No. > On 14 Apr 2021, at 11:04, Brian Carpenter <brian.e.carpen...@gmail.com> wrote: > > Is this worth the extra delay? A change like this is hardly editorial & I do > not think we want to wait for a mini last call. I am against any > non-essential change. > > Regards, > Brian Carpenter > (via tiny screen & keyboard) > > On Wed, 14 Apr 2021, 20:27 Esko Dijk, <esko.d...@iotconsultancy.nl > <mailto:esko.d...@iotconsultancy.nl>> wrote: > Hi, > > It would be a good idea to add a practical example of the CSR attributes > response. Is there a particular reason to have an example with very little > content in it i.e. 1 root-level attribute only ? > In RFC 7030: > The structure of the CSR Attributes Response SHOULD, to the greatest > extent possible, reflect the structure of the CSR it is requesting. > > So I would expect to have a data structure that defines for example what > Subject DN attributes the client should include. Or particular choice of > crypto system, signature scheme etc. > Given the amount of confusion around this particular data structure, examples > would be good. Or maybe explain why having a "minimal" CSR attributes > response is a good thing? > I can imagine it is good if the Registrar puts as little as possible > requirements on the Pledge how to structure its CSR and only MUST-have fields > (like ACP related ones?) are indicated. > > Here another example: > > 30 30 06 03 55 04 03 06 03 55 04 05 06 03 55 04 0A 06 08 2A 86 48 CE 3D 04 03 > 02 30 15 06 07 2A 86 48 CE 3D 02 01 31 0A 06 08 2A 86 48 CE 3D 03 01 07 > > SEQUENCE (5 elem) > OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) > OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component) > OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component) > OBJECT IDENTIFIER 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA > algorithm with SHA256) > SEQUENCE (2 elem) > OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key > type) > SET (1 elem) > OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named > elliptic curve) > > Not sure whether this is better or worse, in terms of usage of CSR attributes > in practice. But it is more clear at least from an explanation point of view, > what this data was intended for. > > Esko > > -----Original Message----- > From: Michael Richardson <m...@sandelman.ca <mailto:m...@sandelman.ca>> > Sent: Wednesday, April 14, 2021 01:56 > To: anima@ietf.org <mailto:anima@ietf.org>; la...@ietf.org > <mailto:la...@ietf.org>; Esko Dijk <esko.d...@iotconsultancy.nl > <mailto:esko.d...@iotconsultancy.nl>>; Mudumbai Ranganathan <mra...@gmail.com > <mailto:mra...@gmail.com>> > Cc: priti...@cisco.com <mailto:priti...@cisco.com>; tte+i...@cs.fau.de > <mailto:tte%2bi...@cs.fau.de>; michael.h.behrin...@gmail.com > <mailto:michael.h.behrin...@gmail.com>; kent+i...@watsen.net > <mailto:kent%2bi...@watsen.net> > Subject: AUTH48 request for CSR example > > https://github.com/anima-wg/anima-bootstrap/issues/20 > <https://github.com/anima-wg/anima-bootstrap/issues/20> asks me to provide an > example of a CSR attributes reply. I have one, it looks like: > > obiwan-[files/product/00-D0-E5-F2-00-02](2.6.6) mcr 11413 %openssl asn1parse > -in csrattr.der -inform der > 0:d=0 hl=2 l= 72 cons: SEQUENCE > 2:d=1 hl=2 l= 70 cons: SEQUENCE > 4:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative > Name > 9:d=2 hl=2 l= 63 cons: SET > 11:d=3 hl=2 l= 61 cons: SEQUENCE > 13:d=4 hl=2 l= 59 cons: cont [ 1 ] > 15:d=5 hl=2 l= 57 prim: UTF8STRING > :rfcself+fd739fc23c34401122334455000000...@acp.example.com > <mailto:rfcself%2bfd739fc23c3440112233445500000000...@acp.example.com> > > I don't know if this worth adding. > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] m...@sandelman.ca <mailto:m...@sandelman.ca> http://www.sandelman.ca/ > <http://www.sandelman.ca/> | ruby on rails [ > > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org <mailto:Anima@ietf.org> > https://www.ietf.org/mailman/listinfo/anima > <https://www.ietf.org/mailman/listinfo/anima> > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
