| < draft-housley-ct-keypackage-receipt-n-error-02.txt | draft-housley-ct-keypackage-receipt-n-error-03.txt > | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) Russ Housley | Internet Engineering Task Force (IETF) Russ Housley | |||
| Internet-Draft Vigil Security | Internet-Draft Vigil Security | |||
| Intended Status: Standards Track 17 May 2013 | Intended Status: Standards Track 17 June 2013 | |||
| Expires: 17 November 2013 | Expires: 17 December 2013 | |||
| Cryptographic Message Syntax (CMS) | Cryptographic Message Syntax (CMS) | |||
| Key Package Receipt and Error Content Types | Key Package Receipt and Error Content Types | |||
| draft-housley-ct-keypackage-receipt-n-error-02.txt | draft-housley-ct-keypackage-receipt-n-error-03.txt | |||
| Abstract | Abstract | |||
| This document defines the syntax for two Cryptographic Message Syntax | This document defines the syntax for two Cryptographic Message Syntax | |||
| (CMS) content types, one for key package receipts, and another for | (CMS) content types, one for key package receipts, and another for | |||
| key package errors. The key package receipt content type is used to | key package errors. The key package receipt content type is used to | |||
| confirm receipt of an identified key package or collection of key | confirm receipt of an identified key package or collection of key | |||
| packages. The key package error content type is used to indicate an | packages. The key package error content type is used to indicate an | |||
| error occurred during the processing of a key package. CMS can be | error occurred during the processing of a key package. CMS can be | |||
| used to digitally sign, digest, authenticate, or encrypt these | used to digitally sign, digest, authenticate, or encrypt these | |||
| skipping to change at page 4, line 9 ¶ | skipping to change at page 4, line 9 ¶ | |||
| The nameValue is an OCTET STRING, which allows the canonical form of | The nameValue is an OCTET STRING, which allows the canonical form of | |||
| any name to be carried. Two names of the same type are considered | any name to be carried. Two names of the same type are considered | |||
| equal if the octet strings are the same length and contain the same | equal if the octet strings are the same length and contain the same | |||
| string of octets. | string of octets. | |||
| SIREntityNames and SIREntityName have the following syntax: | SIREntityNames and SIREntityName have the following syntax: | |||
| SIREntityNames ::= SEQUENCE SIZE (1..MAX) OF SIREntityName | SIREntityNames ::= SEQUENCE SIZE (1..MAX) OF SIREntityName | |||
| SIR-ENTITY-NAME ::= CLASS { | ||||
| &SIRENType OBJECT IDENTIFIER UNIQUE, | ||||
| &SIRENValue | ||||
| } WITH SYNTAX { | ||||
| SYNTAX &SIRENValue IDENTIFIED BY &SIRENType } | ||||
| SIREntityName ::= SEQUENCE { | SIREntityName ::= SEQUENCE { | |||
| nameType OBJECT IDENTIFIER, | sirenType SIR-ENTITY-NAME.&SIRENType({SIREntityNameTypes}), | |||
| nameValue OCTET STRING } | sirenValue OCTET STRING (CONTAINING | |||
| SIR-ENTITY-NAME.&SIRENValue( | ||||
| {SIREntityNameTypes}{@sirenType}) ) } | ||||
| This document defines one SIR entity name type: the DN type. The DN | This document defines one SIR entity name type: the DN type. The DN | |||
| type uses a nameType of id-dn and a nameValue of a Distinguished | type uses a nameType of id-dn and a nameValue of a Distinguished | |||
| Name. The nameValue OCTET STRING carries an ASN.1 encoded Name as | Name. The nameValue OCTET STRING carries an ASN.1 encoded Name as | |||
| specified in [RFC5280]. Note that other documents may define | specified in [RFC5280]. Note that other documents may define | |||
| additional types. | additional types. | |||
| SIREntityNameTypes SIR-ENTITY-NAME ::= { | ||||
| siren-dn, | ||||
| ... -- Expect additional SIR Enitiy Name types -- } | ||||
| siren-dn SIR-ENTITY-NAME ::= { | ||||
| SYNTAX DistinguishedName | ||||
| IDENTIFIED BY id-dn } | ||||
| id-dn OBJECT IDENTIFER ::= { | id-dn OBJECT IDENTIFER ::= { | |||
| joint-iso-ccitt(2) country(16) us(840) organization(1) | joint-iso-ccitt(2) country(16) us(840) organization(1) | |||
| gov(101) dod(2) infosec(1) sir-name-types(16) 0 } | gov(101) dod(2) infosec(1) sir-name-types(16) 0 } | |||
| 3. Key Package Identifier and Receipt Request Attribute | 3. Key Package Identifier and Receipt Request Attribute | |||
| The key-package-identifier-and-receipt-request attribute, as its name | The key-package-identifier-and-receipt-request attribute, as its name | |||
| implies, allows the originator to identify the key package and | implies, allows the originator to identify the key package and | |||
| optionally request receipts. This attribute can appear as a signed, | optionally request receipts. This attribute can appear as a signed, | |||
| authenticated, and content attribute. Signed attributes are carried | authenticated, and content attribute. Signed attributes are carried | |||
| in the CMS Signed-data content type described in Section 5 of | in the CMS Signed-data content type described in Section 5 of | |||
| [RFC5652]. Authenticated attributes are carried in the CMS | [RFC5652]. Authenticated attributes are carried in the CMS | |||
| Authenticated-data content type described in Section 9 of [RFC5652] | Authenticated-data content type described in Section 9 of [RFC5652] | |||
| skipping to change at page 19, line 4 ¶ | skipping to change at page 17, line 31 ¶ | |||
| testing. For this reason, implementations may want to have a way to | testing. For this reason, implementations may want to have a way to | |||
| configure the use of a generic error code or a detailed one. | configure the use of a generic error code or a detailed one. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| None. | None. | |||
| {RFC Editor: Please remove this section before publication.} | {RFC Editor: Please remove this section before publication.} | |||
| 9. Acknowledgements | 9. Acknowledgements | |||
| Thanks to Sean Turner and Jim Schaad for their insightful revie | ||||
| Many thanks to Sean Turner and Jim Schaad for their insightful | ||||
| review. | ||||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", | [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", | |||
| RFC 2634, June 1999. | RFC 2634, June 1999. | |||
| skipping to change at page 21, line 13 ¶ | skipping to change at page 20, line 13 ¶ | |||
| Management Protocol (TAMP)", RFC 5934, August 2010. | Management Protocol (TAMP)", RFC 5934, August 2010. | |||
| Appendix A: ASN.1 Module | Appendix A: ASN.1 Module | |||
| This annex provides the normative ASN.1 definitions for the | This annex provides the normative ASN.1 definitions for the | |||
| structures described in this specification using ASN.1 as defined in | structures described in this specification using ASN.1 as defined in | |||
| [X.680], [X.681], [X.682], and [X.683]. | [X.680], [X.681], [X.682], and [X.683]. | |||
| KeyPackageReceiptAndErrorModuleV2 | KeyPackageReceiptAndErrorModuleV2 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) TBD3 } | smime(16) modules(0) TBD } | |||
| -- TO DO: Get Three OID values assigned. | -- TO DO: Get module OID value assigned. | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS ALL | -- EXPORTS ALL | |||
| IMPORTS | IMPORTS | |||
| -- FROM New SMIME ASN.1 [RFC6268] | -- FROM New SMIME ASN.1 [RFC6268] | |||
| skipping to change at page 21, line 39 ¶ | skipping to change at page 20, line 39 ¶ | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } | pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } | |||
| -- From New PKIX ASN.1 [RFC5912] | -- From New PKIX ASN.1 [RFC5912] | |||
| ATTRIBUTE, SingleAttribute {} | ATTRIBUTE, SingleAttribute {} | |||
| FROM PKIX-CommonTypes-2009 | FROM PKIX-CommonTypes-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkixCommon-02(57) } | id-mod-pkixCommon-02(57) } | |||
| DistinguishedName | ||||
| FROM PKIX1Explicit-2009 | ||||
| { iso(1) identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) id-mod(0) | ||||
| id-mod-pkix1-explicit-02(51)} | ||||
| ; | ; | |||
| --- | --- | |||
| --- Key Package Version Number (revised from [RFC6031]) | --- Key Package Version Number (revised from [RFC6031]) | |||
| --- | --- | |||
| KeyPkgVersion ::= INTEGER { v1(1), v2(2) } (1 .. 65535) | KeyPkgVersion ::= INTEGER { v1(1), v2(2) } (1 .. 65535) | |||
| -- | -- | |||
| -- SIR Entity Name | -- SIR Entity Name | |||
| -- | -- | |||
| SIREntityNames ::= SEQUENCE SIZE (1..MAX) OF SIREntityName | SIREntityNames ::= SEQUENCE SIZE (1..MAX) OF SIREntityName | |||
| SIREntityNameTypes SIR-ENTITY-NAME ::= { | ||||
| siren-dn, | ||||
| ... -- Expect additional SIR Enitiy Name types -- } | ||||
| SIR-ENTITY-NAME ::= CLASS { | ||||
| &SIRENType OBJECT IDENTIFIER UNIQUE, | ||||
| &SIRENValue | ||||
| } WITH SYNTAX { | ||||
| SYNTAX &SIRENValue IDENTIFIED BY &SIRENType } | ||||
| SIREntityName ::= SEQUENCE { | SIREntityName ::= SEQUENCE { | |||
| nameType OBJECT IDENTIFIER, | sirenType SIR-ENTITY-NAME.&SIRENType({SIREntityNameTypes}), | |||
| nameValue OCTET STRING } | sirenValue OCTET STRING (CONTAINING | |||
| SIR-ENTITY-NAME.&SIRENValue( | ||||
| {SIREntityNameTypes}{@sirenType}) ) } | ||||
| siren-dn SIR-ENTITY-NAME ::= { | ||||
| SYNTAX DistinguishedName | ||||
| IDENTIFIED BY id-dn } | ||||
| id-dn OBJECT IDENTIFER ::= { | id-dn OBJECT IDENTIFER ::= { | |||
| joint-iso-ccitt(2) country(16) us(840) organization(1) | joint-iso-ccitt(2) country(16) us(840) organization(1) | |||
| gov(101) dod(2) infosec(1) sir-name-types(16) 0 } | gov(101) dod(2) infosec(1) sir-name-types(16) 0 } | |||
| -- | -- | |||
| -- Attribute Definitions | -- Attribute Definitions | |||
| -- | -- | |||
| aa-keyPackageIdentifierAndReceiptRequest ATTRIBUTE ::= { | aa-keyPackageIdentifierAndReceiptRequest ATTRIBUTE ::= { | |||
| skipping to change at page 23, line 21 ¶ | skipping to change at page 22, line 25 ¶ | |||
| ct-key-package-error, | ct-key-package-error, | |||
| ... -- Expect additional content types -- } | ... -- Expect additional content types -- } | |||
| -- Key Package Receipt CMS Content Type | -- Key Package Receipt CMS Content Type | |||
| ct-key-package-receipt CONTENT-TYPE ::= { | ct-key-package-receipt CONTENT-TYPE ::= { | |||
| TYPE KeyPackageReceipt | TYPE KeyPackageReceipt | |||
| IDENTIFIED BY id-ct-KP-keyPackageReceipt } | IDENTIFIED BY id-ct-KP-keyPackageReceipt } | |||
| id-ct-KP-keyPackageReceipt OBJECT IDENTIFIER ::= { | id-ct-KP-keyPackageReceipt OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) | joint-iso-itu-t(2) country(16) us(840) organization(1) | |||
| smime(16) ct(1) TBD1 } | gov(101) dod(2) infosec(1) formats(2) | |||
| key-package-content-types(78) 3 } | ||||
| KeyPackageReceipt ::= SEQUENCE { | KeyPackageReceipt ::= SEQUENCE { | |||
| version KeyPkgVersion DEFAULT v2, | version KeyPkgVersion DEFAULT v2, | |||
| receiptOf KeyPkgIdentifier, | receiptOf KeyPkgIdentifier, | |||
| receivedBy SIREntityName } | receivedBy SIREntityName } | |||
| KeyPkgIdentifier ::= CHOICE { | KeyPkgIdentifier ::= CHOICE { | |||
| pkgID KeyPkgID, | pkgID KeyPkgID, | |||
| attribute SingleAttribute {{ KeyPkgIdentifiers }} } | attribute SingleAttribute {{ KeyPkgIdentifiers }} } | |||
| KeyPkgIdentifiers ATTRIBUTE ::= { ... } | KeyPkgIdentifiers ATTRIBUTE ::= { ... } | |||
| -- Key Package Receipt CMS Content Type | -- Key Package Receipt CMS Content Type | |||
| ct-key-package-error CONTENT-TYPE ::= { | ct-key-package-error CONTENT-TYPE ::= { | |||
| TYPE KeyPackageError IDENTIFIED BY id-ct-KP-keyPackageError } | TYPE KeyPackageError IDENTIFIED BY id-ct-KP-keyPackageError } | |||
| id-ct-KP-keyPackageError OBJECT IDENTIFIER ::= { | id-ct-KP-keyPackageError OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) | joint-iso-itu-t(2) country(16) us(840) organization(1) | |||
| smime(16) ct(1) TBD2 } | gov(101) dod(2) infosec(1) formats(2) | |||
| key-package-content-types(78) 6 } | ||||
| KeyPackageError ::= SEQUENCE { | KeyPackageError ::= SEQUENCE { | |||
| version KeyPkgVersion DEFAULT v2, | version KeyPkgVersion DEFAULT v2, | |||
| errorOf [0] KeyPkgIdentifier OPTIONAL, | errorOf [0] KeyPkgIdentifier OPTIONAL, | |||
| errorBy SIREntityName, | errorBy SIREntityName, | |||
| errorCode ErrorCodeChoice } | errorCode ErrorCodeChoice } | |||
| ErrorCodeChoice ::= CHOICE { | ErrorCodeChoice ::= CHOICE { | |||
| enum EnumeratedErrorCode, | enum EnumeratedErrorCode, | |||
| oid OBJECT IDENTIFIER } | oid OBJECT IDENTIFIER } | |||
| End of changes. 16 change blocks. | ||||
| 17 lines changed or deleted | 59 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||