Update to the Object Identifier Registry for the PKIX Working GroupVigil Security, LLC516 Dranesville RoadHerndonVA20170United States of Americahousley@vigilsec.com
Security
Certificate Request Message FormatCRMFCRMF Registration ControlsAlternate Certificate FormatsRFC 7299 describes the object identifiers that were assigned by the
Public Key Infrastructure using X.509 (PKIX) Working Group in an arc
that was allocated by IANA (1.3.6.1.5.5.7). A small number of object
identifiers that were assigned in RFC 4212 are omitted from RFC 7299,
and this document updates RFC 7299 to correct that oversight.Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
. Introduction
. IANA Considerations
. "SMI Security for PKIX CRMF Registration Controls for Alternate Certificate Formats" Registry
. Security Considerations
. References
. Normative References
. Informative References
Author's Address
IntroductionWhen the Public Key Infrastructure using X.509 (PKIX) Working Group
was chartered, an object identifier arc was allocated by IANA for use by
that working group. After the PKIX Working Group was closed, RFC 7299
was published to describe the
object identifiers that were assigned in that arc. A small number of
object identifiers that were assigned in RFC 4212 are not included in RFC 7299, and this document
corrects that oversight.The PKIX Certificate Management Protocol (CMP) allocated id-regCtrl-altCertTemplate
(1.3.6.1.5.5.7.5.1.7), and then two object identifiers were assigned
within that arc , which were
intended to be used with either PKIX CMP or PKIX Certificate Management over CMS (CMC) .This document describes the object identifiers that were assigned in
that arc, establishes an IANA registry for that arc, and establishes
IANA allocation policies for any future assignments within that arc.IANA ConsiderationsIANA has created a new subregistry."SMI Security for PKIX CRMF Registration Controls for Alternate Certificate Formats" RegistryWithin the "Structure of Management Information (SMI) Numbers (MIB Module Registrations)" registry, IANA has created the "SMI Security for PKIX CRMF
Registration Controls for Alternate Certificate Formats" subregistry (1.3.6.1.5.5.7.5.1.7). The initial contents of this subregistry are as follows:
New SMI Security for PKIX CRMF Registration Controls for Alternate Certificate Formats Subregistry
Decimal
Description
References
1
id-acTemplate
2
id-openPGPCertTemplateExt
Future updates to the registry table are to be made according to the
Specification Required policy defined in . The expert is
expected to ensure that any new values are strongly related to the work
that was done by the PKIX Working Group. In particular, additional object
identifiers should be needed for use with either the PKIX CMP or PKIX CMC to
support alternative certificate formats. Object identifiers for other purposes
should not be assigned in this arc.Security ConsiderationsThis document populates an IANA registry, and it raises no new
security considerations. The protocols that specify these values
include the security considerations associated with their usage.ReferencesNormative ReferencesObject Identifier Registry for the PKIX Working GroupWhen the Public-Key Infrastructure using X.509 (PKIX) Working Group was chartered, an object identifier arc was allocated by IANA for use by that working group. This document describes the object identifiers that were assigned in that arc, returns control of that arc to IANA, and establishes IANA allocation policies for any future assignments within that arc.Guidelines for Writing an IANA Considerations Section in RFCsMany protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.This is the third edition of this document; it obsoletes RFC 5226.Informative ReferencesInternet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides on-line interactions between PKI components, including an exchange between a Certification Authority (CA) and a client system. [STANDARDS-TRACK]Alternative Certificate Formats for the Public-Key Infrastructure Using X.509 (PKIX) Certificate Management ProtocolsThe Public-Key Infrastructure using X.509 (PKIX) Working Group of the Internet Engineering Task Force (IETF) has defined a number of certificate management protocols. These protocols are primarily focused on X.509v3 public-key certificates. However, it is sometimes desirable to manage certificates in alternative formats as well. This document specifies how such certificates may be requested using the Certificate Request Message Format (CRMF) syntax that is used by several different protocols. It also explains how alternative certificate formats may be incorporated into such popular protocols as PKIX Certificate Management Protocol (PKIX-CMP) and Certificate Management Messages over CMS (CMC). This memo provides information for the Internet community.Certificate Management over CMS (CMC)This document defines the base syntax for CMC, a Certificate Management protocol using the Cryptographic Message Syntax (CMS). This protocol addresses two immediate needs within the Internet Public Key Infrastructure (PKI) community:1. The need for an interface to public key certification products and services based on CMS and PKCS #10 (Public Key Cryptography Standard), and2. The need for a PKI enrollment protocol for encryption only keys due to algorithm or hardware design.CMC also requires the use of the transport document and the requirements usage document along with this document for a full definition. [STANDARDS-TRACK]Certificate Management over CMS (CMC): Transport ProtocolsThis document defines a number of transport mechanisms that are used to move CMC (Certificate Management over CMS (Cryptographic Message Syntax)) messages. The transport mechanisms described in this document are HTTP, file, mail, and TCP. [STANDARDS-TRACK]Certificate Management Messages over CMS (CMC): Compliance RequirementsThis document provides a set of compliance statements about the CMC (Certificate Management over CMS) enrollment protocol. The ASN.1 structures and the transport mechanisms for the CMC enrollment protocol are covered in other documents. This document provides the information needed to make a compliant version of CMC. [STANDARDS-TRACK]Certificate Management over CMS (CMC) UpdatesThis document contains a set of updates to the base syntax for CMC, a Certificate Management protocol using the Cryptographic Message Syntax (CMS). This document updates RFC 5272, RFC 5273, and RFC 5274.The new items in this document are: new controls for future work in doing server side key generation, definition of a Subject Information Access value to identify CMC servers, and the registration of a port number for TCP/IP for the CMC service to run on. [STANDARDS-TRACK]Author's AddressVigil Security, LLC516 Dranesville RoadHerndonVA20170United States of Americahousley@vigilsec.com