< draft-housley-ers-asn1-modules-01.txt		draft-housley-ers-asn1-modules-02.txt >
	Network Working Group R. Housley		Network Working Group R. Housley
	Internet-Draft Vigil Security		Internet-Draft Vigil Security
	Intended status: Informational C. Wallace		Intended status: Informational C. Wallace
	Expires: 9 September 2021 Red Hound Software		Expires: 22 December 2021 Red Hound Software
	8 March 2021		20 June 2021
	New ASN.1 Modules for the Evidence Record Syntax (ERS)		New ASN.1 Modules for the Evidence Record Syntax (ERS)
	draft-housley-ers-asn1-modules-01		draft-housley-ers-asn1-modules-02
	Abstract		Abstract
	The Evidence Record Syntax (ERS) and the conventions for including		The Evidence Record Syntax (ERS) and the conventions for including
	these evidence record in the Server-based Certificate Validation		these evidence record in the Server-based Certificate Validation
	Protocol (SCVP) are expressed using ASN.1. This document offers		Protocol (SCVP) are expressed using ASN.1. This document offers
	alternatives for the ASN.1 modules to conform to the 2002 version of		alternate ASN.1 modules that conform to the 2002 version of ASN.1 and
	ASN.1 and employ the conventions adopted in RFC 5911, RFC 5912, and		employ the conventions adopted in RFC 5911, RFC 5912, and RFC 6268.
	RFC 6268. There are no bits-on-the-wire changes to any of the		There are no bits-on-the-wire changes to any of the formats; this is
	formats; this is simply a change to the ASN.1 syntax.		simply a change to the ASN.1 syntax.
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.		provisions of BCP 78 and BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on 9 September 2021.		This Internet-Draft will expire on 22 December 2021.
	Copyright Notice		Copyright Notice
	Copyright (c) 2021 IETF Trust and the persons identified as the		Copyright (c) 2021 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents (https://trustee.ietf.org/		Provisions Relating to IETF Documents (https://trustee.ietf.org/
	license-info) in effect on the date of publication of this document.		license-info) in effect on the date of publication of this document.
	Please review these documents carefully, as they describe your rights		Please review these documents carefully, as they describe your rights
	skipping to change at page 3, line 48 ¶		skipping to change at page 3, line 48 ¶
	FROM PKIX-CommonTypes-2009 -- in [RFC5912]		FROM PKIX-CommonTypes-2009 -- in [RFC5912]
	{ iso(1) identified-organization(3) dod(6) internet(1)		{ iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) pkix(7) id-mod(0)		security(5) mechanisms(5) pkix(7) id-mod(0)
	id-mod-pkixCommon-02(57) }		id-mod-pkixCommon-02(57) }
	;		;
	ltans OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)		ltans OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
	dod(6) internet(1) security(5) mechanisms(5) ltans(11) }		dod(6) internet(1) security(5) mechanisms(5) ltans(11) }
	EvidenceRecord ::= SEQUENCE {		EvidenceRecord ::= SEQUENCE {
	version INTEGER { v1(1) } ,		version INTEGER { v1(1) },
	digestAlgorithms SEQUENCE OF AlgorithmIdentifier		digestAlgorithms SEQUENCE OF AlgorithmIdentifier
	{DIGEST-ALGORITHM, {...}},		{DIGEST-ALGORITHM, {...}},
	cryptoInfos [0] CryptoInfos OPTIONAL,		cryptoInfos [0] CryptoInfos OPTIONAL,
	encryptionInfo [1] EncryptionInfo OPTIONAL,		encryptionInfo [1] EncryptionInfo OPTIONAL,
	archiveTimeStampSequence ArchiveTimeStampSequence }		archiveTimeStampSequence ArchiveTimeStampSequence }
	CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute		CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
	ArchiveTimeStamp ::= SEQUENCE {		ArchiveTimeStamp ::= SEQUENCE {
	digestAlgorithm [0] AlgorithmIdentifier		digestAlgorithm [0] AlgorithmIdentifier
	skipping to change at page 4, line 25 ¶		skipping to change at page 4, line 25 ¶
	PartialHashtree ::= SEQUENCE OF OCTET STRING		PartialHashtree ::= SEQUENCE OF OCTET STRING
	Attributes ::= SET SIZE (1..MAX) OF Attribute		Attributes ::= SET SIZE (1..MAX) OF Attribute
	ArchiveTimeStampChain ::= SEQUENCE OF ArchiveTimeStamp		ArchiveTimeStampChain ::= SEQUENCE OF ArchiveTimeStamp
	ArchiveTimeStampSequence ::= SEQUENCE OF ArchiveTimeStampChain		ArchiveTimeStampSequence ::= SEQUENCE OF ArchiveTimeStampChain
	EncryptionInfo ::= SEQUENCE {		EncryptionInfo ::= SEQUENCE {
	encryptionInfoType ENCINFO-TYPE.&id		encryptionInfoType ENCINFO-TYPE.&id
	({SupportedEncryptionAlgorithms}),		({SupportedEncryptionAlgorithms}),
	encryptionInfoValue ENCINFO-TYPE.&Type		encryptionInfoValue ENCINFO-TYPE.&Type
	({SupportedEncryptionAlgorithms}{@encryptionInfoType}) }		({SupportedEncryptionAlgorithms}{@encryptionInfoType}) }
	ENCINFO-TYPE ::= TYPE-IDENTIFIER		ENCINFO-TYPE ::= TYPE-IDENTIFIER
	SupportedEncryptionAlgorithms ENCINFO-TYPE ::= { ... }		SupportedEncryptionAlgorithms ENCINFO-TYPE ::= { ... }
	aa-er-internal ATTRIBUTE ::=		aa-er-internal ATTRIBUTE ::=
	{ TYPE EvidenceRecord IDENTIFIED BY id-aa-er-internal }		{ TYPE EvidenceRecord IDENTIFIED BY id-aa-er-internal }
	id-aa-er-internal OBJECT IDENTIFIER ::= { iso(1) member-body(2)		id-aa-er-internal OBJECT IDENTIFIER ::= { iso(1) member-body(2)
	us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }		us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
	aa-er-external ATTRIBUTE ::=		aa-er-external ATTRIBUTE ::=
	{ TYPE EvidenceRecord IDENTIFIED BY id-aa-er-external }		{ TYPE EvidenceRecord IDENTIFIED BY id-aa-er-external }
	id-aa-er-external OBJECT IDENTIFIER ::= { iso(1) member-body(2)		id-aa-er-external OBJECT IDENTIFIER ::= { iso(1) member-body(2)
	us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }		us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
	ERSAttrSet ATTRIBUTE ::= { aa-er-internal | aa-er-external, ... }		ERSAttrSet ATTRIBUTE ::= { aa-er-internal | aa-er-external, ... }
	Attribute ::= AttributeSet{{ERSAttrSet}}		Attribute ::= AttributeSet {{ERSAttrSet}}
	END		END
	<CODE ENDS>		<CODE ENDS>
	3. ASN.1 Module for RFC 5276		3. ASN.1 Module for RFC 5276
	<CODE BEGINS>		<CODE BEGINS>
	LTANS-SCVP-EXTENSION-2021		LTANS-SCVP-EXTENSION-2021
	{ iso(1) identified-organization(3) dod(6) internet(1)		{ iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) ltans(11) id-mod(0)		security(5) mechanisms(5) ltans(11) id-mod(0)
	id-mod-ers-scvp(5) id-mod-ers-scvp-v2(2) }		id-mod-ers-scvp(5) id-mod-ers-scvp-v2(2) }
	DEFINITIONS IMPLICIT TAGS ::=		DEFINITIONS IMPLICIT TAGS ::=
	BEGIN		BEGIN
	EXPORTS ALL;		EXPORTS ALL;
	IMPORTS		IMPORTS
	id-swb, CertBundle, WANT-BACK, AllWantBacks		id-swb, CertBundle, WANT-BACK, AllWantBacks
	FROM SCVP-2009 -- in [RFC5912]		FROM SCVP-2009 -- in [RFC5912]
	skipping to change at page 5, line 35 ¶		skipping to change at page 5, line 35 ¶
	EvidenceRecord		EvidenceRecord
	FROM ERS-2021 -- in [ThisRFC]		FROM ERS-2021 -- in [ThisRFC]
	{ iso(1) identified-organization(3) dod(6) internet(1)		{ iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) ltans(11) id-mod(0)		security(5) mechanisms(5) ltans(11) id-mod(0)
	id-mod-ers(1) id-mod-ers-v2(2) }		id-mod-ers(1) id-mod-ers-v2(2) }
	;		;
	EvidenceRecordWantBack ::= SEQUENCE {		EvidenceRecordWantBack ::= SEQUENCE {
	targetWantBack WANT-BACK.&id ({ExpandedWantBacks}),		targetWantBack WANT-BACK.&id ({ExpandedWantBacks}),
	evidenceRecord EvidenceRecord OPTIONAL }		evidenceRecord EvidenceRecord OPTIONAL }
	EvidenceRecordWantBacks ::= SEQUENCE SIZE (1..MAX) OF		EvidenceRecordWantBacks ::= SEQUENCE SIZE (1..MAX) OF
	EvidenceRecordWantBack		EvidenceRecordWantBack
	EvidenceRecords ::= SEQUENCE SIZE (1..MAX) OF EvidenceRecord		EvidenceRecords ::= SEQUENCE SIZE (1..MAX) OF EvidenceRecord
	ExpandedWantBacks WANT-BACK ::= { AllWantBacks |		ExpandedWantBacks WANT-BACK ::= { AllWantBacks |
	NewWantBacks |		NewWantBacks |
	ERSWantBacks, ... }		ERSWantBacks, ... }
	NewWantBacks WANT-BACK ::= { swb-partial-cert-path, ... }		NewWantBacks WANT-BACK ::= { swb-partial-cert-path, ... }
	swb-partial-cert-path WANT-BACK ::=		swb-partial-cert-path WANT-BACK ::=
	{ CertBundle IDENTIFIED BY id-swb-partial-cert-path }		{ CertBundle IDENTIFIED BY id-swb-partial-cert-path }
	id-swb-partial-cert-path OBJECT IDENTIFIER ::= {id-swb 15 }		id-swb-partial-cert-path OBJECT IDENTIFIER ::= { id-swb 15 }
	ERSWantBacks WANT-BACK ::= { swb-ers-pkc-cert |		ERSWantBacks WANT-BACK ::= { swb-ers-pkc-cert |
	swb-ers-best-cert-path |		swb-ers-best-cert-path |
	swb-ers-partial-cert-path |		swb-ers-partial-cert-path |
	swb-ers-revocation-info |		swb-ers-revocation-info |
	swb-ers-all, ... }		swb-ers-all, ... }
	swb-ers-pkc-cert WANT-BACK ::=		swb-ers-pkc-cert WANT-BACK ::=
	{ EvidenceRecord IDENTIFIED BY id-swb-ers-pkc-cert }		{ EvidenceRecord IDENTIFIED BY id-swb-ers-pkc-cert }
	id-swb-ers-pkc-cert OBJECT IDENTIFIER ::= {id-swb 16 }		id-swb-ers-pkc-cert OBJECT IDENTIFIER ::= { id-swb 16 }
	swb-ers-best-cert-path WANT-BACK ::=		swb-ers-best-cert-path WANT-BACK ::=
	{ EvidenceRecord IDENTIFIED BY id-swb-ers-best-cert-path }		{ EvidenceRecord IDENTIFIED BY id-swb-ers-best-cert-path }
	id-swb-ers-best-cert-path OBJECT IDENTIFIER ::= {id-swb 17 }		id-swb-ers-best-cert-path OBJECT IDENTIFIER ::= { id-swb 17 }
	swb-ers-partial-cert-path WANT-BACK ::=		swb-ers-partial-cert-path WANT-BACK ::=
	{ EvidenceRecord IDENTIFIED BY id-swb-ers-partial-cert-path }		{ EvidenceRecord IDENTIFIED BY id-swb-ers-partial-cert-path }
	id-swb-ers-partial-cert-path OBJECT IDENTIFIER ::= {id-swb 18 }		id-swb-ers-partial-cert-path OBJECT IDENTIFIER ::= { id-swb 18 }
	swb-ers-revocation-info WANT-BACK ::=		swb-ers-revocation-info WANT-BACK ::=
	{ EvidenceRecords IDENTIFIED BY id-swb-ers-revocation-info }		{ EvidenceRecords IDENTIFIED BY id-swb-ers-revocation-info }
	id-swb-ers-revocation-info OBJECT IDENTIFIER ::= {id-swb 19 }		id-swb-ers-revocation-info OBJECT IDENTIFIER ::= { id-swb 19 }
	swb-ers-all WANT-BACK ::=		swb-ers-all WANT-BACK ::=
	{ EvidenceRecordWantBacks IDENTIFIED BY id-swb-ers-all }		{ EvidenceRecordWantBacks IDENTIFIED BY id-swb-ers-all }
	id-swb-ers-all OBJECT IDENTIFIER ::= {id-swb 20 }		id-swb-ers-all OBJECT IDENTIFIER ::= { id-swb 20 }
	END		END
	<CODE ENDS>		<CODE ENDS>
	4. IANA Considerations		4. IANA Considerations
	IANA is requested to assign two object identifiers from the "SMI		IANA is requested to assign two object identifiers from the "SMI
	Security for LTANS Module Identifier" registry to identify the two		Security for LTANS Module Identifier" registry to identify the two
	ASN.1 modules in this document.		ASN.1 modules in this document.
End of changes. 19 change blocks.
	24 lines changed or deleted		24 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/