draft-ietf-anima-bootstrapping-keyinfra-38.txt   draft-ietf-anima-bootstrapping-keyinfra-39.txt 
ANIMA WG M. Pritikin ANIMA WG M. Pritikin
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track M. Richardson Intended status: Standards Track M. Richardson
Expires: 12 September 2020 Sandelman Expires: 28 September 2020 Sandelman
T.T.E. Eckert T.T.E. Eckert
Futurewei USA Futurewei USA
M.H. Behringer M.H. Behringer
K.W. Watsen K.W. Watsen
Watsen Networks Watsen Networks
11 March 2020 27 March 2020
Bootstrapping Remote Secure Key Infrastructures (BRSKI) Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-38 draft-ietf-anima-bootstrapping-keyinfra-39
Abstract Abstract
This document specifies automated bootstrapping of an Autonomic This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a Secure Key Infrastructure is Control Plane. To do this a Secure Key Infrastructure is
bootstrapped. This is done using manufacturer-installed X.509 bootstrapped. This is done using manufacturer-installed X.509
certificates, in combination with a manufacturer's authorizing certificates, in combination with a manufacturer's authorizing
service, both online and offline. We call this process the service, both online and offline. We call this process the
Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol.
Bootstrapping a new device can occur using a routable address and a Bootstrapping a new device can occur using a routable address and a
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 12 September 2020. This Internet-Draft will expire on 28 September 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 53, line 11 skipping to change at page 53, line 11
to proceed with EST key management operations. Once a full CA to proceed with EST key management operations. Once a full CA
Certificate Response is obtained it is more authoritative for the Certificate Response is obtained it is more authoritative for the
domain than the limited 'pinned-domain-cert' response. domain than the limited 'pinned-domain-cert' response.
5.7. Pledge BRSKI Status Telemetry 5.7. Pledge BRSKI Status Telemetry
The domain is expected to provide indications to the system The domain is expected to provide indications to the system
administrators concerning device lifecycle status. To facilitate administrators concerning device lifecycle status. To facilitate
this it needs telemetry information concerning the device's status. this it needs telemetry information concerning the device's status.
To indicate pledge status regarding the voucher, the pledge MUST post The pledge MUST indicate its pledge status regarding the voucher. It
a status message to the Registrar. does this by sending a status message to the Registrar.
The posted data media type: application/json The posted data media type: application/json
The client sends an HTTP POST to the server at the URI ".well- The client sends an HTTP POST to the server at the URI ".well-
known/est/voucher_status". known/est/voucher_status".
The format and semantics described below are for version 1. A The format and semantics described below are for version 1. A
version field is included to permit significant changes to this version field is included to permit significant changes to this
feedback in the future. A Registrar that receives a status message feedback in the future. A Registrar that receives a status message
with a version larger than it knows about SHOULD log the contents and with a version larger than it knows about SHOULD log the contents and
skipping to change at page 61, line 45 skipping to change at page 61, line 45
For automated bootstrapping of devices, the administrative elements For automated bootstrapping of devices, the administrative elements
providing bootstrapping also provide indications to the system providing bootstrapping also provide indications to the system
administrators concerning device lifecycle status. This might administrators concerning device lifecycle status. This might
include information concerning attempted bootstrapping messages seen include information concerning attempted bootstrapping messages seen
by the client. The MASA provides logs and status of credential by the client. The MASA provides logs and status of credential
enrollment. [RFC7030] assumes an end user and therefore does not enrollment. [RFC7030] assumes an end user and therefore does not
include a final success indication back to the server. This is include a final success indication back to the server. This is
insufficient for automated use cases. insufficient for automated use cases.
In order to communicate this indicator, the client HTTP POSTs a JSON The client MUST send an indicator to the Registrar about its
dictionary with a number of attributes described below to the new EST enrollment status. It does this by using an HTTP POST of a JSON
dictionary with the of attributes described below to the new EST
endpoint at "/.well-known/est/enrollstatus". endpoint at "/.well-known/est/enrollstatus".
When indicating a successful enrollment the client SHOULD first re- When indicating a successful enrollment the client SHOULD first re-
establish the EST TLS session using the newly obtained credentials. establish the EST TLS session using the newly obtained credentials.
TLS 1.2 supports doing this in-band, but TLS 1.3 does not. The TLS 1.2 supports doing this in-band, but TLS 1.3 does not. The
client SHOULD therefore always close the existing TLS connection, and client SHOULD therefore always close the existing TLS connection, and
start a new one. start a new one.
In the case of a failed enrollment, the client MUST send the In the case of a failed enrollment, the client MUST send the
telemetry information over the same TLS connection that was used for telemetry information over the same TLS connection that was used for
the enrollment attempt, with a Reason string indicating why the most the enrollment attempt, with a Reason string indicating why the most
recent enrollment failed. (For failed attempts, the TLS connection recent enrollment failed. (For failed attempts, the TLS connection
is the most reliable way to correlate server-side information with is the most reliable way to correlate server-side information with
what the client provides.) what the client provides.)
skipping to change at page 90, line 49 skipping to change at page 90, line 49
members, including Adam Roach, Alexey Melnikov, Alissa Cooper, members, including Adam Roach, Alexey Melnikov, Alissa Cooper,
Benjamin Kaduk, Eric Vyncke, Roman Danyliw, and Magnus Westerlund. Benjamin Kaduk, Eric Vyncke, Roman Danyliw, and Magnus Westerlund.
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.ietf-anima-autonomic-control-plane] [I-D.ietf-anima-autonomic-control-plane]
Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic
Control Plane (ACP)", Work in Progress, Internet-Draft, Control Plane (ACP)", Work in Progress, Internet-Draft,
draft-ietf-anima-autonomic-control-plane-22, 3 February draft-ietf-anima-autonomic-control-plane-24, 9 March 2020,
2020, <http://www.ietf.org/internet-drafts/draft-ietf- <http://www.ietf.org/internet-drafts/draft-ietf-anima-
anima-autonomic-control-plane-22.txt>. autonomic-control-plane-24.txt>.
[I-D.ietf-anima-grasp] [I-D.ietf-anima-grasp]
Bormann, C., Carpenter, B., and B. Liu, "A Generic Bormann, C., Carpenter, B., and B. Liu, "A Generic
Autonomic Signaling Protocol (GRASP)", Work in Progress, Autonomic Signaling Protocol (GRASP)", Work in Progress,
Internet-Draft, draft-ietf-anima-grasp-15, 13 July 2017, Internet-Draft, draft-ietf-anima-grasp-15, 13 July 2017,
<http://www.ietf.org/internet-drafts/draft-ietf-anima- <http://www.ietf.org/internet-drafts/draft-ietf-anima-
grasp-15.txt>. grasp-15.txt>.
[IDevID] "IEEE 802.1AR Secure Device Identifier", December 2009, [IDevID] "IEEE 802.1AR Secure Device Identifier", December 2009,
<http://standards.ieee.org/findstds/standard/802.1AR- <http://standards.ieee.org/findstds/standard/802.1AR-
skipping to change at page 95, line 38 skipping to change at page 95, line 38
[I-D.ietf-anima-reference-model] [I-D.ietf-anima-reference-model]
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L.,
and J. Nobre, "A Reference Model for Autonomic and J. Nobre, "A Reference Model for Autonomic
Networking", Work in Progress, Internet-Draft, draft-ietf- Networking", Work in Progress, Internet-Draft, draft-ietf-
anima-reference-model-10, 22 November 2018, anima-reference-model-10, 22 November 2018,
<http://www.ietf.org/internet-drafts/draft-ietf-anima- <http://www.ietf.org/internet-drafts/draft-ietf-anima-
reference-model-10.txt>. reference-model-10.txt>.
[I-D.ietf-netconf-keystore] [I-D.ietf-netconf-keystore]
Watsen, K., "A YANG Data Model for a Keystore", Work in Watsen, K., "A YANG Data Model for a Keystore", Work in
Progress, Internet-Draft, draft-ietf-netconf-keystore-15, Progress, Internet-Draft, draft-ietf-netconf-keystore-16,
20 November 2019, <http://www.ietf.org/internet-drafts/ 8 March 2020, <http://www.ietf.org/internet-drafts/draft-
draft-ietf-netconf-keystore-15.txt>. ietf-netconf-keystore-16.txt>.
[I-D.richardson-anima-state-for-joinrouter] [I-D.richardson-anima-state-for-joinrouter]
Richardson, M., "Considerations for stateful vs stateless Richardson, M., "Considerations for stateful vs stateless
join router in ANIMA bootstrap", Work in Progress, join router in ANIMA bootstrap", Work in Progress,
Internet-Draft, draft-richardson-anima-state-for- Internet-Draft, draft-richardson-anima-state-for-
joinrouter-02, 25 January 2018, <http://www.ietf.org/ joinrouter-02, 25 January 2018, <http://www.ietf.org/
internet-drafts/draft-richardson-anima-state-for- internet-drafts/draft-richardson-anima-state-for-
joinrouter-02.txt>. joinrouter-02.txt>.
[imprinting] [imprinting]
skipping to change at page 108, line 6 skipping to change at page 108, line 6
unwrapped before processing. unwrapped before processing.
C.2.1. Pledge to Registrar C.2.1. Pledge to Registrar
As described in Section 5.2, the pledge will sign a pledge voucher- As described in Section 5.2, the pledge will sign a pledge voucher-
request containing the registrar's public key in the proximity- request containing the registrar's public key in the proximity-
registrar-cert field. The base64 has been wrapped at 60 characters registrar-cert field. The base64 has been wrapped at 60 characters
for presentation reasons. for presentation reasons.
<CODE BEGINS> file "vr_00-D0-E5-F2-00-02.b64" <CODE BEGINS> file "vr_00-D0-E5-F2-00-02.b64"
MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExDTALBglghkgBZQMEAgEwggOJBgkqhkiG9w0BBwGg MIIG3wYJKoZIhvcNAQcCoIIG0DCCBswCAQExDTALBglghkgBZQMEAgEwggOJBgkqhkiG9w0BBwGg
ggN6BIIDdnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94 ggN6BIIDdnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94
aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0yNVQxNjozMzoxMS45ODQtMDU6MDAiLCJzZXJp aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0yNVQxODowNDo0OC42NTItMDU6MDAiLCJzZXJp
YWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6InkyQmZOYUlTMEtKU3loS2Ft YWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6ImFNamd1ZUtVVC0yMndWaW1q
VEdYYVEiLCJwcm94aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCL0RDQ0FZS2dBd0lCQWdJRVA1 NnoyN1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCL0RDQ0FZS2dBd0lCQWdJRVA1
aWJVakFLQmdncWhrak9QUVFEQWpCdE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdv aWJVakFLQmdncWhrak9QUVFEQWpCdE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdv
SmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhQREE2QmdOVkJBTU1NMlp2ZFc1MFlXbHVMWFJs SmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhQREE2QmdOVkJBTU1NMlp2ZFc1MFlXbHVMWFJs
YzNRdVpYaGhiWEJzWlM1amIyMGdWVzV6ZEhKMWJtY2dSbTkxYm5SaGFXNGdVbTl2ZENCRFFUQWVG YzNRdVpYaGhiWEJzWlM1amIyMGdWVzV6ZEhKMWJtY2dSbTkxYm5SaGFXNGdVbTl2ZENCRFFUQWVG
dzB5TURBeU1qVXlNVE14TlRSYUZ3MHlNakF5TWpReU1UTXhOVFJhTUZNeEVqQVFCZ29Ka2lhSmsv dzB5TURBeU1qVXlNVE14TlRSYUZ3MHlNakF5TWpReU1UTXhOVFJhTUZNeEVqQVFCZ29Ka2lhSmsv
SXNaQUVaRmdKallURVpNQmNHQ2dtU0pvbVQ4aXhrQVJrV0NYTmhibVJsYkcxaGJqRWlNQ0FHQTFV SXNaQUVaRmdKallURVpNQmNHQ2dtU0pvbVQ4aXhrQVJrV0NYTmhibVJsYkcxaGJqRWlNQ0FHQTFV
RUF3d1pabTkxYm5SaGFXNHRkR1Z6ZEM1bGVHRnRjR3hsTG1OdmJUQlpNQk1HQnlxR1NNNDlBZ0VH RUF3d1pabTkxYm5SaGFXNHRkR1Z6ZEM1bGVHRnRjR3hsTG1OdmJUQlpNQk1HQnlxR1NNNDlBZ0VH
Q0NxR1NNNDlBd0VIQTBJQUJKWmxVSEkwdXAvbDNlWmY5dkNCYitsSW5vRU1FZ2M3Um8rWFpDdGpB Q0NxR1NNNDlBd0VIQTBJQUJKWmxVSEkwdXAvbDNlWmY5dkNCYitsSW5vRU1FZ2M3Um8rWFpDdGpB
STBDRDFmSmZKUi9oSXl5RG1IV3lZaU5GYlJDSDlmeWFyZmt6Z1g0cDB6VGl6cWpLakFvTUJZR0Ex STBDRDFmSmZKUi9oSXl5RG1IV3lZaU5GYlJDSDlmeWFyZmt6Z1g0cDB6VGl6cWpLakFvTUJZR0Ex
VWRKUUVCL3dRTU1Bb0dDQ3NHQVFVRkJ3TWNNQTRHQTFVZER3RUIvd1FFQXdJSGdEQUtCZ2dxaGtq VWRKUUVCL3dRTU1Bb0dDQ3NHQVFVRkJ3TWNNQTRHQTFVZER3RUIvd1FFQXdJSGdEQUtCZ2dxaGtq
T1BRUURBZ05vQURCbEFqQm1UMkJNVlVnZWxnZjQzUis1eUJLTlJUYUhteVBBdkx2eHl6MG1GVlp2 T1BRUURBZ05vQURCbEFqQm1UMkJNVlVnZWxnZjQzUis1eUJLTlJUYUhteVBBdkx2eHl6MG1GVlp2
WHgrLzFSd09hZ212RzNhWG1Sa2ovWDRDTVFDOHJNTkJzTG9OcjFMNW5HNTZmd0FkSThoaUFXRzhT WHgrLzFSd09hZ212RzNhWG1Sa2ovWDRDTVFDOHJNTkJzTG9OcjFMNW5HNTZmd0FkSThoaUFXRzhT
OFhBUjVrMUNneDNZVVFCU2dkU2NGY0FkZisrQnc2WXkrVT0ifX2gggHqMIIB5jCCAWygAwIBAgIE OFhBUjVrMUNneDNZVVFCU2dkU2NGY0FkZisrQnc2WXkrVT0ifX2gggHqMIIB5jCCAWygAwIBAgIE
DYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW8xEjAQ DYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW8xEjAQ
BgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UEAwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAX BgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UEAwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAX
DTIwMDIwMzA2NDcyMFoYDzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0w DTIwMDIwMzA2NDcyMFoYDzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0w
MC0wMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/gQE5B MC0wMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/gQE5B
efBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0GA1UdDgQWBBRFiMyW efBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0GA1UdDgQWBBRFiMyW
lgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUFBwEgBB8MHWhpZ2h3YXktdGVzdC5l lgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUFBwEgBB8MHWhpZ2h3YXktdGVzdC5l
eGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMCA2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXv eGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMCA2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXv
p8jcGKgxx7gENPK3TXmKZyIkA0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4 p8jcGKgxx7gENPK3TXmKZyIkA0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4
vAQdI14ib8N/jHzXm3AgkbThfzGCATowggE2AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYD vAQdI14ib8N/jHzXm3AgkbThfzGCATswggE3AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYD
VQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5l VQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5l
eGFtcGxlLmNvbSBDQQIEDYXcLTALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN eGFtcGxlLmNvbSBDQQIEDYXcLTALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAyMjUyMTMzMTFaMC8GCSqGSIb3DQEJBDEiBCB0yBo/clJ6 AQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAyMjUyMzA0NDhaMC8GCSqGSIb3DQEJBDEiBCCx6IrwstHF
GlTKYRILxPrHxYFL9+4MAL0/DavOh/IkETAKBggqhkjOPQQDAgRGMEQCIFpErwe+ypjpXtYpnsIZ 609Y0EqDK62QKby4duyyIWudvs15M16BBTAKBggqhkjOPQQDAgRHMEUCIBxwA1UlkIkuQDf/j7kZ
FsfoLFIOfH1p2p+Cr3eo4F1tAiAhvsI/GRsBd2LP7ZA+W0b+sBXwc2heR19a+LV5hwLIOg== /MVefgr141+hKBFgrnNngjwpAiEAy8aXt0GSB9m1bmiEUpefCEhxSv2xLYurGlugv0dfr/E=
<CODE ENDS> <CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/vr_00-D0-E5-F2-00-02.b64 file: examples/vr_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1758 cons: SEQUENCE 0:d=0 hl=4 l=1759 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1743 cons: cont [ 0 ] 15:d=1 hl=4 l=1744 cons: cont [ 0 ]
19:d=2 hl=4 l=1739 cons: SEQUENCE 19:d=2 hl=4 l=1740 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 905 cons: SEQUENCE 41:d=3 hl=4 l= 905 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 890 cons: cont [ 0 ] 56:d=4 hl=4 l= 890 cons: cont [ 0 ]
60:d=5 hl=4 l= 886 prim: OCTET STRING :{"ietf-voucher-request:v 60:d=5 hl=4 l= 886 prim: OCTET STRING :{"ietf-voucher-request:v
950:d=3 hl=4 l= 490 cons: cont [ 0 ] 950:d=3 hl=4 l= 490 cons: cont [ 0 ]
954:d=4 hl=4 l= 486 cons: SEQUENCE 954:d=4 hl=4 l= 486 cons: SEQUENCE
skipping to change at page 110, line 10 skipping to change at page 110, line 10
1246:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144588CC9696 1246:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144588CC9696
1270:d=8 hl=2 l= 9 cons: SEQUENCE 1270:d=8 hl=2 l= 9 cons: SEQUENCE
1272:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1272:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1277:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1277:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1281:d=8 hl=2 l= 43 cons: SEQUENCE 1281:d=8 hl=2 l= 43 cons: SEQUENCE
1283:d=9 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.1.32 1283:d=9 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.1.32
1293:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]:0C1D6869676877 1293:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]:0C1D6869676877
1326:d=5 hl=2 l= 10 cons: SEQUENCE 1326:d=5 hl=2 l= 10 cons: SEQUENCE
1328:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1328:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1338:d=5 hl=2 l= 104 prim: BIT STRING 1338:d=5 hl=2 l= 104 prim: BIT STRING
1444:d=3 hl=4 l= 314 cons: SET 1444:d=3 hl=4 l= 315 cons: SET
1448:d=4 hl=4 l= 310 cons: SEQUENCE 1448:d=4 hl=4 l= 311 cons: SEQUENCE
1452:d=5 hl=2 l= 1 prim: INTEGER :01 1452:d=5 hl=2 l= 1 prim: INTEGER :01
1455:d=5 hl=2 l= 101 cons: SEQUENCE 1455:d=5 hl=2 l= 101 cons: SEQUENCE
1457:d=6 hl=2 l= 93 cons: SEQUENCE 1457:d=6 hl=2 l= 93 cons: SEQUENCE
1459:d=7 hl=2 l= 15 cons: SET 1459:d=7 hl=2 l= 15 cons: SET
1461:d=8 hl=2 l= 13 cons: SEQUENCE 1461:d=8 hl=2 l= 13 cons: SEQUENCE
1463:d=9 hl=2 l= 3 prim: OBJECT :countryName 1463:d=9 hl=2 l= 3 prim: OBJECT :countryName
1468:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1468:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1476:d=7 hl=2 l= 16 cons: SET 1476:d=7 hl=2 l= 16 cons: SET
1478:d=8 hl=2 l= 14 cons: SEQUENCE 1478:d=8 hl=2 l= 14 cons: SEQUENCE
1480:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1480:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
skipping to change at page 110, line 42 skipping to change at page 110, line 42
1558:d=5 hl=2 l= 11 cons: SEQUENCE 1558:d=5 hl=2 l= 11 cons: SEQUENCE
1560:d=6 hl=2 l= 9 prim: OBJECT :sha256 1560:d=6 hl=2 l= 9 prim: OBJECT :sha256
1571:d=5 hl=2 l= 105 cons: cont [ 0 ] 1571:d=5 hl=2 l= 105 cons: cont [ 0 ]
1573:d=6 hl=2 l= 24 cons: SEQUENCE 1573:d=6 hl=2 l= 24 cons: SEQUENCE
1575:d=7 hl=2 l= 9 prim: OBJECT :contentType 1575:d=7 hl=2 l= 9 prim: OBJECT :contentType
1586:d=7 hl=2 l= 11 cons: SET 1586:d=7 hl=2 l= 11 cons: SET
1588:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1588:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1599:d=6 hl=2 l= 28 cons: SEQUENCE 1599:d=6 hl=2 l= 28 cons: SEQUENCE
1601:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1601:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1612:d=7 hl=2 l= 15 cons: SET 1612:d=7 hl=2 l= 15 cons: SET
1614:d=8 hl=2 l= 13 prim: UTCTIME :200225213311Z 1614:d=8 hl=2 l= 13 prim: UTCTIME :200225230448Z
1629:d=6 hl=2 l= 47 cons: SEQUENCE 1629:d=6 hl=2 l= 47 cons: SEQUENCE
1631:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1631:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1642:d=7 hl=2 l= 34 cons: SET 1642:d=7 hl=2 l= 34 cons: SET
1644:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:74C81A3F72527A 1644:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:B1E88AF0B2D1C5
1678:d=5 hl=2 l= 10 cons: SEQUENCE 1678:d=5 hl=2 l= 10 cons: SEQUENCE
1680:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1680:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1690:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:304402205A44AF 1690:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:304502201C7003
The JSON contained in the voucher request: The JSON contained in the voucher request:
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr {"ietf-voucher-request:voucher":{"assertion":"proximity","cr
eated-on":"2020-02-25T16:33:11.984-05:00","serial-number":"0 eated-on":"2020-02-25T18:04:48.652-05:00","serial-number":"0
0-D0-E5-F2-00-02","nonce":"y2BfNaIS0KJSyhKamTGXaQ","proximit 0-D0-E5-F2-00-02","nonce":"aMjgueKUT-22wVimj6z27Q","proximit
y-registrar-cert":"MIIB/DCCAYKgAwIBAgIEP5ibUjAKBggqhkjOPQQDA y-registrar-cert":"MIIB/DCCAYKgAwIBAgIEP5ibUjAKBggqhkjOPQQDA
jBtMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZ jBtMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZ
WxtYW4xPDA6BgNVBAMMM2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zd WxtYW4xPDA6BgNVBAMMM2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zd
HJ1bmcgRm91bnRhaW4gUm9vdCBDQTAeFw0yMDAyMjUyMTMxNTRaFw0yMjAyM HJ1bmcgRm91bnRhaW4gUm9vdCBDQTAeFw0yMDAyMjUyMTMxNTRaFw0yMjAyM
jQyMTMxNTRaMFMxEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkA jQyMTMxNTRaMFMxEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkA
RkWCXNhbmRlbG1hbjEiMCAGA1UEAwwZZm91bnRhaW4tdGVzdC5leGFtcGxlL RkWCXNhbmRlbG1hbjEiMCAGA1UEAwwZZm91bnRhaW4tdGVzdC5leGFtcGxlL
mNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb mNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb
+lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p +lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p
0zTizqjKjAoMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMcMA4GA1UdDwEB/wQEA 0zTizqjKjAoMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMcMA4GA1UdDwEB/wQEA
wIHgDAKBggqhkjOPQQDAgNoADBlAjBmT2BMVUgelgf43R+5yBKNRTaHmyPAv wIHgDAKBggqhkjOPQQDAgNoADBlAjBmT2BMVUgelgf43R+5yBKNRTaHmyPAv
skipping to change at page 118, line 6 skipping to change at page 118, line 6
HF609Y0EqDK62QKby4duyyIWudvs15M16BBTAKBggqhkjOPQQDAgRHMEUCIB HF609Y0EqDK62QKby4duyyIWudvs15M16BBTAKBggqhkjOPQQDAgRHMEUCIB
xwA1UlkIkuQDf/j7kZ/MVefgr141+hKBFgrnNngjwpAiEAy8aXt0GSB9m1bm xwA1UlkIkuQDf/j7kZ/MVefgr141+hKBFgrnNngjwpAiEAy8aXt0GSB9m1bm
iEUpefCEhxSv2xLYurGlugv0dfr/E="}} iEUpefCEhxSv2xLYurGlugv0dfr/E="}}
C.2.3. MASA to Registrar C.2.3. MASA to Registrar
The MASA will return a voucher to the registrar, to be relayed to the The MASA will return a voucher to the registrar, to be relayed to the
pledge. pledge.
<CODE BEGINS> file "voucher_00-D0-E5-F2-00-02.b64" <CODE BEGINS> file "voucher_00-D0-E5-F2-00-02.b64"
MIIGyAYJKoZIhvcNAQcCoIIGuTCCBrUCAQExDTALBglghkgBZQMEAgEwggN4BgkqhkiG9w0BBwGg MIIGxwYJKoZIhvcNAQcCoIIGuDCCBrQCAQExDTALBglghkgBZQMEAgEwggN4BgkqhkiG9w0BBwGg
ggNpBIIDZXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0aW9uIjoibG9nZ2VkIiwiY3Jl ggNpBIIDZXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0aW9uIjoibG9nZ2VkIiwiY3Jl
YXRlZC1vbiI6IjIwMjAtMDItMjVUMTY6MzM6MTIuODQ5LTA1OjAwIiwic2VyaWFsLW51bWJlciI6 YXRlZC1vbiI6IjIwMjAtMDItMjVUMTg6MDQ6NDkuMzAzLTA1OjAwIiwic2VyaWFsLW51bWJlciI6
IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiJ5MkJmTmFJUzBLSlN5aEthbVRHWGFRIiwicGlu IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiJhTWpndWVLVVQtMjJ3VmltajZ6MjdRIiwicGlu
bmVkLWRvbWFpbi1jZXJ0IjoiTUlJQi9EQ0NBWUtnQXdJQkFnSUVQNWliVWpBS0JnZ3Foa2pPUFFR bmVkLWRvbWFpbi1jZXJ0IjoiTUlJQi9EQ0NBWUtnQXdJQkFnSUVQNWliVWpBS0JnZ3Foa2pPUFFR
REFqQnRNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pBRVpGZ2x6 REFqQnRNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pBRVpGZ2x6
WVc1a1pXeHRZVzR4UERBNkJnTlZCQU1NTTJadmRXNTBZV2x1TFhSbGMzUXVaWGhoYlhCc1pTNWpi WVc1a1pXeHRZVzR4UERBNkJnTlZCQU1NTTJadmRXNTBZV2x1TFhSbGMzUXVaWGhoYlhCc1pTNWpi
MjBnVlc1emRISjFibWNnUm05MWJuUmhhVzRnVW05dmRDQkRRVEFlRncweU1EQXlNalV5TVRNeE5U MjBnVlc1emRISjFibWNnUm05MWJuUmhhVzRnVW05dmRDQkRRVEFlRncweU1EQXlNalV5TVRNeE5U
UmFGdzB5TWpBeU1qUXlNVE14TlRSYU1GTXhFakFRQmdvSmtpYUprL0lzWkFFWkZnSmpZVEVaTUJj UmFGdzB5TWpBeU1qUXlNVE14TlRSYU1GTXhFakFRQmdvSmtpYUprL0lzWkFFWkZnSmpZVEVaTUJj
R0NnbVNKb21UOGl4a0FSa1dDWE5oYm1SbGJHMWhiakVpTUNBR0ExVUVBd3daWm05MWJuUmhhVzR0 R0NnbVNKb21UOGl4a0FSa1dDWE5oYm1SbGJHMWhiakVpTUNBR0ExVUVBd3daWm05MWJuUmhhVzR0
ZEdWemRDNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFC ZEdWemRDNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFC
SlpsVUhJMHVwL2wzZVpmOXZDQmIrbElub0VNRWdjN1JvK1haQ3RqQUkwQ0QxZkpmSlIvaEl5eURt SlpsVUhJMHVwL2wzZVpmOXZDQmIrbElub0VNRWdjN1JvK1haQ3RqQUkwQ0QxZkpmSlIvaEl5eURt
SFd5WWlORmJSQ0g5ZnlhcmZremdYNHAwelRpenFqS2pBb01CWUdBMVVkSlFFQi93UU1NQW9HQ0Nz SFd5WWlORmJSQ0g5ZnlhcmZremdYNHAwelRpenFqS2pBb01CWUdBMVVkSlFFQi93UU1NQW9HQ0Nz
R0FRVUZCd01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFLQmdncWhrak9QUVFEQWdOb0FEQmxBakJt R0FRVUZCd01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFLQmdncWhrak9QUVFEQWdOb0FEQmxBakJt
VDJCTVZVZ2VsZ2Y0M1IrNXlCS05SVGFIbXlQQXZMdnh5ejBtRlZadlh4Ky8xUndPYWdtdkczYVht VDJCTVZVZ2VsZ2Y0M1IrNXlCS05SVGFIbXlQQXZMdnh5ejBtRlZadlh4Ky8xUndPYWdtdkczYVht
UmtqL1g0Q01RQzhyTU5Cc0xvTnIxTDVuRzU2ZndBZEk4aGlBV0c4UzhYQVI1azFDZ3gzWVVRQlNn UmtqL1g0Q01RQzhyTU5Cc0xvTnIxTDVuRzU2ZndBZEk4aGlBV0c4UzhYQVI1azFDZ3gzWVVRQlNn
ZFNjRmNBZGYrK0J3Nll5K1U9In19oIIB4zCCAd8wggFkoAMCAQICBBuZX1QwCgYIKoZIzj0EAwIw ZFNjRmNBZGYrK0J3Nll5K1U9In19oIIB4zCCAd8wggFkoAMCAQICBBuZX1QwCgYIKoZIzj0EAwIw
XTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4x XTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4x
JDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQTAeFw0xOTAyMTIyMjIyNDFaFw0y JDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQTAeFw0xOTAyMTIyMjIyNDFaFw0y
MTAyMTEyMjIyNDFaMF8xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UE MTAyMTEyMjIyNDFaMF8xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UE
CwwJU2FuZGVsbWFuMSYwJAYDVQQDDB1oaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gTUFTQTBZMBMG CwwJU2FuZGVsbWFuMSYwJAYDVQQDDB1oaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gTUFTQTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABKoEFaNEueJE+Mn5GwcbpnRznB66bKmzqTCpojJZ96AdRwFt ByqGSM49AgEGCCqGSM49AwEHA0IABKoEFaNEueJE+Mn5GwcbpnRznB66bKmzqTCpojJZ96AdRwFt
uTCVfoKouLTBX0idIhMLfJLM31lyuKy4CUtpp6WjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0E uTCVfoKouLTBX0idIhMLfJLM31lyuKy4CUtpp6WjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0E
AwIDaQAwZgIxAL1V5ZsO+/xelSnjgbMVNaqTGKIEvkRyslF9TW3r0dXBEDqyOXtXP8XMsKMO55lG AwIDaQAwZgIxAL1V5ZsO+/xelSnjgbMVNaqTGKIEvkRyslF9TW3r0dXBEDqyOXtXP8XMsKMO55lG
ugIxAPZ/RH23FPrRZ2rUEcNLrub7mphW+oUhLlxITPA/8ps/roggp675cv9b+Xhozw9IyTGCATww ugIxAPZ/RH23FPrRZ2rUEcNLrub7mphW+oUhLlxITPA/8ps/roggp675cv9b+Xhozw9IyTGCATsw
ggE4AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlT ggE3AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlT
YW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQQIEG5lfVDALBglg YW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQQIEG5lfVDALBglg
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAy hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAy
MjUyMTMzMTJaMC8GCSqGSIb3DQEJBDEiBCAUaEb583jZIHCPYTPwZSRKJ7XONLRtjvf071ZCHb6i MjUyMzA0NDlaMC8GCSqGSIb3DQEJBDEiBCCJQso4Z9msdaPk3bsDltTkVckX50DvOPuOR9Svi5M9
6jAKBggqhkjOPQQDAgRIMEYCIQCOzdl41Cdb0OycWymjmoT6alVT+mPvGfVPl2xyMxqwHwIhAPri RDAKBggqhkjOPQQDAgRHMEUCIQCKESXfM3iV8hpkqcxAKA1veArA6GFpN0jzyns4El8uDgIgSRQi
bTuYNFARgkPLS5MX6iZx5IKhiTCjbJKY8hwfAqCE 9/MntuJhAM/tJCZBkfHBoAGX4PFAwwbs5LFZtAw=
<CODE ENDS> <CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/voucher_00-D0-E5-F2-00-02.b64 file: examples/voucher_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1736 cons: SEQUENCE 0:d=0 hl=4 l=1735 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1721 cons: cont [ 0 ] 15:d=1 hl=4 l=1720 cons: cont [ 0 ]
19:d=2 hl=4 l=1717 cons: SEQUENCE 19:d=2 hl=4 l=1716 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 888 cons: SEQUENCE 41:d=3 hl=4 l= 888 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 873 cons: cont [ 0 ] 56:d=4 hl=4 l= 873 cons: cont [ 0 ]
60:d=5 hl=4 l= 869 prim: OCTET STRING :{"ietf-voucher:voucher": 60:d=5 hl=4 l= 869 prim: OCTET STRING :{"ietf-voucher:voucher":
933:d=3 hl=4 l= 483 cons: cont [ 0 ] 933:d=3 hl=4 l= 483 cons: cont [ 0 ]
937:d=4 hl=4 l= 479 cons: SEQUENCE 937:d=4 hl=4 l= 479 cons: SEQUENCE
skipping to change at page 120, line 17 skipping to change at page 120, line 17
1215:d=7 hl=2 l= 66 prim: BIT STRING 1215:d=7 hl=2 l= 66 prim: BIT STRING
1283:d=6 hl=2 l= 16 cons: cont [ 3 ] 1283:d=6 hl=2 l= 16 cons: cont [ 3 ]
1285:d=7 hl=2 l= 14 cons: SEQUENCE 1285:d=7 hl=2 l= 14 cons: SEQUENCE
1287:d=8 hl=2 l= 12 cons: SEQUENCE 1287:d=8 hl=2 l= 12 cons: SEQUENCE
1289:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1289:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1294:d=9 hl=2 l= 1 prim: BOOLEAN :255 1294:d=9 hl=2 l= 1 prim: BOOLEAN :255
1297:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1297:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1301:d=5 hl=2 l= 10 cons: SEQUENCE 1301:d=5 hl=2 l= 10 cons: SEQUENCE
1303:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1303:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1313:d=5 hl=2 l= 105 prim: BIT STRING 1313:d=5 hl=2 l= 105 prim: BIT STRING
1420:d=3 hl=4 l= 316 cons: SET 1420:d=3 hl=4 l= 315 cons: SET
1424:d=4 hl=4 l= 312 cons: SEQUENCE 1424:d=4 hl=4 l= 311 cons: SEQUENCE
1428:d=5 hl=2 l= 1 prim: INTEGER :01 1428:d=5 hl=2 l= 1 prim: INTEGER :01
1431:d=5 hl=2 l= 101 cons: SEQUENCE 1431:d=5 hl=2 l= 101 cons: SEQUENCE
1433:d=6 hl=2 l= 93 cons: SEQUENCE 1433:d=6 hl=2 l= 93 cons: SEQUENCE
1435:d=7 hl=2 l= 15 cons: SET 1435:d=7 hl=2 l= 15 cons: SET
1437:d=8 hl=2 l= 13 cons: SEQUENCE 1437:d=8 hl=2 l= 13 cons: SEQUENCE
1439:d=9 hl=2 l= 3 prim: OBJECT :countryName 1439:d=9 hl=2 l= 3 prim: OBJECT :countryName
1444:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1444:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1452:d=7 hl=2 l= 16 cons: SET 1452:d=7 hl=2 l= 16 cons: SET
1454:d=8 hl=2 l= 14 cons: SEQUENCE 1454:d=8 hl=2 l= 14 cons: SEQUENCE
1456:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1456:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
skipping to change at page 120, line 49 skipping to change at page 120, line 49
1534:d=5 hl=2 l= 11 cons: SEQUENCE 1534:d=5 hl=2 l= 11 cons: SEQUENCE
1536:d=6 hl=2 l= 9 prim: OBJECT :sha256 1536:d=6 hl=2 l= 9 prim: OBJECT :sha256
1547:d=5 hl=2 l= 105 cons: cont [ 0 ] 1547:d=5 hl=2 l= 105 cons: cont [ 0 ]
1549:d=6 hl=2 l= 24 cons: SEQUENCE 1549:d=6 hl=2 l= 24 cons: SEQUENCE
1551:d=7 hl=2 l= 9 prim: OBJECT :contentType 1551:d=7 hl=2 l= 9 prim: OBJECT :contentType
1562:d=7 hl=2 l= 11 cons: SET 1562:d=7 hl=2 l= 11 cons: SET
1564:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1564:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1575:d=6 hl=2 l= 28 cons: SEQUENCE 1575:d=6 hl=2 l= 28 cons: SEQUENCE
1577:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1577:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1588:d=7 hl=2 l= 15 cons: SET 1588:d=7 hl=2 l= 15 cons: SET
1590:d=8 hl=2 l= 13 prim: UTCTIME :200225213312Z 1590:d=8 hl=2 l= 13 prim: UTCTIME :200225230449Z
1605:d=6 hl=2 l= 47 cons: SEQUENCE 1605:d=6 hl=2 l= 47 cons: SEQUENCE
1607:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1607:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1618:d=7 hl=2 l= 34 cons: SET 1618:d=7 hl=2 l= 34 cons: SET
1620:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:146846F9F378D9 1620:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:8942CA3867D9AC
1654:d=5 hl=2 l= 10 cons: SEQUENCE 1654:d=5 hl=2 l= 10 cons: SEQUENCE
1656:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1656:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1666:d=5 hl=2 l= 72 prim: OCTET STRING [HEX DUMP]:30460221008ECD 1666:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450221008A11
Appendix D. Additional References Appendix D. Additional References
RFC EDITOR Please remove this section before publication. It exists RFC EDITOR Please remove this section before publication. It exists
just to include references to the things in the YANG descriptions just to include references to the things in the YANG descriptions
which are not otherwise referenced in the text so that xml2rfc will which are not otherwise referenced in the text so that xml2rfc will
not complain. not complain.
[ITU.X690.1994] [ITU.X690.1994]
 End of changes. 30 change blocks. 
48 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/