| rfc9811v1.txt | rfc9811.txt | |||
|---|---|---|---|---|
| skipping to change at line 144 ¶ | skipping to change at line 144 ¶ | |||
| * Added options for extending the URI structure with further | * Added options for extending the URI structure with further | |||
| segments and defined a new protocol registry group to that aim. | segments and defined a new protocol registry group to that aim. | |||
| 1.2. Changes Made by This Document | 1.2. Changes Made by This Document | |||
| This document obsoletes [RFC6712]. It includes the changes specified | This document obsoletes [RFC6712]. It includes the changes specified | |||
| in Section 3 of [RFC9480], as described in Section 1.1 of this | in Section 3 of [RFC9480], as described in Section 1.1 of this | |||
| document. Additionally, it adds the following changes: | document. Additionally, it adds the following changes: | |||
| * Removed the requirement to support HTTP/1.0 [RFC1945] in | * Removed the requirement to support HTTP/1.0 [RFC1945] in | |||
| accordance with Section 4.1 of [RFC9205]. | accordance with Section 4.1 of RFC 9205 [BCP56]. | |||
| * Implementations MUST forward CMP messages when an HTTP error | * Implementations MUST forward CMP messages when an HTTP error | |||
| status code occurs; see Section 3.1. | status code occurs; see Section 3.1. | |||
| * Removed Section 3.8 of [RFC6712] as it contains information | * Removed Section 3.8 of [RFC6712] as it contains information | |||
| redundant with current HTTP specification. | redundant with current HTTP specification. | |||
| 2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| skipping to change at line 174 ¶ | skipping to change at line 174 ¶ | |||
| SHOULD be utilized for conveying CMP messages. This specification | SHOULD be utilized for conveying CMP messages. This specification | |||
| requires using the POST method (Section 3.1) and the "Content-Type" | requires using the POST method (Section 3.1) and the "Content-Type" | |||
| header field (Section 3.2), which are available since HTTP/1.0 | header field (Section 3.2), which are available since HTTP/1.0 | |||
| [RFC1945]. | [RFC1945]. | |||
| Note: In some situations, CMP requires multiple request/response | Note: In some situations, CMP requires multiple request/response | |||
| pairs to perform a PKI management operation. Their affiliation with | pairs to perform a PKI management operation. Their affiliation with | |||
| a PKI management operation is indicated by a transaction identifier | a PKI management operation is indicated by a transaction identifier | |||
| in the CMP message header (see transactionID described in | in the CMP message header (see transactionID described in | |||
| Section 5.1.1 of [RFC9810]). For details on how to transfer multiple | Section 5.1.1 of [RFC9810]). For details on how to transfer multiple | |||
| requests, see Section 4.11 of [RFC9205]. | requests, see Section 4.11 of RFC 9205 [BCP56]. | |||
| 3.1. General Form | 3.1. General Form | |||
| A DER-encoded [ITU.X690.1994] PKIMessage (Section 5.1 of [RFC9810]) | A DER-encoded [ITU.X690.2021] PKIMessage (Section 5.1 of [RFC9810]) | |||
| MUST be sent as the content of an HTTP POST request. If this HTTP | MUST be sent as the content of an HTTP POST request. If this HTTP | |||
| request is successful, the server returns the CMP response in the | request is successful, the server returns the CMP response in the | |||
| content of the HTTP response. The HTTP response status code in this | content of the HTTP response. The HTTP response status code in this | |||
| case MUST be 200 (OK); other Successful 2xx status codes MUST NOT be | case MUST be 200 (OK); other Successful 2xx status codes MUST NOT be | |||
| used for this purpose. HTTP responses to pushed CMP announcement | used for this purpose. HTTP responses to pushed CMP announcement | |||
| messages described in Section 3.5 utilize the status codes 201 and | messages described in Section 3.5 utilize the status codes 201 and | |||
| 202 to identify whether the received information was processed. | 202 to identify whether the received information was processed. | |||
| While Redirection 3xx status codes MAY be supported by | While Redirection 3xx status codes MAY be supported by | |||
| implementations, clients should only be enabled to automatically | implementations, clients should only be enabled to automatically | |||
| skipping to change at line 371 ¶ | skipping to change at line 371 ¶ | |||
| * the reference for "application/pkixcmp" in the "Media Types" | * the reference for "application/pkixcmp" in the "Media Types" | |||
| registry <https://www.iana.org/assignments/media-types> refers to | registry <https://www.iana.org/assignments/media-types> refers to | |||
| this document, instead of [RFC2510]. | this document, instead of [RFC2510]. | |||
| * the reference for "application/pkixcmp" in the "CoAP Content- | * the reference for "application/pkixcmp" in the "CoAP Content- | |||
| Formats" registry <https://www.iana.org/assignments/core- | Formats" registry <https://www.iana.org/assignments/core- | |||
| parameters> refers to this document, instead of [RFC4210]. | parameters> refers to this document, instead of [RFC4210]. | |||
| * the reference for "cmp" in the "Well-Known URIs" registry | * the reference for "cmp" in the "Well-Known URIs" registry | |||
| <https://www.iana.org/assignments/core-parameters> refers to this | <https://www.iana.org/assignments/well-known-uris/> refers to this | |||
| document instead of [RFC4210]. | document instead of [RFC4210]. | |||
| * the reference for "p" in the "CMP Well-Known URI Path Segments" | * the reference for "p" in the "CMP Well-Known URI Path Segments" | |||
| registry <https://www.iana.org/assignments/cmp> refers to this | registry <https://www.iana.org/assignments/cmp> refers to this | |||
| document instead of [RFC9480]. | document instead of [RFC9480]. | |||
| No further action by IANA is necessary for this document or any | No further action by IANA is necessary for this document or any | |||
| anticipated updates. | anticipated updates. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [ITU.X690.2021] | ||||
| ITU-T, "Information Technology - ASN.1 encoding rules: | ||||
| Specification of Basic Encoding Rules (BER), Canonical | ||||
| Encoding Rules (CER) and Distinguished Encoding Rules | ||||
| (DER)", ITU-T Recommendation X.690, 2021, | ||||
| <https://www.itu.int/rec/T-REC-X.690-202102-I/en>. | ||||
| [RFC1945] Berners-Lee, T., Fielding, R., and H. Frystyk, "Hypertext | [RFC1945] Berners-Lee, T., Fielding, R., and H. Frystyk, "Hypertext | |||
| Transfer Protocol -- HTTP/1.0", RFC 1945, | Transfer Protocol -- HTTP/1.0", RFC 1945, | |||
| DOI 10.17487/RFC1945, May 1996, | DOI 10.17487/RFC1945, May 1996, | |||
| <https://www.rfc-editor.org/info/rfc1945>. | <https://www.rfc-editor.org/info/rfc1945>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, | ||||
| DOI 10.17487/RFC2119, March 1997, | ||||
| <https://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| [RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers | [RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers | |||
| (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, | (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, | |||
| <https://www.rfc-editor.org/info/rfc8615>. | <https://www.rfc-editor.org/info/rfc8615>. | |||
| [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP Semantics", STD 97, RFC 9110, | Ed., "HTTP Semantics", STD 97, RFC 9110, | |||
| DOI 10.17487/RFC9110, June 2022, | DOI 10.17487/RFC9110, June 2022, | |||
| <https://www.rfc-editor.org/info/rfc9110>. | <https://www.rfc-editor.org/info/rfc9110>. | |||
| [RFC9112] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC9112] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112, | Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112, | |||
| June 2022, <https://www.rfc-editor.org/info/rfc9112>. | June 2022, <https://www.rfc-editor.org/info/rfc9112>. | |||
| [RFC9810] Brockhaus, H., von Oheimb, D., Ounsworth, M., and J. Gray, | [RFC9810] Brockhaus, H., von Oheimb, D., Ounsworth, M., and J. Gray, | |||
| "Internet X.509 Public Key Infrastructure -- Certificate | "Internet X.509 Public Key Infrastructure -- Certificate | |||
| Management Protocol (CMP)", RFC 9810, | Management Protocol (CMP)", RFC 9810, | |||
| DOI 10.17487/RFC9810, July 2025, | DOI 10.17487/RFC9810, July 2025, | |||
| <https://www.rfc-editor.org/info/rfc9810>. | <https://www.rfc-editor.org/info/rfc9810>. | |||
| [ITU.X690.1994] | ||||
| ITU-T, "Information Technology - ASN.1 encoding rules: | ||||
| Specification of Basic Encoding Rules (BER), Canonical | ||||
| Encoding Rules (CER) and Distinguished Encoding Rules | ||||
| (DER)", ITU-T Recommendation X.690, 1994, | ||||
| <https://www.itu.int/rec/T-REC-X.690-199407-S/en>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, | ||||
| DOI 10.17487/RFC2119, March 1997, | ||||
| <https://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| 7.2. Informative References | 7.2. Informative References | |||
| [RFC9480] Brockhaus, H., von Oheimb, D., and J. Gray, "Certificate | [BCP56] Best Current Practice 56, | |||
| Management Protocol (CMP) Updates", RFC 9480, | <https://www.rfc-editor.org/info/bcp56>. | |||
| DOI 10.17487/RFC9480, November 2023, | At the time of writing, this BCP comprises the following: | |||
| <https://www.rfc-editor.org/info/rfc9480>. | ||||
| [RFC9483] Brockhaus, H., von Oheimb, D., and S. Fries, "Lightweight | Nottingham, M., "Building Protocols with HTTP", BCP 56, | |||
| Certificate Management Protocol (CMP) Profile", RFC 9483, | RFC 9205, DOI 10.17487/RFC9205, June 2022, | |||
| DOI 10.17487/RFC9483, November 2023, | <https://www.rfc-editor.org/info/rfc9205>. | |||
| <https://www.rfc-editor.org/info/rfc9483>. | ||||
| [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | |||
| Infrastructure Certificate Management Protocols", | Infrastructure Certificate Management Protocols", | |||
| RFC 2510, DOI 10.17487/RFC2510, March 1999, | RFC 2510, DOI 10.17487/RFC2510, March 1999, | |||
| <https://www.rfc-editor.org/info/rfc2510>. | <https://www.rfc-editor.org/info/rfc2510>. | |||
| [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, | [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, | |||
| "Internet X.509 Public Key Infrastructure Certificate | "Internet X.509 Public Key Infrastructure Certificate | |||
| Management Protocol (CMP)", RFC 4210, | Management Protocol (CMP)", RFC 4210, | |||
| DOI 10.17487/RFC4210, September 2005, | DOI 10.17487/RFC4210, September 2005, | |||
| skipping to change at line 468 ¶ | skipping to change at line 466 ¶ | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC9530] Polli, R. and L. Pardue, "Digest Fields", RFC 9530, | ||||
| DOI 10.17487/RFC9530, February 2024, | ||||
| <https://www.rfc-editor.org/info/rfc9530>. | ||||
| [BCP56] Best Current Practice 56, | ||||
| <https://www.rfc-editor.org/info/bcp56>. | ||||
| At the time of writing, this BCP comprises the following: | ||||
| Nottingham, M., "Building Protocols with HTTP", BCP 56, | ||||
| RFC 9205, DOI 10.17487/RFC9205, June 2022, | ||||
| <https://www.rfc-editor.org/info/rfc9205>. | ||||
| [RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)", | [RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)", | |||
| STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022, | STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022, | |||
| <https://www.rfc-editor.org/info/rfc9293>. | <https://www.rfc-editor.org/info/rfc9293>. | |||
| [RFC9480] Brockhaus, H., von Oheimb, D., and J. Gray, "Certificate | ||||
| Management Protocol (CMP) Updates", RFC 9480, | ||||
| DOI 10.17487/RFC9480, November 2023, | ||||
| <https://www.rfc-editor.org/info/rfc9480>. | ||||
| [RFC9483] Brockhaus, H., von Oheimb, D., and S. Fries, "Lightweight | ||||
| Certificate Management Protocol (CMP) Profile", RFC 9483, | ||||
| DOI 10.17487/RFC9483, November 2023, | ||||
| <https://www.rfc-editor.org/info/rfc9483>. | ||||
| [RFC9530] Polli, R. and L. Pardue, "Digest Fields", RFC 9530, | ||||
| DOI 10.17487/RFC9530, February 2024, | ||||
| <https://www.rfc-editor.org/info/rfc9530>. | ||||
| Acknowledgements | Acknowledgements | |||
| The authors wish to thank Tomi Kause and Martin Peylo, the original | The authors wish to thank Tomi Kause and Martin Peylo, the original | |||
| authors of [RFC6712], for their work. | authors of [RFC6712], for their work. | |||
| We also thank all reviewers for their valuable feedback. | We also thank all reviewers for their valuable feedback. | |||
| Authors' Addresses | Authors' Addresses | |||
| Hendrik Brockhaus | Hendrik Brockhaus | |||
| End of changes. 11 change blocks. | ||||
| 40 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||