| draft-ietf-lamps-cmp-updates-15.txt | draft-ietf-lamps-cmp-updates-16.txt | |||
|---|---|---|---|---|
| LAMPS Working Group H. Brockhaus, Ed. | LAMPS Working Group H. Brockhaus, Ed. | |||
| Internet-Draft D. von Oheimb | Internet-Draft D. von Oheimb | |||
| Updates: 4210, 5912, 6712 (if approved) Siemens | Updates: 4210, 5912, 6712 (if approved) Siemens | |||
| Intended status: Standards Track J. Gray | Intended status: Standards Track J. Gray | |||
| Expires: 20 June 2022 Entrust | Expires: 25 June 2022 Entrust | |||
| 17 December 2021 | 22 December 2021 | |||
| Certificate Management Protocol (CMP) Updates | Certificate Management Protocol (CMP) Updates | |||
| draft-ietf-lamps-cmp-updates-15 | draft-ietf-lamps-cmp-updates-16 | |||
| Abstract | Abstract | |||
| This document contains a set of updates to the syntax and transfer of | This document contains a set of updates to the syntax and transfer of | |||
| Certificate Management Protocol (CMP) version 2. This document | Certificate Management Protocol (CMP) version 2. This document | |||
| updates RFC 4210, RFC 5912, and RFC 6712. | updates RFC 4210, RFC 5912, and RFC 6712. | |||
| The aspects of CMP updated in this document are using EnvelopedData | The aspects of CMP updated in this document are using EnvelopedData | |||
| instead of EncryptedValue, clarifying the handling of p10cr messages, | instead of EncryptedValue, clarifying the handling of p10cr messages, | |||
| improving the crypto agility, as well as adding new general message | improving the crypto agility, as well as adding new general message | |||
| skipping to change at page 1, line 49 ¶ | skipping to change at page 1, line 49 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 20 June 2022. | This Internet-Draft will expire on 25 June 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| This document may contain material from IETF Documents or IETF | ||||
| Contributions published or made publicly available before November | ||||
| 10, 2008. The person(s) controlling the copyright in some of this | ||||
| material may not have granted the IETF Trust the right to allow | ||||
| modifications of such material outside the IETF Standards Process. | ||||
| Without obtaining an adequate license from the person(s) controlling | ||||
| the copyright in such materials, this document may not be modified | ||||
| outside the IETF Standards Process, and derivative works of it may | ||||
| not be created outside the IETF Standards Process, except to format | ||||
| it for publication as an RFC or to translate it into languages other | ||||
| than English. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Convention and Terminology . . . . . . . . . . . . . . . 4 | 1.1. Convention and Terminology . . . . . . . . . . . . . . . 4 | |||
| 2. Updates to RFC 4210 - Certificate Management Protocol | 2. Updates to RFC 4210 - Certificate Management Protocol | |||
| (CMP) . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | (CMP) . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. New Section 1.1. - Changes since RFC 4210 . . . . . . . . 4 | 2.1. New Section 1.1. - Changes since RFC 4210 . . . . . . . . 4 | |||
| 2.2. New Section 4.5 - Extended Key Usage . . . . . . . . . . 5 | 2.2. New Section 4.5 - Extended Key Usage . . . . . . . . . . 5 | |||
| 2.3. Update Section 5.1.1. - PKI Message Header . . . . . . . 7 | 2.3. Update Section 5.1.1. - PKI Message Header . . . . . . . 7 | |||
| 2.4. New Section 5.1.1.3. - CertProfile . . . . . . . . . . . 7 | 2.4. New Section 5.1.1.3. - CertProfile . . . . . . . . . . . 7 | |||
| skipping to change at page 3, line 32 ¶ | skipping to change at page 3, line 42 ¶ | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 33 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 33 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 33 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 33 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 35 | 7.2. Informative References . . . . . . . . . . . . . . . . . 35 | |||
| Appendix A. ASN.1 Modules . . . . . . . . . . . . . . . . . . . 36 | Appendix A. ASN.1 Modules . . . . . . . . . . . . . . . . . . . 36 | |||
| A.1. 1988 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 36 | A.1. 1988 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 36 | |||
| A.2. 2002 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 50 | A.2. 2002 ASN.1 Module . . . . . . . . . . . . . . . . . . . . 50 | |||
| Appendix B. History of changes . . . . . . . . . . . . . . . . . 63 | Appendix B. History of changes . . . . . . . . . . . . . . . . . 63 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 68 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 | |||
| 1. Introduction | 1. Introduction | |||
| While using CMP [RFC4210] in industrial and IoT environments and | While using CMP [RFC4210] in industrial and IoT environments and | |||
| developing the Lightweight CMP Profile | developing the Lightweight CMP Profile | |||
| [I-D.ietf-lamps-lightweight-cmp-profile] some limitations were | [I-D.ietf-lamps-lightweight-cmp-profile] some limitations were | |||
| identified in the original CMP specification. This document updates | identified in the original CMP specification. This document updates | |||
| RFC 4210 [RFC4210] and RFC 6712 [RFC6712] to overcome these | RFC 4210 [RFC4210] and RFC 6712 [RFC6712] to overcome these | |||
| limitations. | limitations. | |||
| skipping to change at page 63, line 43 ¶ | skipping to change at page 63, line 43 ¶ | |||
| -- id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 } | -- id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 } | |||
| id-kp-cmKGA OBJECT IDENTIFIER ::= { id-kp 32 } | id-kp-cmKGA OBJECT IDENTIFIER ::= { id-kp 32 } | |||
| END | END | |||
| Appendix B. History of changes | Appendix B. History of changes | |||
| Note: This appendix will be deleted in the final version of the | Note: This appendix will be deleted in the final version of the | |||
| document. | document. | |||
| From version 15 -> 16: | ||||
| * Updated IPR disclaimer | ||||
| From version 14 -> 15: | From version 14 -> 15: | |||
| * Updated Section 2.16 clarifying the usage of CRLSource (see thread | * Updated Section 2.16 clarifying the usage of CRLSource (see thread | |||
| "CRL update retrieval - WG Last Call for draft-ietf-lamps-cmp- | "CRL update retrieval - WG Last Call for draft-ietf-lamps-cmp- | |||
| updates-14 and draft-ietf-lamps-lightweight-cmp-profile-08") | updates-14 and draft-ietf-lamps-lightweight-cmp-profile-08") | |||
| * Updated Section 2.22 adding further references regarding random | * Updated Section 2.22 adding further references regarding random | |||
| number generation (see thread "CMP draft WGLC: measuring entropy, | number generation (see thread "CMP draft WGLC: measuring entropy, | |||
| CA certificates") | CA certificates") | |||
| * Fixed some nits | * Fixed some nits | |||
| From version 13 -> 14: | From version 13 -> 14: | |||
| * Extended id-it-caCerts support message to allow transporting to- | * Extended id-it-caCerts support message to allow transporting to- | |||
| be-trusted root CA certificates; added respective security | be-trusted root CA certificates; added respective security | |||
| consideration (see thread "Generalizing the CMP "Get CA | consideration (see thread "Generalizing the CMP "Get CA | |||
| certificates" use case") | certificates" use case") | |||
| * Rolled back changes made in previous version regarding root CA | * Rolled back changes made in previous version regarding root CA | |||
| update to avoid registration of new OIDs. Yet we sticked to using | update to avoid registration of new OIDs. Yet we sticked to using | |||
| id-it-rootCaCert in the genm body instead its headers' generalInfo | id-it-rootCaCert in the genm body instead its headers' generalInfo | |||
| field and removed the ToDos and TBDs on re-arranging id-it OIDs | field and removed the ToDos and TBDs on re-arranging id-it OIDs | |||
| End of changes. 8 change blocks. | ||||
| 5 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||