< draft-richardson-lamps-rfc7030est-clarify-01.txt   draft-richardson-lamps-rfc7030est-clarify-02.txt >
LAMPS Working Group M. Richardson LAMPS Working Group M. Richardson
Internet-Draft Sandelman Software Works Internet-Draft Sandelman Software Works
Intended status: Standards Track T. Werner Intended status: Standards Track T. Werner
Expires: December 19, 2019 Siemens Expires: December 20, 2019 Siemens
June 17, 2019 W. Pan
Huawei Technologies
June 18, 2019
Clarification of Enrollment over Secure Transport (EST): transfer Clarification of Enrollment over Secure Transport (EST): transfer
encodings and ASN.1 encodings and ASN.1
draft-richardson-lamps-rfc7030est-clarify-01 draft-richardson-lamps-rfc7030est-clarify-02
Abstract Abstract
This document updates RFC7030: Enrollment over Secure Transport (EST) This document updates RFC7030: Enrollment over Secure Transport (EST)
to resolve some errata that was reported, and which has proven to to resolve some errata that was reported, and which has proven to
have interoperability when RFC7030 has been extended. have interoperability when RFC7030 has been extended.
This document deprecates the specification of "Content-Transfer- This document deprecates the specification of "Content-Transfer-
Encoding" headers for EST endpoints, providing a way to do this in an Encoding" headers for EST endpoints, providing a way to do this in an
upward compatible way. This document additional defines a GRASP upward compatible way. This document additional defines a GRASP
skipping to change at page 1, line 43 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 19, 2019. This Internet-Draft will expire on December 20, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
4. Changes to EST endpoint processing . . . . . . . . . . . . . 3 4. Changes to EST endpoint processing . . . . . . . . . . . . . 3
5. Clarification of ASN.1 for Certificate Attribute set. . . . . 4 5. Clarification of ASN.1 for Certificate Attribute set. . . . . 4
6. Clarification of error messages for certificate enrollment 6. Clarification of error messages for certificate enrollment
operations . . . . . . . . . . . . . . . . . . . . . . . . . 4 operations . . . . . . . . . . . . . . . . . . . . . . . . . 4
7. Definition of GRASP discovery for updated EST servers . . . . 4 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4 8. Security Considerations . . . . . . . . . . . . . . . . . . . 4
9. Security Considerations . . . . . . . . . . . . . . . . . . . 4 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 11.1. Normative References . . . . . . . . . . . . . . . . . . 4
12.1. Normative References . . . . . . . . . . . . . . . . . . 4 11.2. Informative References . . . . . . . . . . . . . . . . . 5
12.2. Informative References . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
{[RFC7030}} defines the Enrollment over Secure Transport, or EST [RFC7030] defines the Enrollment over Secure Transport, or EST
protocol. protocol.
This specification defines a number of HTTP end points for This specification defines a number of HTTP end points for
certificate enrollment and management. The details of the certificate enrollment and management. The details of the
transaction were defined in terms of MIME headers as defined in transaction were defined in terms of MIME headers as defined in
[RFC2045], rather than in terms of the HTTP protocol as defined in [RFC2045], rather than in terms of the HTTP protocol as defined in
[RFC2616] and [RFC7230]. [RFC2616] and [RFC7230].
[RFC2616] has text specifically deprecating Content-Transfer- [RFC2616] and later [RFC7231] Appendix A.5 has text specifically
Encoding. [RFC7030] calls it out this header incorrectly. deprecating Content-Transfer-Encoding.
[RFC7030] calls it out this header incorrectly.
[I-D.ietf-anima-bootstrapping-keyinfra] extends [RFC7030], adding new [I-D.ietf-anima-bootstrapping-keyinfra] extends [RFC7030], adding new
functionality, and interop testing of the protocol has revealed that functionality, and interop testing of the protocol has revealed that
unusual processing called out in [RFC7030] causes confusion. unusual processing called out in [RFC7030] causes confusion.
EST is currently specified as part of IEC 62351, and is widely used EST is currently specified as part of IEC 62351, and is widely used
in Government, Utilities and Financial markets today. in Government, Utilities and Financial markets today.
Changes to [RFC7030] to bring it inline with typical HTTP processing Changes to [RFC7030] to bring it inline with typical HTTP processing
would change the on-wire protocol in a way that is not backwards would change the on-wire protocol in a way that is not backwards
skipping to change at page 4, line 14 skipping to change at page 4, line 14
5. Clarification of ASN.1 for Certificate Attribute set. 5. Clarification of ASN.1 for Certificate Attribute set.
errata 4384. errata 4384.
6. Clarification of error messages for certificate enrollment 6. Clarification of error messages for certificate enrollment
operations operations
errata 5108. errata 5108.
7. Definition of GRASP discovery for updated EST servers 7. Privacy Considerations
An ANIMA ACP device can discover the location of the nearest EST
server using a [I-D.ietf-anima-grasp-api] M_DISCOVERY mechanism.
objective = ["AN_EST", F_DISC, 255 ]
8. Privacy Considerations
This document does not disclose any additional identifies to either This document does not disclose any additional identifies to either
active or passive observer would see with [RFC7030]. active or passive observer would see with [RFC7030].
9. Security Considerations 8. Security Considerations
This document clarifies an existing security mechanism. An option is This document clarifies an existing security mechanism. An option is
introduced to the security mechanism using an implicit negotiation. introduced to the security mechanism using an implicit negotiation.
10. IANA Considerations 9. IANA Considerations
Allocate the name AN_EST from the [I-D.ietf-anima-grasp-api] "GRASP This document does not require any registrations.
Objective Names Table".
11. Acknowledgements 10. Acknowledgements
This work was supported by the Huawei Technologies. This work was supported by the Huawei Technologies.
12. References 11. References
12.1. Normative References 11.1. Normative References
[I-D.ietf-anima-bootstrapping-keyinfra] [I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Behringer, M., Bjarnason, Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
S., and K. Watsen, "Bootstrapping Remote Secure Key S., and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-21 (work in progress), June 2019. keyinfra-21 (work in progress), June 2019.
[I-D.ietf-anima-grasp-api]
Carpenter, B., Liu, B., Wang, W., and X. Gong, "Generic
Autonomic Signaling Protocol Application Program Interface
(GRASP API)", draft-ietf-anima-grasp-api-03 (work in
progress), January 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<https://www.rfc-editor.org/info/rfc4648>. <https://www.rfc-editor.org/info/rfc4648>.
[RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., [RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
"Enrollment over Secure Transport", RFC 7030, "Enrollment over Secure Transport", RFC 7030,
DOI 10.17487/RFC7030, October 2013, DOI 10.17487/RFC7030, October 2013,
<https://www.rfc-editor.org/info/rfc7030>. <https://www.rfc-editor.org/info/rfc7030>.
12.2. Informative References 11.2. Informative References
[errata4384] [errata4384]
"EST errata 4384: ASN.1 encoding error", n.d., "EST errata 4384: ASN.1 encoding error", n.d.,
<https://www.rfc-editor.org/errata/eid4384>. <https://www.rfc-editor.org/errata/eid4384>.
[errata5107] [errata5107]
"EST errata 5107: use Content-Transfer-Encoding", n.d., "EST errata 5107: use Content-Transfer-Encoding", n.d.,
<https://www.rfc-editor.org/errata/eid5107>. <https://www.rfc-editor.org/errata/eid5107>.
[errata5108] [errata5108]
skipping to change at page 6, line 10 skipping to change at page 5, line 40
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, Transfer Protocol -- HTTP/1.1", RFC 2616,
DOI 10.17487/RFC2616, June 1999, DOI 10.17487/RFC2616, June 1999,
<https://www.rfc-editor.org/info/rfc2616>. <https://www.rfc-editor.org/info/rfc2616>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<https://www.rfc-editor.org/info/rfc7230>. <https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
DOI 10.17487/RFC7231, June 2014,
<https://www.rfc-editor.org/info/rfc7231>.
Authors' Addresses Authors' Addresses
Michael Richardson Michael Richardson
Sandelman Software Works Sandelman Software Works
Email: mcr+ietf@sandelman.ca Email: mcr+ietf@sandelman.ca
Thomas Werner Thomas Werner
Siemens Siemens
Email: thomas.werner@siemens.com Email: thomas.werner@siemens.com
Wei Pan
Huawei Technologies
Email: william.panwei@huawei.com
 End of changes. 18 change blocks. 
39 lines changed or deleted 32 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/