draft-ietf-lamps-rfc7030est-clarify-03.txt   draft-ietf-lamps-rfc7030est-clarify-04.txt 
LAMPS Working Group M. Richardson LAMPS Working Group M. Richardson
Internet-Draft Sandelman Software Works Internet-Draft Sandelman Software Works
Updates: RFC7030 (if approved) T. Werner Updates: RFC7030 (if approved) T. Werner
Intended status: Standards Track Siemens Intended status: Standards Track Siemens
Expires: October 27, 2020 W. Pan Expires: October 29, 2020 W. Pan
Huawei Technologies Huawei Technologies
April 25, 2020 April 27, 2020
Clarification of Enrollment over Secure Transport (EST): transfer Clarification of Enrollment over Secure Transport (EST): transfer
encodings and ASN.1 encodings and ASN.1
draft-ietf-lamps-rfc7030est-clarify-03 draft-ietf-lamps-rfc7030est-clarify-04
Abstract Abstract
This document updates RFC7030: Enrollment over Secure Transport (EST) This document updates RFC7030: Enrollment over Secure Transport (EST)
to resolve some errata that was reported, and which has proven to to resolve some errata that was reported, and which has proven to
cause interoperability issues when RFC7030 was extended. cause interoperability issues when RFC7030 was extended.
This document deprecates the specification of "Content-Transfer- This document deprecates the specification of "Content-Transfer-
Encoding" headers for EST endpoints. This document fixes some Encoding" headers for EST endpoints. This document fixes some
syntactical errors in ASN.1 that was presented. syntactical errors in ASN.1 that was presented.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 27, 2020. This Internet-Draft will expire on October 29, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 32 skipping to change at page 4, line 32
content-type of "application/csrattrs", and are to be "base64" content-type of "application/csrattrs", and are to be "base64"
[RFC2045] encoded. The syntax for application/csrattrs body is as [RFC2045] encoded. The syntax for application/csrattrs body is as
follows: follows:
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
AttrOrOID ::= CHOICE { AttrOrOID ::= CHOICE {
oid OBJECT IDENTIFIER, oid OBJECT IDENTIFIER,
attribute Attribute {{AttrSet}} } attribute Attribute {{AttrSet}} }
AttrSet ATTRIBUTE ::= { aa-asymDecryptKeyId, ... } AttrSet ATTRIBUTE ::= { aa-asymmDecryptKeyID, ... }
An EST server includes zero or more OIDs or attributes [RFC2986] that An EST server includes zero or more OIDs or attributes [RFC2986] that
it requests the client to use in the certification request. The it requests the client to use in the certification request. The
client MUST ignore any OID or attribute it does not recognize. When client MUST ignore any OID or attribute it does not recognize. When
the server encodes CSR Attributes as an empty SEQUENCE, it means that the server encodes CSR Attributes as an empty SEQUENCE, it means that
the server has no specific additional information it desires in a the server has no specific additional information it desires in a
client certification request (this is functionally equivalent to an client certification request (this is functionally equivalent to an
HTTP response code of 204 or 404). HTTP response code of 204 or 404).
If the CA requires a particular cryptographic algorithm or use of a If the CA requires a particular cryptographic algorithm or use of a
skipping to change at page 11, line 36 skipping to change at page 11, line 36
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ;
-- CSR Attributes -- CSR Attributes
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
AttrOrOID ::= CHOICE { AttrOrOID ::= CHOICE {
oid OBJECT IDENTIFIER, oid OBJECT IDENTIFIER,
attribute Attribute {{AttrSet}} } attribute Attribute {{AttrSet}} }
AttrSet ATTRIBUTE ::= { aa-symmDecrytKeyID, ... } AttrSet ATTRIBUTE ::= { aa-asymmDecrytKeyID, ... }
-- Asymmetric Decrypt Key Identifier Attribute -- Asymmetric Decrypt Key Identifier Attribute
aa-asymmDecryptKeyID ATTRIBUTE ::= aa-asymmDecryptKeyID ATTRIBUTE ::=
{ TYPE AsymmetricDecryptKeyIdentifier { TYPE AsymmetricDecryptKeyIdentifier
IDENTIFIED BY id-aa-asymmDecryptKeyID } IDENTIFIED BY id-aa-asymmDecryptKeyID }
id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 } us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 }
 End of changes. 6 change blocks. 
6 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/