From 3bfa580561b2a7ce4a4193f44e16200ba4b4898a Mon Sep 17 00:00:00 2001 From: Michael Richardson Date: Mon, 8 Jul 2024 18:14:03 -0400 Subject: [PATCH] added examples to appendix --- Makefile | 5 ++- draft-ietf-anima-rfc8366bis.md | 63 +++++++++++++++++++++++++++++++--- 2 files changed, 63 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index e407f19..37ce90e 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,9 @@ CWTSIDDATE1=ietf-voucher@${YANGDATE}.sid CWTSIDLIST1=ietf-voucher-sid.txt CWTSIDDATE2=ietf-voucher-request@${YANGDATE}.sid CWTSIDLIST2=ietf-voucher-request-sid.txt +EXAMPLES+=$(wildcard examples/voucher*.b64) +EXAMPLES+=$(wildcard examples/*.pem) +EXAMPLES+=$(wildcard examples/*.crt) LIBDIR := lib # add this path because your local install might be newer. @@ -28,7 +31,7 @@ endif draft-ietf-anima-rfc8366bis.xml:: yang/ietf-voucher@${YANGDATE}.yang \ yang/ietf-voucher-tree-latest.txt \ yang/ietf-voucher-request@${YANGDATE}.yang \ - yang/ietf-voucher-request-tree-latest.txt ${CWTSIDLIST1} ${CWTSIDLIST2} + yang/ietf-voucher-request-tree-latest.txt ${CWTSIDLIST1} ${CWTSIDLIST2} ${EXAMPLES} yang/ietf-voucher@${YANGDATE}.yang: ietf-voucher.yang # make sure we are running a new enough pyang diff --git a/draft-ietf-anima-rfc8366bis.md b/draft-ietf-anima-rfc8366bis.md index 09ed622..8dd3e3b 100644 --- a/draft-ietf-anima-rfc8366bis.md +++ b/draft-ietf-anima-rfc8366bis.md @@ -388,10 +388,10 @@ There are some difficulties with this approach: this document does not attempt t Three signature systems have been defined for vouchers and voucher-requests. -{{!I-D.ietf-anima-constrained-voucher}} defines a mechanism that uses COSE {{RFC9052}}, with the voucher data encoded using {{I-D.ietf-core-sid}}. +{{!cBRSKI}} defines a mechanism that uses COSE {{RFC9052}}, with the voucher data encoded using {{I-D.ietf-core-sid}}. However, as the SID processe requires up-to-date YANG, the SID values for this mechanism are presented in this document. -{{!I-D.ietf-anima-jws-voucher}} defines a mechanism that uses JSON {{RFC8259}} and {{JWS}}. +{{!jBRSKI}} defines a mechanism that uses JSON {{RFC8259}} and {{JWS}}. The CMS mechanism first defined in {{RFC8366}} continues to be defined here. @@ -523,8 +523,8 @@ using the 'verified' assertion type, which should satisfy all pledges. } ~~~~ -{{I-D.ietf-anima-jws-voucher, Section 8}} contains examples of vouchers encoded in JSON, and signed with JOSE. -{{I-D.ietf-anima-constrained-voucher, Section 9}} contains examples of vouchers encoded in CBOR, and signed with COSE. +{{jBRSKI, Section 8}} contains examples of vouchers encoded in JSON, and signed with {{JWS}}. +{{cBRSKI, Section 9}} contains examples of vouchers encoded in CBOR, and signed with {{COSE}}. ## YANG Module {#voucher-yang-module} @@ -787,6 +787,61 @@ This registration should be updated to point to this document. --- back +# Examples + +## Key pairs associated with examples + +The following voucher request has been produced using the IDevID public (certificate) and private key. +They are included so that other developers can match the same output. + +The private RSA key: + +~~~~ +{::include-fold examples/00-D0-E5-F2-00-02.pem} +~~~~ + +The IDevID certificate (public key): + +~~~~ +{::include-fold examples/00-D0-E5-F2-00-02.crt} +~~~~ + +The Certification Authority that created the IDevID: + +~~~~ +{::include-fold examples/vendor-00-D0-E5-F2-00-02.crt} +~~~~ + +The private key for the Certification Authority that created the IDevID: + +~~~~ +{::include-fold examples/vendor-00-D0-E5-F2-00-02.pem} +~~~~ + +The MASA certificate that signs the voucher: + +~~~~ +{::include-fold examples/masa-00-D0-E5-F2-00-02.crt} +~~~~ + +The private key for MASA certificate signs the voucher: + +~~~~ +{::include-fold examples/masa-00-D0-E5-F2-00-02.pem} +~~~~ + +## Example CMS signed voucher request + +~~~~ +{::include-fold examples/vr_00-D0-E5-F2-00-02.b64} +~~~~ + +## Example CMS signed voucher from MASA + +~~~~ +{::include-fold examples/voucher_00-D0-E5-F2-00-02.b64} +~~~~ + # Acknowledgements {: numbered="no"}