rfc9811v1.txt | rfc9811.txt | |||
---|---|---|---|---|
skipping to change at line 144 ¶ | skipping to change at line 144 ¶ | |||
* Added options for extending the URI structure with further | * Added options for extending the URI structure with further | |||
segments and defined a new protocol registry group to that aim. | segments and defined a new protocol registry group to that aim. | |||
1.2. Changes Made by This Document | 1.2. Changes Made by This Document | |||
This document obsoletes [RFC6712]. It includes the changes specified | This document obsoletes [RFC6712]. It includes the changes specified | |||
in Section 3 of [RFC9480], as described in Section 1.1 of this | in Section 3 of [RFC9480], as described in Section 1.1 of this | |||
document. Additionally, it adds the following changes: | document. Additionally, it adds the following changes: | |||
* Removed the requirement to support HTTP/1.0 [RFC1945] in | * Removed the requirement to support HTTP/1.0 [RFC1945] in | |||
accordance with Section 4.1 of [RFC9205]. | accordance with Section 4.1 of RFC 9205 [BCP56]. | |||
* Implementations MUST forward CMP messages when an HTTP error | * Implementations MUST forward CMP messages when an HTTP error | |||
status code occurs; see Section 3.1. | status code occurs; see Section 3.1. | |||
* Removed Section 3.8 of [RFC6712] as it contains information | * Removed Section 3.8 of [RFC6712] as it contains information | |||
redundant with current HTTP specification. | redundant with current HTTP specification. | |||
2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
skipping to change at line 174 ¶ | skipping to change at line 174 ¶ | |||
SHOULD be utilized for conveying CMP messages. This specification | SHOULD be utilized for conveying CMP messages. This specification | |||
requires using the POST method (Section 3.1) and the "Content-Type" | requires using the POST method (Section 3.1) and the "Content-Type" | |||
header field (Section 3.2), which are available since HTTP/1.0 | header field (Section 3.2), which are available since HTTP/1.0 | |||
[RFC1945]. | [RFC1945]. | |||
Note: In some situations, CMP requires multiple request/response | Note: In some situations, CMP requires multiple request/response | |||
pairs to perform a PKI management operation. Their affiliation with | pairs to perform a PKI management operation. Their affiliation with | |||
a PKI management operation is indicated by a transaction identifier | a PKI management operation is indicated by a transaction identifier | |||
in the CMP message header (see transactionID described in | in the CMP message header (see transactionID described in | |||
Section 5.1.1 of [RFC9810]). For details on how to transfer multiple | Section 5.1.1 of [RFC9810]). For details on how to transfer multiple | |||
requests, see Section 4.11 of [RFC9205]. | requests, see Section 4.11 of RFC 9205 [BCP56]. | |||
3.1. General Form | 3.1. General Form | |||
A DER-encoded [ITU.X690.1994] PKIMessage (Section 5.1 of [RFC9810]) | A DER-encoded [ITU.X690.2021] PKIMessage (Section 5.1 of [RFC9810]) | |||
MUST be sent as the content of an HTTP POST request. If this HTTP | MUST be sent as the content of an HTTP POST request. If this HTTP | |||
request is successful, the server returns the CMP response in the | request is successful, the server returns the CMP response in the | |||
content of the HTTP response. The HTTP response status code in this | content of the HTTP response. The HTTP response status code in this | |||
case MUST be 200 (OK); other Successful 2xx status codes MUST NOT be | case MUST be 200 (OK); other Successful 2xx status codes MUST NOT be | |||
used for this purpose. HTTP responses to pushed CMP announcement | used for this purpose. HTTP responses to pushed CMP announcement | |||
messages described in Section 3.5 utilize the status codes 201 and | messages described in Section 3.5 utilize the status codes 201 and | |||
202 to identify whether the received information was processed. | 202 to identify whether the received information was processed. | |||
While Redirection 3xx status codes MAY be supported by | While Redirection 3xx status codes MAY be supported by | |||
implementations, clients should only be enabled to automatically | implementations, clients should only be enabled to automatically | |||
skipping to change at line 385 ¶ | skipping to change at line 385 ¶ | |||
registry <https://www.iana.org/assignments/cmp> refers to this | registry <https://www.iana.org/assignments/cmp> refers to this | |||
document instead of [RFC9480]. | document instead of [RFC9480]. | |||
No further action by IANA is necessary for this document or any | No further action by IANA is necessary for this document or any | |||
anticipated updates. | anticipated updates. | |||
7. References | 7. References | |||
7.1. Normative References | 7.1. Normative References | |||
[ITU.X690.2021] | ||||
ITU-T, "Information Technology - ASN.1 encoding rules: | ||||
Specification of Basic Encoding Rules (BER), Canonical | ||||
Encoding Rules (CER) and Distinguished Encoding Rules | ||||
(DER)", ITU-T Recommendation X.690, 2021, | ||||
<https://www.itu.int/rec/T-REC-X.690-202102-I/en>. | ||||
[RFC1945] Berners-Lee, T., Fielding, R., and H. Frystyk, "Hypertext | [RFC1945] Berners-Lee, T., Fielding, R., and H. Frystyk, "Hypertext | |||
Transfer Protocol -- HTTP/1.0", RFC 1945, | Transfer Protocol -- HTTP/1.0", RFC 1945, | |||
DOI 10.17487/RFC1945, May 1996, | DOI 10.17487/RFC1945, May 1996, | |||
<https://www.rfc-editor.org/info/rfc1945>. | <https://www.rfc-editor.org/info/rfc1945>. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
Requirement Levels", BCP 14, RFC 2119, | ||||
DOI 10.17487/RFC2119, March 1997, | ||||
<https://www.rfc-editor.org/info/rfc2119>. | ||||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
[RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers | [RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers | |||
(URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, | (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, | |||
<https://www.rfc-editor.org/info/rfc8615>. | <https://www.rfc-editor.org/info/rfc8615>. | |||
[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
Ed., "HTTP Semantics", STD 97, RFC 9110, | Ed., "HTTP Semantics", STD 97, RFC 9110, | |||
DOI 10.17487/RFC9110, June 2022, | DOI 10.17487/RFC9110, June 2022, | |||
<https://www.rfc-editor.org/info/rfc9110>. | <https://www.rfc-editor.org/info/rfc9110>. | |||
[RFC9112] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC9112] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112, | Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112, | |||
June 2022, <https://www.rfc-editor.org/info/rfc9112>. | June 2022, <https://www.rfc-editor.org/info/rfc9112>. | |||
[RFC9810] Brockhaus, H., von Oheimb, D., Ounsworth, M., and J. Gray, | [RFC9810] Brockhaus, H., von Oheimb, D., Ounsworth, M., and J. Gray, | |||
"Internet X.509 Public Key Infrastructure -- Certificate | "Internet X.509 Public Key Infrastructure -- Certificate | |||
Management Protocol (CMP)", RFC 9810, | Management Protocol (CMP)", RFC 9810, | |||
DOI 10.17487/RFC9810, July 2025, | DOI 10.17487/RFC9810, July 2025, | |||
<https://www.rfc-editor.org/info/rfc9810>. | <https://www.rfc-editor.org/info/rfc9810>. | |||
[ITU.X690.1994] | ||||
ITU-T, "Information Technology - ASN.1 encoding rules: | ||||
Specification of Basic Encoding Rules (BER), Canonical | ||||
Encoding Rules (CER) and Distinguished Encoding Rules | ||||
(DER)", ITU-T Recommendation X.690, 1994, | ||||
<https://www.itu.int/rec/T-REC-X.690-199407-S/en>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
Requirement Levels", BCP 14, RFC 2119, | ||||
DOI 10.17487/RFC2119, March 1997, | ||||
<https://www.rfc-editor.org/info/rfc2119>. | ||||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
7.2. Informative References | 7.2. Informative References | |||
[RFC9480] Brockhaus, H., von Oheimb, D., and J. Gray, "Certificate | [BCP56] Best Current Practice 56, | |||
Management Protocol (CMP) Updates", RFC 9480, | <https://www.rfc-editor.org/info/bcp56>. | |||
DOI 10.17487/RFC9480, November 2023, | At the time of writing, this BCP comprises the following: | |||
<https://www.rfc-editor.org/info/rfc9480>. | ||||
[RFC9483] Brockhaus, H., von Oheimb, D., and S. Fries, "Lightweight | Nottingham, M., "Building Protocols with HTTP", BCP 56, | |||
Certificate Management Protocol (CMP) Profile", RFC 9483, | RFC 9205, DOI 10.17487/RFC9205, June 2022, | |||
DOI 10.17487/RFC9483, November 2023, | <https://www.rfc-editor.org/info/rfc9205>. | |||
<https://www.rfc-editor.org/info/rfc9483>. | ||||
[RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | |||
Infrastructure Certificate Management Protocols", | Infrastructure Certificate Management Protocols", | |||
RFC 2510, DOI 10.17487/RFC2510, March 1999, | RFC 2510, DOI 10.17487/RFC2510, March 1999, | |||
<https://www.rfc-editor.org/info/rfc2510>. | <https://www.rfc-editor.org/info/rfc2510>. | |||
[RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, | [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, | |||
"Internet X.509 Public Key Infrastructure Certificate | "Internet X.509 Public Key Infrastructure Certificate | |||
Management Protocol (CMP)", RFC 4210, | Management Protocol (CMP)", RFC 4210, | |||
DOI 10.17487/RFC4210, September 2005, | DOI 10.17487/RFC4210, September 2005, | |||
skipping to change at line 468 ¶ | skipping to change at line 466 ¶ | |||
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
<https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
[RFC9530] Polli, R. and L. Pardue, "Digest Fields", RFC 9530, | ||||
DOI 10.17487/RFC9530, February 2024, | ||||
<https://www.rfc-editor.org/info/rfc9530>. | ||||
[BCP56] Best Current Practice 56, | ||||
<https://www.rfc-editor.org/info/bcp56>. | ||||
At the time of writing, this BCP comprises the following: | ||||
Nottingham, M., "Building Protocols with HTTP", BCP 56, | ||||
RFC 9205, DOI 10.17487/RFC9205, June 2022, | ||||
<https://www.rfc-editor.org/info/rfc9205>. | ||||
[RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)", | [RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)", | |||
STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022, | STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022, | |||
<https://www.rfc-editor.org/info/rfc9293>. | <https://www.rfc-editor.org/info/rfc9293>. | |||
[RFC9480] Brockhaus, H., von Oheimb, D., and J. Gray, "Certificate | ||||
Management Protocol (CMP) Updates", RFC 9480, | ||||
DOI 10.17487/RFC9480, November 2023, | ||||
<https://www.rfc-editor.org/info/rfc9480>. | ||||
[RFC9483] Brockhaus, H., von Oheimb, D., and S. Fries, "Lightweight | ||||
Certificate Management Protocol (CMP) Profile", RFC 9483, | ||||
DOI 10.17487/RFC9483, November 2023, | ||||
<https://www.rfc-editor.org/info/rfc9483>. | ||||
[RFC9530] Polli, R. and L. Pardue, "Digest Fields", RFC 9530, | ||||
DOI 10.17487/RFC9530, February 2024, | ||||
<https://www.rfc-editor.org/info/rfc9530>. | ||||
Acknowledgements | Acknowledgements | |||
The authors wish to thank Tomi Kause and Martin Peylo, the original | The authors wish to thank Tomi Kause and Martin Peylo, the original | |||
authors of [RFC6712], for their work. | authors of [RFC6712], for their work. | |||
We also thank all reviewers for their valuable feedback. | We also thank all reviewers for their valuable feedback. | |||
Authors' Addresses | Authors' Addresses | |||
Hendrik Brockhaus | Hendrik Brockhaus | |||
End of changes. 10 change blocks. | ||||
39 lines changed or deleted | 39 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |