[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one more SCEP draft 19, getNextCA question

To: Arkadius Litwinczuk <arkadius.litwinczuk@xxxxxx>
Subject: Re: one more SCEP draft 19, getNextCA question
From: max pritikin <pritikin@xxxxxxxxx>
Date: Wed, 7 Oct 2009 19:42:46 -0500
Authentication-results: sj-iport-2.cisco.com; dkim=pass (signature verified [TEST]) header.i=pritikin@xxxxxxxxx
Cc: scep@xxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=pritikin@xxxxxxxxx; l=2709; q=dns/txt; s=sjiport02001; t=1254963256; x=1256172856; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20max=20pritikin=20<pritikin@xxxxxxxxx>|Subject: =20Re:=20one=20more=20SCEP=20draft=2019,=20getNextCA=20qu estion|Date:=20Wed,=207=20Oct=202009=2019:42:46=20-0500 |Message-Id:=20<FF95E142-B7A3-45B6-8FA1-CABDF04E3BAD@cisc o.com>|To:=20Arkadius=20Litwinczuk=20<arkadius.litwinczuk @db.com>|Cc:=20scep@xxxxxxxx|Mime-Version:=201.0=20(Apple =20Message=20framework=20v936)|Content-Transfer-Encoding: =20quoted-printable|In-Reply-To:=20<OF48964791.ADCB229B-O NC1257648.003B2933-C1257648.003F1AAA@xxxxxx>|References: =20<OF48964791.ADCB229B-ONC1257648.003B2933-C1257648.003F 1AAA@xxxxxx>; bh=La7erY/KT+AgAYfoqef9ScLiDL2vQTa7fgJB53c5bnI=; b=dN4S1wpC96YZfyUfV7juV3VBmnjltFOcTrbRgcQhG957xdKBwHpTejM2 pCCew8etpTZ+S2cvq5dO6U7Awar6N3UModT55o6mw+pJdzKkF+jUMDpcq NIHOezXycDjoFQuA19LQg3OjsRhi7ESuWlY9irLMXLrAKojTNe6koi7Xl E=;
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2709; t=1254962567; x=1255826567; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=pritikin@xxxxxxxxx; z=From:=20max=20pritikin=20<pritikin@xxxxxxxxx> |Subject:=20Re=3A=20one=20more=20SCEP=20draft=2019,=20getNe xtCA=20question |Sender:=20; bh=La7erY/KT+AgAYfoqef9ScLiDL2vQTa7fgJB53c5bnI=; b=ELnpQApU5l3swhJm2P6PCz36CoI0ecMVc0r45AXp5RA7yqYiVy37rv5g6T kqa7Wu5N0ZVNRww07YFMIekP/WNBmN0TKZhAs/C+2P6eiPCge5LC9/gKm9cQ TqOehg7BVd;
In-reply-to: <OF48964791.ADCB229B-ONC1257648.003B2933-C1257648.003F1AAA@xxxxxx>
List-archive: <http://www.vpnc.org/scep/mail-archive/>
List-id: <scep.vpnc.org>
List-unsubscribe: <mailto:scep-request@vpnc.org?body=unsubscribe>
References: <OF48964791.ADCB229B-ONC1257648.003B2933-C1257648.003F1AAA@xxxxxx>
Sender: owner-scep@xxxxxxxxxxxxx



Arkadius,

On Oct 7, 2009, at 6:29 AM, Arkadius Litwinczuk wrote:

Hi Max,
I have an other question regarding the getNextCA operation. Wecleared the MIME type but,

The current draft text indicates "application/x-x509-next-ca-cert" butthe figure erroneously indicated the wrong mime type. I've updatedthis for the next draft.

the current version also does not specify the SCEP messageType doesit ? Is it CertRep so the corresponding decimal 3 ?

Section 5.2.6.1 references the GetNextCACert response definition insection 4.6.1. This in turn clarifies that the response format isequivalent to the CA and RA certificates response which is defined in5.2.1.1.2 which was introduced in 4.1.1.2. A confusing trail butultimately accurate (I think).

There is no indication of the messageType attribute value being set atall; much like how there is none set for GetCACert.

Also I assume that the response
 "Content-Type:application/x-x509-next-ca-certt\n\n"
<BER-encoded SignedData<BER-encoded degenerate PKCS7>>
is also a base64 and DER encoded right? Only to clarify sorry if Imissed something in the draft describing this.

As with the GetCACert response (section 4.1.1.2) this would be abinary response without the base64 encoding.


Does this help answer your questions?

- max

Kind regards,

Arkadius



--
Informationen (einschließlich Pflichtangaben) zu einzelnen,innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen desKonzerns Deutsche Bank finden Sie unter http://www.db.com/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützteInformationen. Wenn Sie nicht der richtige Adressat sind oder dieseE-Mail irrtümlich erhalten haben, informieren Sie bitte sofort denAbsender und vernichten Sie diese E-Mail. Das unerlaubte Kopierensowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
Please refer to http://www.db.com/en/content/eu_disclosures.htm forinformation (including mandatory corporate particulars) on selectedDeutsche Bank branches and group companies registered orincorporated in the European Union. This e-mail may containconfidential and/or privileged information. If you are not theintended recipient (or have received this e-mail in error) pleasenotify the sender immediately and delete this e-mail. Anyunauthorized copying, disclosure or distribution of the material inthis e-mail is strictly forbidden.

References:
- one more SCEP draft 19, getNextCA question
  - From: Arkadius Litwinczuk

Prev by Date: one more SCEP draft 19, getNextCA question
Previous by thread: one more SCEP draft 19, getNextCA question
Index(es):
- Date
- Thread