| draft-ietf-lamps-rfc7030est-clarify-03.txt | draft-ietf-lamps-rfc7030est-clarify-04.txt | |||
|---|---|---|---|---|
| LAMPS Working Group M. Richardson | LAMPS Working Group M. Richardson | |||
| Internet-Draft Sandelman Software Works | Internet-Draft Sandelman Software Works | |||
| Updates: RFC7030 (if approved) T. Werner | Updates: RFC7030 (if approved) T. Werner | |||
| Intended status: Standards Track Siemens | Intended status: Standards Track Siemens | |||
| Expires: October 27, 2020 W. Pan | Expires: October 29, 2020 W. Pan | |||
| Huawei Technologies | Huawei Technologies | |||
| April 25, 2020 | April 27, 2020 | |||
| Clarification of Enrollment over Secure Transport (EST): transfer | Clarification of Enrollment over Secure Transport (EST): transfer | |||
| encodings and ASN.1 | encodings and ASN.1 | |||
| draft-ietf-lamps-rfc7030est-clarify-03 | draft-ietf-lamps-rfc7030est-clarify-04 | |||
| Abstract | Abstract | |||
| This document updates RFC7030: Enrollment over Secure Transport (EST) | This document updates RFC7030: Enrollment over Secure Transport (EST) | |||
| to resolve some errata that was reported, and which has proven to | to resolve some errata that was reported, and which has proven to | |||
| cause interoperability issues when RFC7030 was extended. | cause interoperability issues when RFC7030 was extended. | |||
| This document deprecates the specification of "Content-Transfer- | This document deprecates the specification of "Content-Transfer- | |||
| Encoding" headers for EST endpoints. This document fixes some | Encoding" headers for EST endpoints. This document fixes some | |||
| syntactical errors in ASN.1 that was presented. | syntactical errors in ASN.1 that was presented. | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 27, 2020. | This Internet-Draft will expire on October 29, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 32 ¶ | skipping to change at page 4, line 32 ¶ | |||
| content-type of "application/csrattrs", and are to be "base64" | content-type of "application/csrattrs", and are to be "base64" | |||
| [RFC2045] encoded. The syntax for application/csrattrs body is as | [RFC2045] encoded. The syntax for application/csrattrs body is as | |||
| follows: | follows: | |||
| CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID | CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID | |||
| AttrOrOID ::= CHOICE { | AttrOrOID ::= CHOICE { | |||
| oid OBJECT IDENTIFIER, | oid OBJECT IDENTIFIER, | |||
| attribute Attribute {{AttrSet}} } | attribute Attribute {{AttrSet}} } | |||
| AttrSet ATTRIBUTE ::= { aa-asymDecryptKeyId, ... } | AttrSet ATTRIBUTE ::= { aa-asymmDecryptKeyID, ... } | |||
| An EST server includes zero or more OIDs or attributes [RFC2986] that | An EST server includes zero or more OIDs or attributes [RFC2986] that | |||
| it requests the client to use in the certification request. The | it requests the client to use in the certification request. The | |||
| client MUST ignore any OID or attribute it does not recognize. When | client MUST ignore any OID or attribute it does not recognize. When | |||
| the server encodes CSR Attributes as an empty SEQUENCE, it means that | the server encodes CSR Attributes as an empty SEQUENCE, it means that | |||
| the server has no specific additional information it desires in a | the server has no specific additional information it desires in a | |||
| client certification request (this is functionally equivalent to an | client certification request (this is functionally equivalent to an | |||
| HTTP response code of 204 or 404). | HTTP response code of 204 or 404). | |||
| If the CA requires a particular cryptographic algorithm or use of a | If the CA requires a particular cryptographic algorithm or use of a | |||
| skipping to change at page 11, line 36 ¶ | skipping to change at page 11, line 36 ¶ | |||
| mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; | mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; | |||
| -- CSR Attributes | -- CSR Attributes | |||
| CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID | CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID | |||
| AttrOrOID ::= CHOICE { | AttrOrOID ::= CHOICE { | |||
| oid OBJECT IDENTIFIER, | oid OBJECT IDENTIFIER, | |||
| attribute Attribute {{AttrSet}} } | attribute Attribute {{AttrSet}} } | |||
| AttrSet ATTRIBUTE ::= { aa-symmDecrytKeyID, ... } | AttrSet ATTRIBUTE ::= { aa-asymmDecrytKeyID, ... } | |||
| -- Asymmetric Decrypt Key Identifier Attribute | -- Asymmetric Decrypt Key Identifier Attribute | |||
| aa-asymmDecryptKeyID ATTRIBUTE ::= | aa-asymmDecryptKeyID ATTRIBUTE ::= | |||
| { TYPE AsymmetricDecryptKeyIdentifier | { TYPE AsymmetricDecryptKeyIdentifier | |||
| IDENTIFIED BY id-aa-asymmDecryptKeyID } | IDENTIFIED BY id-aa-asymmDecryptKeyID } | |||
| id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2) | id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||
| us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 } | us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 } | |||
| End of changes. 6 change blocks. | ||||
| 6 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||