[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCEP draft 19, getNextCA question / bug report


Arkadius,
Yes, this is an error and it should be "application/x-x509-next-ca- cert".
Note that these two mime types are different with different encodings (they are not interchangeable). I note this since, although "application/x-x509-next-ca-cert" is the correct type, it looks like the IOS implementation expect the erroneous mime type of "application/ x-x509-ca-ra-cert".
We'd like to see this draft get finalized into RFC form soon. We'll likely update the draft to v20 but hopefully that'll be the last one before it is finalized. 

-max

On Sep 24, 2009, at 4:06 AM, Arkadius Litwinczuk wrote:



Hello List ,
I'm a student currently working on the implementation of a automatic root-key roll over for my Diploma work. Implementing the functionality into the open source projects openCA and SSCEP. I wanted to use the SCEP draft 19 "getNextCA" message but I have one problem there, it is ambiguous at : 

5.2.6.1.  GetNextCACert Response


  The response will have a Content-Type of "application/
  x-x509-next-ca-cert".

  The body of this response consists of a SignedData PKCS#7 [RFC2315],
  as defined in Section 4.6.1.
  "Content-Type:application/x-x509-ca-ra-cert\n\n"
  <BER-encoded SignedData<BER-encoded degenerate PKCS7>>

                          GetNextCaCert Example
I guess it's an copy and paste error, but should the response Content-Type be "application/x-x509-next-ca-cert" or a "application/ x-x509-ca-ra-cert" ? Also there is no difference if it's only a CA or a CA and RA in the respond I guess. It's a signed PKCS#7, signed by the CA or RA witha degenerate PKCS7 including the next CA /RA certificates.
Also since this draft expires on October when will be the new draft available ? 

Kind regards from Germany,

Arkadius Litwinczuk

--
Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.db.com/de/content/pflichtangaben.htm . Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.