . . . . . . . . . . . . . . . . . 25 + CMP message protection . . . . . . . . . . . . . . . . . 24 2.22. Add Section 8.5 - Entropy of random numbers, key pairs, and - shared secret information . . . . . . . . . . . . . . . 25 + shared secret information . . . . . . . . . . . . . . . 24 - 2.23. Add Section 8.6 - Trust anchor provisioning using - caPubs . . . . . . . . . . . . . . . . . . . . . . . . . 26 + 2.23. Add Section 8.6 - Trust anchor provisioning using CMP + messages . . . . . . . . . . . . . . . . . . . . . . . . 25 2.24. Update Section 9 - IANA Considerations . . . . . . . . . 26 - 2.25. Update Appendix B - The Use of Revocation Passphrase . . 28 + 2.25. Update Appendix B - The Use of Revocation Passphrase . . 27 2.26. Update Appendix C - Request Message Behavioral - Clarifications . . . . . . . . . . . . . . . . . . . . . 29 + Clarifications . . . . . . . . . . . . . . . . . . . . . 28 2.27. Update Appendix D.1. - General Rules for Interpretation of - These Profiles . . . . . . . . . . . . . . . . . . . . . 30 - 2.28. Update Appendix D.2. - Algorithm Use Profile . . . . . . 31 + These Profiles . . . . . . . . . . . . . . . . . . . . . 29 + 2.28. Update Appendix D.2. - Algorithm Use Profile . . . . . . 29 2.29. Update Appendix D.4. - Initial Registration/Certification - (Basic Authenticated Scheme) . . . . . . . . . . . . . . 31 + (Basic Authenticated Scheme) . . . . . . . . . . . . . . 30 3. Updates to RFC 6712 - HTTP Transfer for the Certificate - Management Protocol (CMP) . . . . . . . . . . . . . . . . 31 - 3.1. Update Section 1. - Introduction . . . . . . . . . . . . 31 - 3.2. New Section 1.1. - Changes since RFC 6712 . . . . . . . . 32 - 3.3. Replace Section 3.6. - HTTP Request-URI . . . . . . . . . 32 - 3.4. Update Section 6. - IANA Considerations . . . . . . . . . 33 - 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 - 5. Security Considerations . . . . . . . . . . . . . . . . . . . 34 - 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 - 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 - 7.1. Normative References . . . . . . . . . . . . . . . . . . 34 - 7.2. Informative References . . . . . . . . . . . . . . . . . 36 - Appendix A. ASN.1 Modules . . . . . . . . . . . . . . . . . . . 37 - A.1. 1988 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 37 - A.2. 2002 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 50 - Appendix B. History of changes . . . . . . . . . . . . . . . . . 64 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 + Management Protocol (CMP) . . . . . . . . . . . . . . . . 30 + 3.1. Update Section 1. - Introduction . . . . . . . . . . . . 30 + 3.2. New Section 1.1. - Changes since RFC 6712 . . . . . . . . 30 + 3.3. Replace Section 3.6. - HTTP Request-URI . . . . . . . . . 31 + 3.4. Update Section 6. - IANA Considerations . . . . . . . . . 31 + 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 32 + 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 + 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 + 7.1. Normative References . . . . . . . . . . . . . . . . . . 33 + 7.2. Informative References . . . . . . . . . . . . . . . . . 35 + Appendix A. ASN.1 Modules . . . . . . . . . . . . . . . . . . . 35 + A.1. 1988 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 35 + A.2. 2002 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 49 + Appendix B. History of changes . . . . . . . . . . . . . . . . . 62 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 67 1. Introduction While using CMP [RFC4210] in industrial and IoT environments and developing the Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile] some limitations were identified in the original CMP specification. This document updates RFC 4210 [RFC4210] and RFC 6712 [RFC6712] to overcome these limitations. @@ -304,48 +306,41 @@ OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String The usage of pvno values is described in Section 7. -2.4. New Section 5.1.1.4. - CertProfile +2.4. New Section 5.1.1.3. - CertProfile Section 5.1.1 of RFC 4210 [RFC4210] defines the PKIHeader and id-it OIDs to be used in the generalInfo field. This section introduces id-it-certProfile. - Insert this section after Section 5.1.1.3: - - 5.1.1.4. CertProfile + Insert this section after Section 5.1.1.2: + 5.1.1.3. CertProfile This is used by the EE to indicate specific certificate profiles, e.g., when requesting a new certificate or a certificate request template, see Section 5.3.19.16. id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21} CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF UTF8String - < TBD: The authors would prefer re-ordering the newly requested OIDs, - if possible. See also IANA Consideration. - +---------+-------------------------+------------+ - | 20 | id-it-certProfile | [thisRFC] | - +---------+-------------------------+------------+ - > - When used in an ir/cr/kur/genm, the value MUST NOT contain more elements than the number of CertReqMsg or InfoTypeAndValue elements and the certificate profile names refer to the elements in the given order. When used in a p10cr, the value MUST NOT contain multiple certificate profile names. 2.5. Update Section 5.1.3.1. - Shared Secret Information @@ -610,77 +604,65 @@ use of this mechanism. GenMsg: {id-it 12}, EncryptedKey GenRep: {id-it 12}, < absent > The use of EncryptedKey is described in Section 5.2.2. 2.13. New Section 5.3.19.14 - CA Certificates The following subsection describes PKI general messages using id-it- - caCerts. The use is specified in Lightweight CMP Profile Section 4.3 - [I-D.ietf-lamps-lightweight-cmp-profile]. + caCerts. The intended use is specified in Lightweight CMP Profile + Section 4.3 [I-D.ietf-lamps-lightweight-cmp-profile]. Insert this section after Section 5.3.19.13: 2.3.19.14 CA Certificates - This MAY be used by the client to get the current CA intermediate and - issuing CA certificates. + This MAY be used by the client to get CA certificates. GenMsg: {id-it 17}, < absent > GenRep: {id-it 17}, SEQUENCE SIZE (1..MAX) OF CMPCertificate | < absent > 2.14. New Section 5.3.19.15 - Root CA Certificate Update The following subsection describes PKI general messages using id-it- - oldTrustAnchor and id-it-trustAnchorUpdate. The use is specified in + rootCaCert and id-it-rootCaKeyUpdate. The use is specified in Lightweight CMP Profile Section 4.3 [I-D.ietf-lamps-lightweight-cmp-profile]. Insert this section after new Section 5.3.19.14: 5.3.19.15. Root CA Certificate Update - This MAY be used by the client to get an update of a trust anchor, - which usually is provided in the form of a root CA Certificate. In - contrast to the ckuann message this approach follows the request/ + This MAY be used by the client to get an update of a root CA + certificate, which is provided in the body of the request message. + In contrast to the ckuann message this approach follows the request/ response model. The EE SHOULD reference its current trust anchor in a TrustAnchor structure in the request body, giving the root CA certificate if available, otherwise the public key value of the trust anchor. - GenMsg: {id-it 20}, OldTrustAnchor | < absent > - GenRep: {id-it 18}, TrustAnchorUpdate | < absent > + GenMsg: {id-it 20}, RootCaCertValue | < absent > + GenRep: {id-it 18}, RootCaKeyUpdateContent | < absent > - OldTrustAnchor ::= CHOICE { - certificate CMPCertificate, - publicKey BIT STRING } + RootCaCertValue ::= CMPCertificate - TrustAnchorUpdate ::= SEQUENCE { + RootCaKeyUpdateValue ::= RootCaKeyUpdateContent + + RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, newWithOld [0] CMPCertificate OPTIONAL, - oldWithNew [1] CMPCertificate OPTIONAL } - - < TBD: Rename OIDs - id-it-rootCaCert --> id-it-oldTrustAnchor - id-it-rootCaKeyUpdate --> id-it-trustAnchorUpdate - The authors would prefer re-ordering the newly requested OIDs, - if possible. See also IANA Consideration. - +---------+-------------------------+------------+ - | 18 | id-it-oldTrustAnchor | [thisRFC] | - +---------+-------------------------+------------+ - | 19 | id-it-trustAnchorUpdate | [thisRFC] | - +---------+-------------------------+------------+ - > + oldWithNew [1] CMPCertificate OPTIONAL + } Note: In contrast to CAKeyUpdAnnContent, this type offers omitting newWithOld and oldWithNew in the GenRep message, depending on the needs of the EE. 2.15. New Section 5.3.19.16 - Certificate Request Template The following subsection introduces the PKI general message using id- it-certReqTemplate. Details are specified in the Lightweight CMP Profile Section 4.3 [I-D.ietf-lamps-lightweight-cmp-profile]. @@ -723,26 +705,20 @@ mechanisms(5) pkix(7) pkip(5) regCtrl(1) 11 } AlgIdCtrl ::= AlgorithmIdentifier{ALGORITHM, {...}} id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkip(5) regCtrl(1) 12 } RsaKeyLenCtrl ::= INTEGER (1..MAX) - < TBD: The authors would prefer re-ordering the newly requested OIDs, - if possible. See also IANA Consideration. - +---------+-------------------------+------------+ - | 21 | id-it-certReqTemplate | [thisRFC] | - +---------+-------------------------+------------+ - > The CertReqTemplateValue contains the prefilled certTemplate to be used for a future certificate request. The publicKey field in the certTemplate MUST NOT be used. In case the PKI management entity wishes to specify supported public-key algorithms, the keySpec field MUST be used. One AttributeTypeAndValue per supported algorithm or RSA key length MUST be used. Note: The Controls ASN.1 type is defined in CRMF Section 6 [RFC4211] 2.16. New Section 5.3.19.17 - CRL update retrieval @@ -767,22 +743,22 @@ CertificateList | < absent > CRLSource ::= CHOICE { dpn [0] DistributionPointName, issuer [1] GeneralNames } CRLStatus ::= SEQUENCE { source CRLSource, thisUpdate Time OPTIONAL } - < TBD: Request OID for id-it-crlStatusList (TBD1) and id-it-crls - (TBD2). > + < TBD: Add requested OIDs for id-it-crlStatusList (TBD1) and id-it- + crls (TBD2). > 2.17. Update Section 5.3.21 - Error Message Content Section 5.3.21 of RFC 4210 [RFC4210] describes the regular use of error messages. This document adds a use by a PKI management entity to initiate delayed delivery in response to certConf, rr, and genm requests and to error messages. Replace the first sentence of the first paragraph with the following one: @@ -1095,58 +1071,64 @@ The following subsection addresses the risk arising from low entropy of random numbers, asymmetric keys, and shared secret information. 8.5. Entropy of random numbers, key pairs, and shared secret information For requirements regarding proper random number and key generation please refer to [RFC4086]. For the case of centrally generated key pairs, the entropy of the - shared secret information SHALL not be less than the security + shared secret information SHALL NOT be less than the security strength of the centrally generated key pair; if the shared secret information is re-used for different key pairs, the entropy and the security of the underlying cryptographic mechanisms SHOULD exceed the security strength of the key pairs. For the case of a PKI management operation that delivers a new trust anchor (e.g., a root CA certificate) using caPubs, (a) that is not concluded in a timely manner or (b) where the shared secret information is re-used for several key management operations, the - entropy of the shared secret information SHALL not be less than the + entropy of the shared secret information SHALL NOT be less than the security strength of the key material being managed by the operation. For other cases it is recommended to (a) either use a shared secret information of possibly low entropy (e.g., a password) only for a single PKI management operation or (b) use a shared secret information with an entropy that matches the security strength of the key material being managed by the operation. -2.23. Add Section 8.6 - Trust anchor provisioning using caPubs +2.23. Add Section 8.6 - Trust anchor provisioning using CMP messages - The following subsection addresses the risk arising from provisioning - a new trust anchor in-band in a CMP management operation. + The following subsection addresses the risk arising from in-band + provisioning of new trust anchors in a PKI management operation. Insert this section after new Section 8.5: - 8.6. Trust anchor provisioning using caPubs + 8.6. Trust anchor provisioning using CMP messages - In case an EE receives a CA certificate in the caPubs field for - installation as a new trust anchor, it is advised to properly - authenticate the message and authorize the sender as trusted source - of the new trust anchor. This authorization is typically indicated - using shared secret information for protecting an initialization - response (ir) message. Authorization can also be signature-based - using a certificate issued by another PKI that is explicitly - authorized for this purpose. A certificate received in caPubs MUST - NOT be accepted as trust anchor if the CMP message was protected - using a certificate issued by this same CA or one of its subordinate - CAs. + The provider of trust anchors, which typically will be an RA involved + in configuration management of its clients, MUST NOT include to-be- + trusted CA certificates in a CMP message unless it can take + responsibility for making the recipient trust them. When doing so, + it MUST exert the same due diligence as for its own trust anchors. + + Whenever an EE receives in a CMP message, e.g., in the caPubs field + of a certificate response or in a general response (genp), a CA + certificate for use as a trust anchor, it MUST properly authenticate + the message sender without already trusting any of the CA + certificates given in the message. + + Moreover, the EE MUST verify that the sender is an authorized source + of trust anchors. This authorization is typically indicated using + shared secret information or with a signature-based message + protection using a certificate issued by a PKI that is explicitly + authorized for this purpose. 2.24. Update Section 9 - IANA Considerations Section 9 of RFC 4210 [RFC4210] contains the IANA Considerations of that document. As this document defines a new Extended Key Usage, the IANA Considerations need to be updated accordingly. Add the following paragraphs after the third paragraph of the section: @@ -1168,62 +1150,43 @@ Extended Key Purpose Identifiers registry In the SMI-numbers registry "SMI Security for PKIX CMP Information Types (1.3.6.1.5.5.7.4)" (see https://www.iana.org/assignments/smi- numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4) as defined in RFC 7299 [RFC7299] fife additions have been performed. Fife new entries have been added: - +=========+=========================+============+ + +=========+=======================+============+ | Decimal | Description | References | - +=========+=========================+============+ + +=========+=======================+============+ | 17 | id-it-caCerts | [thisRFC] | - +---------+-------------------------+------------+ - | 18 | id-it-trustAnchorUpdate | [thisRFC] | - +---------+-------------------------+------------+ + +---------+-----------------------+------------+ + | 18 | id-it-rootCaKeyUpdate | [thisRFC] | + +---------+-----------------------+------------+ | 19 | id-it-certReqTemplate | [thisRFC] | - +---------+-------------------------+------------+ - | 20 | id-it-oldTrustAnchor | [thisRFC] | - +---------+-------------------------+------------+ + +---------+-----------------------+------------+ + | 20 | id-it-rootCaCert | [thisRFC] | + +---------+-----------------------+------------+ | 21 | id-it-certProfile | [thisRFC] | - +---------+-------------------------+------------+ + +---------+-----------------------+------------+ | TBD1 | id-it-crlStatusList | [thisRFC] | - +---------+-------------------------+------------+ + +---------+-----------------------+------------+ | TBD2 | id-it-crls | [thisRFC] | - +---------+-------------------------+------------+ + +---------+-----------------------+------------+ - Table 2: Addition to the PKIX CMP Information - Types registry + Table 2: Addition to the PKIX CMP + Information Types registry - < TBD: Request OID for id-it-crlStatusList (TBD1) and id-it-crls - (TBD2). - Preferred ordering, if possible: - +=========+=========================+============+ - | Decimal | Description | References | - +=========+=========================+============+ - | 17 | id-it-caCerts | [thisRFC] | - +---------+-------------------------+------------+ - | 18 | id-it-oldTrustAnchor | [thisRFC] | - +---------+-------------------------+------------+ - | 19 | id-it-trustAnchorUpdate | [thisRFC] | - +---------+-------------------------+------------+ - | 20 | id-it-certProfile | [thisRFC] | - +---------+-------------------------+------------+ - | 21 | id-it-certReqTemplate | [thisRFC] | - +---------+-------------------------+------------+ - | TBD1 | id-it-crlStatusList | [thisRFC] | - +---------+-------------------------+------------+ - | TBD2 | id-it-crls | [thisRFC] | - +---------+-------------------------+------------+ - > + < TBD: Add requested OIDs for id-it-crlStatusList (TBD1) and id-it- + crls (TBD2). > In the SMI-numbers registry " SMI Security for PKIX CRMF Registration Controls (1.3.6.1.5.5.7.5.1)" (see https://www.iana.org/assignments/ smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.5.1) as defined in RFC 7299 [RFC7299] two additions have been performed. Two new entries have been added: +=========+======================+============+ | Decimal | Description | References | @@ -1487,30 +1450,29 @@ Special thank goes to Jim Schaad for his guidance and the inspiration on structuring and writing this document we got from [RFC6402] which updates CMC. Special thank also goes also to Russ Housley, Lijun Liao, Martin Peylo, and Tomas Gustavsson for reviewing and providing valuable suggestions on improving this document. We also thank all reviewers of this document for their valuable feedback. 7. References - 7.1. Normative References [I-D.ietf-lamps-cmp-algorithms] Brockhaus, H., Aschauer, H., Ounsworth, M., and J. Gray, "Certificate Management Protocol (CMP) Algorithms", Work in Progress, Internet-Draft, draft-ietf-lamps-cmp- - algorithms-07, 22 August 2021, + algorithms-08, 17 November 2021, . + cmp-algorithms-08>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key Infrastructure Certificate Management Protocols", RFC 2510, DOI 10.17487/RFC2510, March 1999, . @@ -1597,23 +1559,23 @@ Request Message Format (CRMF)", RFC 9045, DOI 10.17487/RFC9045, June 2021, . 7.2. Informative References [I-D.ietf-lamps-lightweight-cmp-profile] Brockhaus, H., Fries, S., and D. V. Oheimb, "Lightweight Certificate Management Protocol (CMP) Profile", Work in Progress, Internet-Draft, draft-ietf-lamps-lightweight- - cmp-profile-06, 9 July 2021, + cmp-profile-07, 25 October 2021, . + lightweight-cmp-profile-07>. [IEEE.802.1AR_2018] IEEE, "IEEE Standard for Local and metropolitan area networks - Secure Device Identity", IEEE 802.1AR-2018, DOI 10.1109/IEEESTD.2018.8423794, 2 August 2018, . Appendix A. ASN.1 Modules A.1. 1988 ASN.1 Module @@ -1627,31 +1589,30 @@ dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2021-88(99)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- IMPORTS - - Certificate, CertificateList, Extensions, Name, + Certificate, CertificateList, Extensions, Name, Time, AlgorithmIdentifier, id-kp --, UTF8String -- -- if required; otherwise, comment out FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(18)} -- The import of Name is added to define CertificationRequest -- instead of importing it from PKCS#10 [RFC2986] - GeneralName, KeyIdentifier + DistributionPointName, GeneralNames, GeneralName, KeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(19)} CertTemplate, PKIPublicationInfo, EncryptedKey, CertId, CertReqMessages, Controls, AttributeTypeAndValue, id-regCtrl FROM PKIXCRMF-2005 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005(36)} -- The import of EncryptedKey is added due to the updates made @@ -2091,29 +2053,24 @@ -- public-key certificate id-regCtrl-algId OBJECT IDENTIFIER ::= { id-regCtrl 11 } AlgIdCtrl ::= AlgorithmIdentifier -- SHALL be used to specify supported algorithms other than RSA id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { id-regCtrl 12 } RsaKeyLenCtrl ::= INTEGER (1..MAX) -- SHALL be used to specify supported RSA key lengths - -- OldTrustAnchor, TrustAnchorUpdateContent, CRLSource, and - -- CRLStatus were added in CMP Updates [thisRFC] - - OldTrustAnchor ::= CHOICE { - certificate CMPCertificate, - publicKey BIT STRING - } + -- RootCaKeyUpdateContent, CRLSource, and CRLStatus were added in + -- CMP Updates [thisRFC] - TrustAnchorUpdate ::= SEQUENCE { + RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, -- new root CA certificate newWithOld [0] CMPCertificate OPTIONAL, -- X.509 certificate containing the new public root CA key -- signed with the old private root CA key oldWithNew [1] CMPCertificate OPTIONAL -- X.509 certificate containing the old public root CA key -- signed with the new private root CA key } @@ -2166,29 +2123,29 @@ -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} -- ConfirmWaitTimeValue ::= GeneralizedTime -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} -- OrigPKIMessageValue ::= PKIMessages -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} -- SuppLangTagsValue ::= SEQUENCE OF UTF8String -- id-it-caCerts OBJECT IDENTIFIER ::= {id-it 17} -- CaCertsValue ::= SEQUENCE SIZE (1..MAX) OF -- CMPCertificate -- - id-it-caCerts added in CMP Updates [thisRFC] - -- id-it-trustAnchorUpdate OBJECT IDENTIFIER ::= {id-it 18} - -- TrustAnchorUpdateValue ::= TrustAnchorUpdate - -- - id-it-trustAnchorUpdate added in CMP Updates [thisRFC] + -- id-it-rootCaKeyUpdate OBJECT IDENTIFIER ::= {id-it 18} + -- RootCaKeyUpdateValue ::= RootCaKeyUpdateContent + -- - id-it-rootCaKeyUpdate added in CMP Updates [thisRFC] -- id-it-certReqTemplate OBJECT IDENTIFIER ::= {id-it 19} -- CertReqTemplateValue ::= CertReqTemplateContent -- - id-it-certReqTemplate added in CMP Updates [thisRFC] - -- id-it-oldTrustAnchor OBJECT IDENTIFIER ::= {id-it 20} - -- OldTrustAnchorValue ::= OldTrustAnchor - -- - id-it-oldTrustAnchor added in CMP Updates [thisRFC] + -- id-it-rootCaCert OBJECT IDENTIFIER ::= {id-it 20} + -- RootCaCertValue ::= CMPCertificate + -- - id-it-rootCaCert added in CMP Updates [thisRFC] -- id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21} -- CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF -- UTF8String -- - id-it-certProfile added in CMP Updates [thisRFC] -- id-it-crlStatusList OBJECT IDENTIFIER ::= {id-it TBD1} -- CRLStatusListValue ::= SEQUENCE SIZE (1..MAX) OF -- CRLStatus -- - id-it-crlStatusList added in CMP Updates [thisRFC] -- id-it-crls OBJECT IDENTIFIER ::= {id-it TBD2} -- CRLsValue ::= SEQUENCE SIZE (1..MAX) OF @@ -2289,26 +2244,26 @@ {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, DIGEST-ALGORITHM, MAC-ALGORITHM FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} - Certificate, CertificateList, id-kp + Certificate, CertificateList, Time, id-kp FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} - GeneralName, KeyIdentifier + DistributionPointName, GeneralNames, GeneralName, KeyIdentifier FROM PKIX1Implicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} CertTemplate, PKIPublicationInfo, EncryptedKey, CertId, CertReqMessages, Controls, RegControlSet, id-regCtrl FROM PKIXCRMF-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) } @@ -2750,29 +2703,24 @@ -- SHALL be used to specify supported algorithms other than RSA regCtrl-rsaKeyLen ATTRIBUTE ::= { TYPE RsaKeyLenCtrl IDENTIFIED BY id-regCtrl-rsaKeyLen } id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { id-regCtrl 12 } RsaKeyLenCtrl ::= INTEGER (1..MAX) -- SHALL be used to specify supported RSA key lengths - -- OldTrustAnchor, TrustAnchorUpdateContent, CRLSource, and CRLStatus - -- were added in CMP Updates [thisRFC] - - OldTrustAnchor ::= CHOICE { - certificate CMPCertificate, - publicKey BIT STRING - } + -- RootCaKeyUpdateContent, CRLSource, and CRLStatus were added in + -- CMP Updates [thisRFC] - TrustAnchorUpdate ::= SEQUENCE { + RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, -- new root CA certificate newWithOld [0] CMPCertificate OPTIONAL, -- X.509 certificate containing the new public root CA key -- signed with the old private root CA key oldWithNew [1] CMPCertificate OPTIONAL -- X.509 certificate containing the old public root CA key -- signed with the new private root CA key } @@ -2831,29 +2779,29 @@ -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} -- ConfirmWaitTimeValue ::= GeneralizedTime -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} -- OrigPKIMessageValue ::= PKIMessages -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} -- SuppLangTagsValue ::= SEQUENCE OF UTF8String -- id-it-caCerts OBJECT IDENTIFIER ::= {id-it 17} -- CaCertsValue ::= SEQUENCE SIZE (1..MAX) OF -- CMPCertificate -- - id-it-caCerts added in CMP Updates [thisRFC] - -- id-it-trustAnchorUpdate OBJECT IDENTIFIER ::= {id-it 18} - -- TrustAnchorUpdateValue ::= TrustAnchorUpdate - -- - id-it-trustAnchorUpdate added in CMP Updates [thisRFC] + -- id-it-rootCaKeyUpdate OBJECT IDENTIFIER ::= {id-it 18} + -- RootCaKeyUpdateValue ::= RootCaKeyUpdateContent + -- - id-it-rootCaKeyUpdate added in CMP Updates [thisRFC] -- id-it-certReqTemplate OBJECT IDENTIFIER ::= {id-it 19} -- CertReqTemplateValue ::= CertReqTemplateContent -- - id-it-certReqTemplate added in CMP Updates [thisRFC] - -- id-it-oldTrustAnchor OBJECT IDENTIFIER ::= {id-it 20} - -- OldTrustAnchorValue ::= OldTrustAnchor - -- - id-it-oldTrustAnchor added in CMP Updates [thisRFC] + -- id-it-rootCaCert OBJECT IDENTIFIER ::= {id-it 20} + -- RootCaCertValue ::= CMPCertificate + -- - id-it-rootCaCert added in CMP Updates [thisRFC] -- id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21} -- CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF -- UTF8String -- - id-it-certProfile added in CMP Updates [thisRFC] -- id-it-crlStatusList OBJECT IDENTIFIER ::= {id-it TBD1} -- CRLStatusListValue ::= SEQUENCE SIZE (1..MAX) OF -- CRLStatus -- - id-it-crlStatusList added in CMP Updates [thisRFC] -- id-it-crls OBJECT IDENTIFIER ::= {id-it TBD2} -- CRLsValue ::= SEQUENCE SIZE (1..MAX) OF @@ -2888,31 +2836,30 @@ -- Receiver MAY ignore any contained OIDs that it does not -- recognize. ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, -- implementation-specific error codes errorDetails PKIFreeText OPTIONAL -- implementation-specific error details } - CertConfirmContent ::= SEQUENCE OF CertStatus CertStatus ::= SEQUENCE { certHash OCTET STRING, -- the hash of the certificate, using the same hash algorithm -- as is used to create and verify the certificate signature certReqId INTEGER, -- to match this confirmation with the corresponding req/rep statusInfo PKIStatusInfo OPTIONAL, - hashAlg [0] AlgorithmIdentifier OPTIONAL + hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL -- the hash algorithm to use for calculating certHash -- SHOULD NOT be used in all cases where the AlgorithmIdentifier -- of the certificate signature specifies a hash algorithm } PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, @@ -2931,20 +2878,34 @@ -- id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 } id-kp-cmKGA OBJECT IDENTIFIER ::= { id-kp 32 } END Appendix B. History of changes Note: This appendix will be deleted in the final version of the document. + From version 13 -> 14: + + * Extended id-it-caCerts support message to allow transporting to- + be-trusted root CA certificates; added respective security + consideration (see thread "Generalizing the CMP "Get CA + certificates" use case") + + * Rolled back changes made in previous version regarding root CA + update to avoid registration of new OIDs. Yet we sticked to using + id-it-rootCaCert in the genm body instead its headers' generalInfo + field and removed the ToDos and TBDs on re-arranging id-it OIDs + (see thread "Allocation of OIDs for CRL update retrieval (draft- + ietf-lamps-cmp-updates-13)") + From version 12 -> 13: * Added John Gray to the list of authors due to fruitful discussion and important proposals * Fixed errata no. 2615, 2616, 3949, 4078, and 5201 on RFC 4210 * Added reference on RFC 8933 regarding CMS signedAttrs to Section 2.7 * Updated Section 2.9 and the ASN.1 modules moving the position of the hashAlg field (see thread "[CMP Updates] position of hashAlg in certStatus")