Is this worth the extra delay? A change like this is hardly editorial & I
do not think we want to wait for a mini last call. I am against any
non-essential change.
Regards,
Brian Carpenter
(via tiny screen & keyboard)
On Wed, 14 Apr 2021, 20:27 Esko Dijk, <[email protected]> wrote:
> Hi,
>
> It would be a good idea to add a practical example of the CSR attributes
> response. Is there a particular reason to have an example with very little
> content in it i.e. 1 root-level attribute only ?
> In RFC 7030:
> The structure of the CSR Attributes Response SHOULD, to the greatest
> extent possible, reflect the structure of the CSR it is requesting.
>
> So I would expect to have a data structure that defines for example what
> Subject DN attributes the client should include. Or particular choice of
> crypto system, signature scheme etc.
> Given the amount of confusion around this particular data structure,
> examples would be good. Or maybe explain why having a "minimal" CSR
> attributes response is a good thing?
> I can imagine it is good if the Registrar puts as little as possible
> requirements on the Pledge how to structure its CSR and only MUST-have
> fields (like ACP related ones?) are indicated.
>
> Here another example:
>
> 30 30 06 03 55 04 03 06 03 55 04 05 06 03 55 04 0A 06 08 2A 86 48 CE 3D 04
> 03 02 30 15 06 07 2A 86 48 CE 3D 02 01 31 0A 06 08 2A 86 48 CE 3D 03 01 07
>
> SEQUENCE (5 elem)
> OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
> OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
> OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
> OBJECT IDENTIFIER 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA
> algorithm with SHA256)
> SEQUENCE (2 elem)
> OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key
> type)
> SET (1 elem)
> OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named
> elliptic curve)
>
> Not sure whether this is better or worse, in terms of usage of CSR
> attributes in practice. But it is more clear at least from an explanation
> point of view, what this data was intended for.
>
> Esko
>
> -----Original Message-----
> From: Michael Richardson <[email protected]>
> Sent: Wednesday, April 14, 2021 01:56
> To: [email protected]; [email protected]; Esko Dijk <[email protected]>;
> Mudumbai Ranganathan <[email protected]>
> Cc: [email protected]; [email protected]; [email protected];
> [email protected]
> Subject: AUTH48 request for CSR example
>
> https://github.com/anima-wg/anima-bootstrap/issues/20 asks me to provide
> an
> example of a CSR attributes reply. I have one, it looks like:
>
> obiwan-[files/product/00-D0-E5-F2-00-02](2.6.6) mcr 11413 %openssl
> asn1parse -in csrattr.der -inform der
> 0:d=0 hl=2 l= 72 cons: SEQUENCE
> 2:d=1 hl=2 l= 70 cons: SEQUENCE
> 4:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative
> Name
> 9:d=2 hl=2 l= 63 cons: SET
> 11:d=3 hl=2 l= 61 cons: SEQUENCE
> 13:d=4 hl=2 l= 59 cons: cont [ 1 ]
> 15:d=5 hl=2 l= 57 prim: UTF8STRING :
> [email protected]
>
> I don't know if this worth adding.
>
> --
> ] Never tell me the odds! | ipv6 mesh
> networks [
> ] Michael Richardson, Sandelman Software Works | IoT
> architect [
> ] [email protected] http://www.sandelman.ca/ | ruby on
> rails [
>
>
>
>
> _______________________________________________
> Anima mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/anima
>
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
