| rfc9483v3.txt | rfc9483.txt | |||
|---|---|---|---|---|
| skipping to change at line 3922 ¶ | skipping to change at line 3922 ¶ | |||
| | | a Known PKI, Section 4.1.2 | | | | | | | a Known PKI, Section 4.1.2 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | KUR | Updating a Valid | MUST | MAY | MUST | | | KUR | Updating a Valid | MUST | MAY | MUST | | |||
| | | Certificate, Section 4.1.3 | | | | | | | Certificate, Section 4.1.3 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | P10CR | Enrolling an End Entity | MAY | MAY | MAY | | | P10CR | Enrolling an End Entity | MAY | MAY | MAY | | |||
| | | Using a PKCS #10 Request, | | | | | | | Using a PKCS #10 Request, | | | | | |||
| | | Section 4.1.4 | | | | | | | Section 4.1.4 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | MAC | Using MAC-Based Protection | MAY | SHOULD | MAY | | | MAC | Using MAC-Based Protection | MAY | SHOULD | MAY | | |||
| | | for Enrollment, with IR, | | 1) | | | | | for Enrollment (IR, CR, | | 1) | | | |||
| | | CR, and P10CR if | | | | | | | and P10CR if supported), | | | | | |||
| | | supported, Section 4.1.5 | | | | | | | Section 4.1.5 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | CKeyGen | Adding Central Key Pair | MAY | MAY | MAY | | | CKeyGen | Adding Central Key Pair | MAY | MAY | MAY | | |||
| | | Generation to Enrollment, | | | | | | | Generation to Enrollment | | | | | |||
| | | IR, CR, KUR, and P10CR if | | | | | | | (IR, CR, KUR, and P10CR if | | | | | |||
| | | supported, Section 4.1.6 | | | | | | | supported), Section 4.1.6 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | RR | Revoking a Certificate, | SHOULD | SHOULD | SHOULD | | | RR | Revoking a Certificate, | SHOULD | SHOULD | SHOULD | | |||
| | | Section 4.2 | | 2) | 3) | | | | Section 4.2 | | 2) | 3) | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | CACerts | Get CA Certificates, | MAY | MAY | MAY | | | CACerts | Get CA Certificates, | MAY | MAY | MAY | | |||
| | | Section 4.3.1 | | | | | | | Section 4.3.1 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | RootUpd | Get Root CA Certificate | MAY | MAY | MAY | | | RootUpd | Get Root CA Certificate | MAY | MAY | MAY | | |||
| | | Update, Section 4.3.2 | | | | | | | Update, Section 4.3.2 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| skipping to change at line 3983 ¶ | skipping to change at line 3983 ¶ | |||
| | FwdAddS | Forwarding Messages - | N/A | MUST | MUST | | | FwdAddS | Forwarding Messages - | N/A | MUST | MUST | | |||
| | | Adding Protection to a | | | | | | | Adding Protection to a | | | | | |||
| | | Request Message, | | | | | | | Request Message, | | | | | |||
| | | Section 5.2.2.1 | | | | | | | Section 5.2.2.1 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | FwdAddB | Forwarding Messages - | N/A | MAY | MAY | | | FwdAddB | Forwarding Messages - | N/A | MAY | MAY | | |||
| | | Batching Messages, | | | | | | | Batching Messages, | | | | | |||
| | | Section 5.2.2.2 | | | | | | | Section 5.2.2.2 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | FwdReqKP | Forwarding Messages - Not | N/A | SHOULD | N/A | | | FwdReqKP | Forwarding Messages - Not | N/A | SHOULD | N/A | | |||
| | | Changing | | 1) | | | | | Changing Proof-of- | | 1) | | | |||
| | | Proof-of-Possession, | | | | | | | Possession, | | | | | |||
| | | Section 5.2.3.1 | | | | | | | Section 5.2.3.1 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | FwdReqBP | Forwarding Messages - | N/A | MAY | MAY | | | FwdReqBP | Forwarding Messages - | N/A | MAY | MAY | | |||
| | | Using raVerified, | | | | | | | Using raVerified, | | | | | |||
| | | Section 5.2.3.2 | | | | | | | Section 5.2.3.2 | | | | | |||
| +----------+-----------------------------+--------+--------+--------+ | +----------+-----------------------------+--------+--------+--------+ | |||
| | CertROnB | Acting on Behalf of Other | N/A | MAY | N/A | | | CertROnB | Acting on Behalf of Other | N/A | MAY | N/A | | |||
| | | PKI Entities - Requesting | | | | | | | PKI Entities - Requesting | | | | | |||
| | | a Certificate, | | | | | | | a Certificate, | | | | | |||
| | | Section 5.3.1 | | | | | | | Section 5.3.1 | | | | | |||
| skipping to change at line 4060 ¶ | skipping to change at line 4060 ¶ | |||
| +---------+-----------------------+--------+--------+--------+ | +---------+-----------------------+--------+--------+--------+ | |||
| Table 4: Level of Support for Message Transfer Types | Table 4: Level of Support for Message Transfer Types | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| IANA has registered the following content in the "CMP Well-Known URI | IANA has registered the following content in the "CMP Well-Known URI | |||
| Path Segments" registry (see <https://www.iana.org/assignments/cmp>), | Path Segments" registry (see <https://www.iana.org/assignments/cmp>), | |||
| as defined in [RFC8615]. | as defined in [RFC8615]. | |||
| +====================+===============================+===========+ | +====================+==========================+===============+ | |||
| | Path Segment | Description | Reference | | | Path Segment | Description | Reference | | |||
| +====================+===============================+===========+ | +====================+==========================+===============+ | |||
| | initialization | Enrolling an End Entity to a | RFC 9483 | | | initialization | Enrolling an End Entity | RFC 9483, | | |||
| | | New PKI over HTTP | | | | | to a New PKI over HTTP | Section 4.1.1 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | certification | Enrolling an End Entity to a | RFC 9483 | | | certification | Enrolling an End Entity | RFC 9483, | | |||
| | | Known PKI over HTTP | | | | | to a Known PKI over HTTP | Section 4.1.2 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | keyupdate | Updating a Valid Certificate | RFC 9483 | | | keyupdate | Updating a Valid | RFC 9483, | | |||
| | | over HTTP | | | | | Certificate over HTTP | Section 4.1.3 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | pkcs10 | Enrolling an End Entity Using | RFC 9483 | | | pkcs10 | Enrolling an End Entity | RFC 9483, | | |||
| | | a PKCS #10 Request over HTTP | | | | | Using a PKCS #10 Request | Section 4.1.4 | | |||
| +--------------------+-------------------------------+-----------+ | | | over HTTP | | | |||
| | revocation | Revoking a Certificate over | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| | | HTTP | | | | revocation | Revoking a Certificate | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | over HTTP | Section 4.2 | | |||
| | getcacerts | Get CA Certificates over HTTP | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| +--------------------+-------------------------------+-----------+ | | getcacerts | Get CA Certificates over | RFC 9483, | | |||
| | getrootupdate | Get Root CA Certificate | RFC 9483 | | | | HTTP | Section 4.3.1 | | |||
| | | Update over HTTP | | | +--------------------+--------------------------+---------------+ | |||
| +--------------------+-------------------------------+-----------+ | | getrootupdate | Get Root CA Certificate | RFC 9483, | | |||
| | getcertreqtemplate | Get Certificate Request | RFC 9483 | | | | Update over HTTP | Section 4.3.2 | | |||
| | | Template over HTTP | | | +--------------------+--------------------------+---------------+ | |||
| +--------------------+-------------------------------+-----------+ | | getcertreqtemplate | Get Certificate Request | RFC 9483, | | |||
| | getcrls | CRL Update Retrieval over | RFC 9483 | | | | Template over HTTP | Section 4.3.3 | | |||
| | | HTTP | | | +--------------------+--------------------------+---------------+ | |||
| +--------------------+-------------------------------+-----------+ | | getcrls | CRL Update Retrieval | RFC 9483, | | |||
| | nested | Batching Messages over HTTP | RFC 9483 | | | | over HTTP | Section 4.3.4 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | ir | Enrolling an End Entity to a | RFC 9483 | | | nested | Batching Messages over | RFC 9483, | | |||
| | | New PKI over CoAP | | | | | HTTP | Section | | |||
| +--------------------+-------------------------------+-----------+ | | | | 5.2.2.2 | | |||
| | cr | Enrolling an End Entity to a | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| | | Known PKI over CoAP | | | | ir | Enrolling an End Entity | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | to a New PKI over CoAP | Section 4.1.1 | | |||
| | kur | Updating a Valid Certificate | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| | | over CoAP | | | | cr | Enrolling an End Entity | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | to a Known PKI over CoAP | Section 4.1.2 | | |||
| | p10 | Enrolling an End Entity Using | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| | | a PKCS #10 Request over CoAP | | | | kur | Updating a Valid | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | Certificate over CoAP | Section 4.1.3 | | |||
| | rr | Revoking a Certificate over | RFC 9483 | | +--------------------+--------------------------+---------------+ | |||
| | | CoAP | | | | p10 | Enrolling an End Entity | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | Using a PKCS #10 Request | Section 4.1.4 | | |||
| | crts | Get CA Certificates over CoAP | RFC 9483 | | | | over CoAP | | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | rcu | Get Root CA Certificate | RFC 9483 | | | rr | Revoking a Certificate | RFC 9483, | | |||
| | | Update over CoAP | | | | | over CoAP | Section 4.2 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | att | Get Certificate Request | RFC 9483 | | | crts | Get CA Certificates over | RFC 9483, | | |||
| | | Template over CoAP | | | | | CoAP | Section 4.3.1 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | crls | CRL Update Retrieval over | RFC 9483 | | | rcu | Get Root CA Certificate | RFC 9483, | | |||
| | | CoAP | | | | | Update over CoAP | Section 4.3.2 | | |||
| +--------------------+-------------------------------+-----------+ | +--------------------+--------------------------+---------------+ | |||
| | nest | Batching Messages over CoAP | RFC 9483 | | | att | Get Certificate Request | RFC 9483, | | |||
| +--------------------+-------------------------------+-----------+ | | | Template over CoAP | Section 4.3.3 | | |||
| +--------------------+--------------------------+---------------+ | ||||
| | crls | CRL Update Retrieval | RFC 9483, | | ||||
| | | over CoAP | Section 4.3.4 | | ||||
| +--------------------+--------------------------+---------------+ | ||||
| | nest | Batching Messages over | RFC 9483, | | ||||
| | | CoAP | Section | | ||||
| | | | 5.2.2.2 | | ||||
| +--------------------+--------------------------+---------------+ | ||||
| Table 5: New "CMP Well-Known URI Path Segments" Registry Entries | Table 5: New "CMP Well-Known URI Path Segments" Registry Entries | |||
| 9. Security Considerations | 9. Security Considerations | |||
| The security considerations laid out in CMP [RFC4210] and updated by | The security considerations laid out in CMP [RFC4210] and updated by | |||
| CMP Updates [RFC9480], CMP Algorithms [RFC9481], CRMF [RFC4211], | CMP Updates [RFC9480], CMP Algorithms [RFC9481], CRMF [RFC4211], | |||
| Algorithm Requirements Update [RFC9045], CMP over HTTP [RFC6712], and | Algorithm Requirements Update [RFC9045], CMP over HTTP [RFC6712], and | |||
| CMP over CoAP [RFC9482] apply. | CMP over CoAP [RFC9482] apply. | |||
| End of changes. 4 change blocks. | ||||
| 67 lines changed or deleted | 75 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||