Diff: rfc9169.original

	rfc9169.original	rfc9169.txt


	Network Working Group R. Housley	Internet Engineering Task Force (IETF) R. Housley
	Internet-Draft Vigil Security	Request for Comments: 9169 Vigil Security
	Intended status: Informational C. Wallace	Category: Informational C. Wallace
	Expires: 27 February 2022 Red Hound Software	ISSN: 2070-1721 Red Hound Software
	26 August 2021	December 2021

	New ASN.1 Modules for the Evidence Record Syntax (ERS)	New ASN.1 Modules for the Evidence Record Syntax (ERS)

	draft-housley-ers-asn1-modules-03

	Abstract	Abstract

	The Evidence Record Syntax (ERS) and the conventions for including	The Evidence Record Syntax (ERS) and the conventions for including
	these evidence records in the Server-based Certificate Validation	these evidence records in the Server-based Certificate Validation
	Protocol (SCVP) are expressed using ASN.1. This document offers	Protocol (SCVP) are expressed using ASN.1. This document offers
	alternative ASN.1 modules that conform to the 2002 version of ASN.1	alternative ASN.1 modules that conform to the 2002 version of ASN.1

	and employ the conventions adopted in RFC 5911, RFC 5912, and RFC	and employ the conventions adopted in RFCs 5911, 5912, and 6268.
	6268. There are no bits-on-the-wire changes to any of the formats;	There are no bits-on-the-wire changes to any of the formats; this is
	this is simply a change to the ASN.1 syntax.	simply a change to the ASN.1 syntax.

	Status of This Memo	Status of This Memo


	This Internet-Draft is submitted in full conformance with the	This document is not an Internet Standards Track specification; it is
	provisions of BCP 78 and BCP 79.	published for informational purposes.

	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.


	Internet-Drafts are draft documents valid for a maximum of six months	This document is a product of the Internet Engineering Task Force
	and may be updated, replaced, or obsoleted by other documents at any	(IETF). It represents the consensus of the IETF community. It has
	time. It is inappropriate to use Internet-Drafts as reference	received public review and has been approved for publication by the
	material or to cite them other than as "work in progress."	Internet Engineering Steering Group (IESG). Not all documents
		approved by the IESG are candidates for any level of Internet
		Standard; see Section 2 of RFC 7841.


	This Internet-Draft will expire on 27 February 2022.	Information about the current status of this document, any errata,
		and how to provide feedback on it may be obtained at
		https://www.rfc-editor.org/info/rfc9169.

	Copyright Notice	Copyright Notice

	Copyright (c) 2021 IETF Trust and the persons identified as the	Copyright (c) 2021 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal

	Provisions Relating to IETF Documents (https://trustee.ietf.org/	Provisions Relating to IETF Documents
	license-info) in effect on the date of publication of this document.	(https://trustee.ietf.org/license-info) in effect on the date of
	Please review these documents carefully, as they describe your rights	publication of this document. Please review these documents
	and restrictions with respect to this document. Code Components	carefully, as they describe your rights and restrictions with respect
	extracted from this document must include Simplified BSD License text	to this document. Code Components extracted from this document must
	as described in Section 4.e of the Trust Legal Provisions and are	include Revised BSD License text as described in Section 4.e of the
	provided without warranty as described in the Simplified BSD License.	Trust Legal Provisions and are provided without warranty as described
		in the Revised BSD License.

	Table of Contents	Table of Contents


	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2	1. Introduction
	2. ASN.1 Module for RFC 4998 . . . . . . . . . . . . . . . . . . 3	2. ASN.1 Module for RFC 4998
	3. ASN.1 Module for RFC 5276 . . . . . . . . . . . . . . . . . . 5	3. ASN.1 Module for RFC 5276
	4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6	4. IANA Considerations
	5. Security Considerations . . . . . . . . . . . . . . . . . . . 7	5. Security Considerations
	6. References . . . . . . . . . . . . . . . . . . . . . . . . . 7	6. References
	6.1. Normative References . . . . . . . . . . . . . . . . . . 7	6.1. Normative References
	6.2. Informative References . . . . . . . . . . . . . . . . . 7	6.2. Informative References
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8	Authors' Addresses

	1. Introduction	1. Introduction

	Some developers would like the IETF to use the latest version of	Some developers would like the IETF to use the latest version of
	ASN.1 in its standards. This document provides alternative ASN.1	ASN.1 in its standards. This document provides alternative ASN.1
	modules to assist in that goal.	modules to assist in that goal.

	The Evidence Record Syntax (ERS) [RFC4998] provides two ASN.1	The Evidence Record Syntax (ERS) [RFC4998] provides two ASN.1

	modules, one using the 1988 syntax [OLD-ASN1], which has been	modules: one using the 1988 syntax [OLD-ASN1], which has been
	deprecated by the ITU-T, and another one using the newer syntax	deprecated by the ITU-T, and another one using the newer syntax
	[NEW-ASN1], which continues to be maintained and enhanced. This	[NEW-ASN1], which continues to be maintained and enhanced. This
	document provides an alternative ASN.1 module that follows the	document provides an alternative ASN.1 module that follows the
	conventions established in [RFC5911], [RFC5912], and [RFC6268].	conventions established in [RFC5911], [RFC5912], and [RFC6268].


	In addition, [RFC5276] specifies the mechanism for conveying Evidence	In addition, [RFC5276] specifies the mechanism for conveying evidence
	Records in the Server-based Certificate Validation Protocol (SCVP)	records in the Server-based Certificate Validation Protocol (SCVP)
	[RFC5055]. There is only one ASN.1 module in [RFC5276], and it uses	[RFC5055]. There is only one ASN.1 module in [RFC5276], and it uses
	the 1988 syntax [OLD-ASN1]. This document provides an alternative	the 1988 syntax [OLD-ASN1]. This document provides an alternative
	ASN.1 module using the newer syntax [NEW-ASN1] and follows the	ASN.1 module using the newer syntax [NEW-ASN1] and follows the
	conventions established in [RFC5911], [RFC5912], and [RFC6268]. Note	conventions established in [RFC5911], [RFC5912], and [RFC6268]. Note
	that [RFC5912] already includes an alternative ASN.1 module for SCVP	that [RFC5912] already includes an alternative ASN.1 module for SCVP
	[RFC5055].	[RFC5055].

	The original ASN.1 modules get some of their definitions from places	The original ASN.1 modules get some of their definitions from places
	outside the RFC series. Some of the referenced definitions are	outside the RFC series. Some of the referenced definitions are
	somewhat difficult to find. The alternative ASN.1 modules offered in	somewhat difficult to find. The alternative ASN.1 modules offered in
	this document stand on their own when combined with the modules in	this document stand on their own when combined with the modules in
	[RFC5911], [RFC5912], and [RFC6268].	[RFC5911], [RFC5912], and [RFC6268].


	The alternative ASN.1 modules produce the same bits-on-the wire as	The alternative ASN.1 modules produce the same bits on the wire as
	the original ones.	the original ones.

	The alternative ASN.1 modules are informative; the original ones are	The alternative ASN.1 modules are informative; the original ones are
	normative.	normative.

	2. ASN.1 Module for RFC 4998	2. ASN.1 Module for RFC 4998

	<CODE BEGINS>	<CODE BEGINS>
	ERS-2021	ERS-2021
	{ iso(1) identified-organization(3) dod(6) internet(1)	{ iso(1) identified-organization(3) dod(6) internet(1)

	skipping to change at page 5, line 27 ¶	skipping to change at line 209 ¶

	IMPORTS	IMPORTS

	id-swb, CertBundle, WANT-BACK, AllWantBacks	id-swb, CertBundle, WANT-BACK, AllWantBacks
	FROM SCVP-2009 -- in [RFC5912]	FROM SCVP-2009 -- in [RFC5912]
	{ iso(1) identified-organization(3) dod(6) internet(1)	{ iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) pkix(7) id-mod(0)	security(5) mechanisms(5) pkix(7) id-mod(0)
	id-mod-scvp-02(52) }	id-mod-scvp-02(52) }

	EvidenceRecord	EvidenceRecord

	FROM ERS-2021 -- in [ThisRFC]	FROM ERS-2021 -- in [RFC9169]
	{ iso(1) identified-organization(3) dod(6) internet(1)	{ iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) ltans(11) id-mod(0)	security(5) mechanisms(5) ltans(11) id-mod(0)
	id-mod-ers(1) id-mod-ers-v2(2) }	id-mod-ers(1) id-mod-ers-v2(2) }
	;	;

	EvidenceRecordWantBack ::= SEQUENCE {	EvidenceRecordWantBack ::= SEQUENCE {
	targetWantBack WANT-BACK.&id ({ExpandedWantBacks}),	targetWantBack WANT-BACK.&id ({ExpandedWantBacks}),
	evidenceRecord EvidenceRecord OPTIONAL }	evidenceRecord EvidenceRecord OPTIONAL }

	EvidenceRecordWantBacks ::= SEQUENCE SIZE (1..MAX) OF	EvidenceRecordWantBacks ::= SEQUENCE SIZE (1..MAX) OF

	skipping to change at page 6, line 40 ¶	skipping to change at line 271 ¶
	swb-ers-all WANT-BACK ::=	swb-ers-all WANT-BACK ::=
	{ EvidenceRecordWantBacks IDENTIFIED BY id-swb-ers-all }	{ EvidenceRecordWantBacks IDENTIFIED BY id-swb-ers-all }

	id-swb-ers-all OBJECT IDENTIFIER ::= { id-swb 20 }	id-swb-ers-all OBJECT IDENTIFIER ::= { id-swb 20 }

	END	END
	<CODE ENDS>	<CODE ENDS>

	4. IANA Considerations	4. IANA Considerations


	IANA is requested to assign two object identifiers from the "SMI	IANA has assigned two object identifiers from the "SMI Security for
	Security for LTANS Module Identifier" registry to identify the two	LTANS Module Identifier" registry to identify the two ASN.1 modules
	ASN.1 modules in this document.	in this document.

	The assignment of these object identifiers is requested:


	1.3.6.1.5.5.11.0.1.2 id-mod-ers-v2 [ThisRFC]	The following object identifiers have been assigned:


	1.3.6.1.5.5.11.0.5.2 id-mod-ers-scvp-v2 [ThisRFC]	+======================+====================+===========+
		\| OID Value \| Description \| Reference \|
		+======================+====================+===========+
		\| 1.3.6.1.5.5.11.0.1.2 \| id-mod-ers-v2 \| RFC 9169 \|
		+----------------------+--------------------+-----------+
		\| 1.3.6.1.5.5.11.0.5.2 \| id-mod-ers-scvp-v2 \| RFC 9169 \|
		+----------------------+--------------------+-----------+


	{{{ RFC Editor: Please replace [ThisRFC] with the number	Table 1: IANA Object Identifiers
	assigned to this document. }}}

	5. Security Considerations	5. Security Considerations

	Please see the security considerations in [RFC4998] and [RFC5276].	Please see the security considerations in [RFC4998] and [RFC5276].
	This document makes no changes to the security considerations in	This document makes no changes to the security considerations in

	those documents. The ASN.1 modules in this document preserve bits-	those documents. The ASN.1 modules in this document preserve bits on
	on-the-wire as the ASN.1 modules that they replace.	the wire as the ASN.1 modules that they replace.

	6. References	6. References

	6.1. Normative References	6.1. Normative References

	[NEW-ASN1] ITU-T, "Information technology -- Abstract Syntax Notation	[NEW-ASN1] ITU-T, "Information technology -- Abstract Syntax Notation
	One (ASN.1): Specification of basic notation", ITU-T	One (ASN.1): Specification of basic notation", ITU-T

	Recommendation X.680, ISO/IEC 8824-1:2015, August 2015,	Recommendation X.680, ISO/IEC 8824-1:2021, February 2021,
	<https://www.itu.int/rec/T-REC-X.680-201508-I/en>.	<https://www.itu.int/rec/T-REC-X.680>.

	[RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence	[RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence
	Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998,	Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998,
	August 2007, <https://www.rfc-editor.org/info/rfc4998>.	August 2007, <https://www.rfc-editor.org/info/rfc4998>.

	[RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W.	[RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W.
	Polk, "Server-Based Certificate Validation Protocol	Polk, "Server-Based Certificate Validation Protocol
	(SCVP)", RFC 5055, DOI 10.17487/RFC5055, December 2007,	(SCVP)", RFC 5055, DOI 10.17487/RFC5055, December 2007,
	<https://www.rfc-editor.org/info/rfc5055>.	<https://www.rfc-editor.org/info/rfc5055>.


	skipping to change at page 8, line 14 ¶	skipping to change at line 344 ¶

	[OLD-ASN1] CCITT, "Specification of Abstract Syntax Notation One	[OLD-ASN1] CCITT, "Specification of Abstract Syntax Notation One
	(ASN.1)", CCITT Recommendation X.208, November 1988,	(ASN.1)", CCITT Recommendation X.208, November 1988,
	<https://www.itu.int/rec/T-REC-X.208/en>.	<https://www.itu.int/rec/T-REC-X.208/en>.

	Authors' Addresses	Authors' Addresses

	Russ Housley	Russ Housley
	Vigil Security, LLC	Vigil Security, LLC
	516 Dranesville Road	516 Dranesville Road

	Herndon, VA, 20170	Herndon, VA 20170
	United States of America	United States of America

	Email: housley@vigilsec.com	Email: housley@vigilsec.com

	Carl Wallace	Carl Wallace
	Red Hound Software, Inc.	Red Hound Software, Inc.

	5112 27th St. N.	5112 27th St. N
	Arlington, VA, 22207	Arlington, VA 22207
	United States of America	United States of America

	Email: carl@redhoundsoftware.com	Email: carl@redhoundsoftware.com

End of changes. 20 change blocks.
	58 lines changed or deleted	60 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/