draft-ietf-lamps-rfc7030est-clarify-01.txt   draft-ietf-lamps-rfc7030est-clarify-02.txt 
skipping to change at page 1, line 13 skipping to change at page 1, line 13
LAMPS Working Group M. Richardson LAMPS Working Group M. Richardson
Internet-Draft Sandelman Software Works Internet-Draft Sandelman Software Works
Intended status: Standards Track T. Werner Intended status: Standards Track T. Werner
Expires: September 6, 2020 Siemens Expires: September 6, 2020 Siemens
W. Pan W. Pan
Huawei Technologies Huawei Technologies
March 05, 2020 March 05, 2020
Clarification of Enrollment over Secure Transport (EST): transfer Clarification of Enrollment over Secure Transport (EST): transfer
encodings and ASN.1 encodings and ASN.1
draft-ietf-lamps-rfc7030est-clarify-01 draft-ietf-lamps-rfc7030est-clarify-02
Abstract Abstract
This document updates RFC7030: Enrollment over Secure Transport (EST) This document updates RFC7030: Enrollment over Secure Transport (EST)
to resolve some errata that was reported, and which has proven to to resolve some errata that was reported, and which has proven to
have interoperability when RFC7030 has been extended. have interoperability when RFC7030 has been extended.
This document deprecates the specification of "Content-Transfer- This document deprecates the specification of "Content-Transfer-
Encoding" headers for EST endpoints, providing a way to do this in an Encoding" headers for EST endpoints, providing a way to do this in an
upward compatible way. This document fixes some syntactical errors upward compatible way. This document fixes some syntactical errors
skipping to change at page 2, line 28 skipping to change at page 2, line 28
5. Clarification of ASN.1 for Certificate Attribute set. . . . . 4 5. Clarification of ASN.1 for Certificate Attribute set. . . . . 4
5.1. CSR Attributes Response . . . . . . . . . . . . . . . . . 4 5.1. CSR Attributes Response . . . . . . . . . . . . . . . . . 4
6. Clarification of error messages for certificate enrollment 6. Clarification of error messages for certificate enrollment
operations . . . . . . . . . . . . . . . . . . . . . . . . . 6 operations . . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1. Updating section 4.2.3: Simple Enroll and Re-enroll 6.1. Updating section 4.2.3: Simple Enroll and Re-enroll
Response . . . . . . . . . . . . . . . . . . . . . . . . 6 Response . . . . . . . . . . . . . . . . . . . . . . . . 6
6.2. Updating section 4.4.2: Server-Side Key Generation 6.2. Updating section 4.4.2: Server-Side Key Generation
Response . . . . . . . . . . . . . . . . . . . . . . . . 6 Response . . . . . . . . . . . . . . . . . . . . . . . . 6
7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8 11.1. Normative References . . . . . . . . . . . . . . . . . . 7
11.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 9 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
[RFC7030] defines the Enrollment over Secure Transport, or EST [RFC7030] defines the Enrollment over Secure Transport, or EST
protocol. protocol.
This specification defines a number of HTTP end points for This specification defines a number of HTTP end points for
certificate enrollment and management. The details of the certificate enrollment and management. The details of the
skipping to change at page 7, line 7 skipping to change at page 7, line 7
Servers MAY use the "text/plain" content-type [RFC2046] Servers MAY use the "text/plain" content-type [RFC2046]
for human-readable errors. for human-readable errors.
7. Privacy Considerations 7. Privacy Considerations
This document does not disclose any additional identifies to either This document does not disclose any additional identifies to either
active or passive observer would see with [RFC7030]. active or passive observer would see with [RFC7030].
8. Security Considerations 8. Security Considerations
This document clarifies an existing security mechanism. # IANA This document clarifies an existing security mechanism. It does not
Considerations create any new protocol mechanism.
9. IANA Considerations
The ASN.1 module in Appendix A of this doucment makes use of object The ASN.1 module in Appendix A of this doucment makes use of object
identifiers (OIDs). This document requests that IANA register an OID identifiers (OIDs). This document requests that IANA register an OID
in the SMI Security for PKIX Arc in the Module identifiers subarc in the SMI Security for PKIX Arc in the Module identifiers subarc
(1.3.6.1.5.5.7.0) for the ASN.1 module. The OID for the Asymmetric (1.3.6.1.5.5.7.0) for the ASN.1 module. The OID for the Asymmetric
Decryption Key Identifier (1.2.840.113549.1.9.16.2.54) was previously Decryption Key Identifier (1.2.840.113549.1.9.16.2.54) was previously
defined in [RFC7030]. defined in [RFC7030].
IANA is requested to update the "Reference" column for the Asymmetric IANA is requested to update the "Reference" column for the Asymmetric
Decryption Key Identifier attribute to also include a reference to Decryption Key Identifier attribute to also include a reference to
this doducment. this doducment.
9. Acknowledgements 10. Acknowledgements
This work was supported by the Huawei Technologies. This work was supported by the Huawei Technologies.
The ASN.1 Module was assembled by Russ Housley and formatted by Sean The ASN.1 Module was assembled by Russ Housley and formatted by Sean
Turner. Turner.
10. References 11. References
10.1. Normative References 11.1. Normative References
[I-D.ietf-anima-bootstrapping-keyinfra] [I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Eckert, T., Behringer, M., Pritikin, M., Richardson, M., Eckert, T., Behringer, M.,
and K. Watsen, "Bootstrapping Remote Secure Key and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-37 (work in progress), February 2020. keyinfra-37 (work in progress), February 2020.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
skipping to change at page 8, line 34 skipping to change at page 8, line 39
[X683] ITU-T, "Information technology - Abstract Syntax Notation [X683] ITU-T, "Information technology - Abstract Syntax Notation
One: Parameterization of ASN.1 Specifications.", ISO/ One: Parameterization of ASN.1 Specifications.", ISO/
IEC 8824-2:2002, 2002. IEC 8824-2:2002, 2002.
[X690] ITU-T, "Information technology - ASN.1 encoding Rules: [X690] ITU-T, "Information technology - ASN.1 encoding Rules:
Specification of Basic Encoding Rules (BER), Canonical Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules Encoding Rules (CER) and Distinguished Encoding Rules
(DER).", ISO/IEC 8825-1:2002, 2002. (DER).", ISO/IEC 8825-1:2002, 2002.
10.2. Informative References 11.2. Informative References
[errata4384] [errata4384]
"EST errata 4384: ASN.1 encoding error", n.d., "EST errata 4384: ASN.1 encoding error", n.d.,
<https://www.rfc-editor.org/errata/eid4384>. <https://www.rfc-editor.org/errata/eid4384>.
[errata5107] [errata5107]
"EST errata 5107: use Content-Transfer-Encoding", n.d., "EST errata 5107: use Content-Transfer-Encoding", n.d.,
<https://www.rfc-editor.org/errata/eid5107>. <https://www.rfc-editor.org/errata/eid5107>.
[errata5108] [errata5108]
 End of changes. 7 change blocks. 
11 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/