rfc9158.original   rfc9158.txt 
Network Working Group R. Housley Internet Engineering Task Force (IETF) R. Housley
Internet-Draft Vigil Security Request for Comments: 9158 Vigil Security
Updates: 7299 (if approved) 7 October 2021 Updates: 7299 November 2021
Intended status: Informational Category: Informational
Expires: 10 April 2022 ISSN: 2070-1721
Update to the Object Identifier Registry for the PKIX Working Group Update to the Object Identifier Registry for the PKIX Working Group
draft-ietf-lamps-rfc7299-update-02
Abstract Abstract
RFC 7299 describes the object identifiers that were assigned by RFC 7299 describes the object identifiers that were assigned by the
Public-Key Infrastructure using X.509 (PKIX) Working Group in an arc Public Key Infrastructure using X.509 (PKIX) Working Group in an arc
that was allocated by IANA (1.3.6.1.5.5.7). A small number of object that was allocated by IANA (1.3.6.1.5.5.7). A small number of object
identifiers that were assigned in RFC 4212 are omitted from RFC 7299, identifiers that were assigned in RFC 4212 are omitted from RFC 7299,
and this document updates RFC 7299 to correct that oversight. and this document updates RFC 7299 to correct that oversight.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on 10 April 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9158.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Simplified BSD License text to this document. Code Components extracted from this document must
as described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Simplified BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 2 2. IANA Considerations
2.1. "SMI Security for PKIX CRMF Registration Controls for 2.1. "SMI Security for PKIX CRMF Registration Controls for
Alternate Certificate Formats" Registry . . . . . . . . . 2 Alternate Certificate Formats" Registry
3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 3. Security Considerations
4. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. References
4.1. Normative References . . . . . . . . . . . . . . . . . . 3 4.1. Normative References
4.2. Informative References . . . . . . . . . . . . . . . . . 3 4.2. Informative References
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 Author's Address
1. Introduction 1. Introduction
When the Public-Key Infrastructure using X.509 (PKIX) Working Group When the Public Key Infrastructure using X.509 (PKIX) Working Group
was chartered, an object identifier arc was allocated by IANA for use was chartered, an object identifier arc was allocated by IANA for use
by that working group. After the PKIX Working Group was closed, by that working group. After the PKIX Working Group was closed, RFC
[RFC7299] was published to describe the object identifiers that were 7299 [RFC7299] was published to describe the object identifiers that
assigned in that arc. A small number of object identifiers that were were assigned in that arc. A small number of object identifiers that
assigned in RFC 4212 [RFC4212] are not included in RFC 7299, and this were assigned in RFC 4212 [RFC4212] are not included in RFC 7299, and
document corrects that oversight. this document corrects that oversight.
The PKIX Certificate Management Protocol (CMP) [RFC4210] allocated The PKIX Certificate Management Protocol (CMP) [RFC4210] allocated
id-regCtrl-altCertTemplate (1.3.6.1.5.5.7.5.1.7), and then two object id-regCtrl-altCertTemplate (1.3.6.1.5.5.7.5.1.7), and then two object
identifiers were assigned within that arc [RFC4212], which were identifiers were assigned within that arc [RFC4212], which were
intended to be used with either PKIX CMP [RFC4210] or PKIX intended to be used with either PKIX CMP [RFC4210] or PKIX
Certificate Management over CMS (CMC) [RFC5272] [RFC5273] [RFC5274] Certificate Management over CMS (CMC) [RFC5272] [RFC5273] [RFC5274]
[RFC6402]. [RFC6402].
This document describes the object identifiers that were assigned in This document describes the object identifiers that were assigned in
that arc, established an IANA registry for that arc, and establishes that arc, establishes an IANA registry for that arc, and establishes
IANA allocation policies for any future assignments within that arc. IANA allocation policies for any future assignments within that arc.
2. IANA Considerations 2. IANA Considerations
IANA is asked to create one additional registry table. IANA has created a new subregistry.
2.1. "SMI Security for PKIX CRMF Registration Controls for Alternate 2.1. "SMI Security for PKIX CRMF Registration Controls for Alternate
Certificate Formats" Registry Certificate Formats" Registry
Within the SMI-numbers registry, an "SMI Security for PKIX CRMF Within the "Structure of Management Information (SMI) Numbers (MIB
Registration Controls for Alternate Certificate Formats Module Registrations)" registry, IANA has created the "SMI Security
(1.3.6.1.5.5.7.5.1.7)" table with three columns has been added: for PKIX CRMF Registration Controls for Alternate Certificate
Formats" subregistry (1.3.6.1.5.5.7.5.1.7). The initial contents of
this subregistry are as follows:
Decimal Description References +=========+===========================+============+
------- ------------------------------ ---------- | Decimal | Description | References |
1 id-acTemplate [RFC4212] +=========+===========================+============+
2 id-openPGPCertTemplateExt [RFC4212] | 1 | id-acTemplate | [RFC4212] |
+---------+---------------------------+------------+
| 2 | id-openPGPCertTemplateExt | [RFC4212] |
+---------+---------------------------+------------+
Table 1: New SMI Security for PKIX CRMF
Registration Controls for Alternate Certificate
Formats Subregistry
Future updates to the registry table are to be made according to the Future updates to the registry table are to be made according to the
Specification Required policy as defined in [RFC8126]. The expert is Specification Required policy defined in [RFC8126]. The expert is
expected to ensure that any new values are strongly related to the expected to ensure that any new values are strongly related to the
work that was done by the PKIX Working Group. In particular, work that was done by the PKIX Working Group. In particular,
additional object identifiers should be needed for use with either additional object identifiers should be needed for use with either
the PKIX CMP or PKIX CMC to support alternative certificate formats. the PKIX CMP or PKIX CMC to support alternative certificate formats.
Object identifiers for other purposes should not be assigned in this Object identifiers for other purposes should not be assigned in this
arc. arc.
3. Security Considerations 3. Security Considerations
This document populates an IANA registry, and it raises no new This document populates an IANA registry, and it raises no new
skipping to change at page 4, line 24 skipping to change at line 172
[RFC6402] Schaad, J., "Certificate Management over CMS (CMC) [RFC6402] Schaad, J., "Certificate Management over CMS (CMC)
Updates", RFC 6402, DOI 10.17487/RFC6402, November 2011, Updates", RFC 6402, DOI 10.17487/RFC6402, November 2011,
<https://www.rfc-editor.org/info/rfc6402>. <https://www.rfc-editor.org/info/rfc6402>.
Author's Address Author's Address
Russ Housley Russ Housley
Vigil Security, LLC Vigil Security, LLC
516 Dranesville Road 516 Dranesville Road
Herndon, VA, 20170 Herndon, VA 20170
United States of America United States of America
Email: housley@vigilsec.com Email: housley@vigilsec.com
 End of changes. 17 change blocks. 
52 lines changed or deleted 60 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/