Skip to main content

Update to the Object Identifier Registry for the PKIX Working Group
RFC 9158

Document Type RFC - Informational (November 2021)
Updates RFC 7299
Author Russ Housley
Last updated 2021-11-30
Stream Internet Engineering Task Force (IETF)
Formats
Reviews
OPSDIR Last Call Review Incomplete, due 2021-09-16
Stream WG state Submitted to IESG for Publication
Document shepherd Tim Hollebeek
Shepherd write-up Show Last changed 2021-08-31
IESG IESG state RFC 9158 (Informational)
Action Holders
(None)
Consensus boilerplate Yes
Telechat date (None)
Responsible AD Roman Danyliw
Send notices to tim.hollebeek@digicert.com
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack
RFC 9158


Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 9158                                Vigil Security
Updates: 7299                                              November 2021
Category: Informational                                                 
ISSN: 2070-1721

  Update to the Object Identifier Registry for the PKIX Working Group

Abstract

   RFC 7299 describes the object identifiers that were assigned by the
   Public Key Infrastructure using X.509 (PKIX) Working Group in an arc
   that was allocated by IANA (1.3.6.1.5.5.7).  A small number of object
   identifiers that were assigned in RFC 4212 are omitted from RFC 7299,
   and this document updates RFC 7299 to correct that oversight.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc9158.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Revised BSD License text as described in Section 4.e of the
   Trust Legal Provisions and are provided without warranty as described
   in the Revised BSD License.

Table of Contents

   1.  Introduction
   2.  IANA Considerations
     2.1.  "SMI Security for PKIX CRMF Registration Controls for
           Alternate Certificate Formats" Registry
   3.  Security Considerations
   4.  References
     4.1.  Normative References
     4.2.  Informative References
   Author's Address

1.  Introduction

   When the Public Key Infrastructure using X.509 (PKIX) Working Group
   was chartered, an object identifier arc was allocated by IANA for use
   by that working group.  After the PKIX Working Group was closed, RFC
   7299 [RFC7299] was published to describe the object identifiers that
   were assigned in that arc.  A small number of object identifiers that
   were assigned in RFC 4212 [RFC4212] are not included in RFC 7299, and
   this document corrects that oversight.

   The PKIX Certificate Management Protocol (CMP) [RFC4210] allocated
   id-regCtrl-altCertTemplate (1.3.6.1.5.5.7.5.1.7), and then two object
   identifiers were assigned within that arc [RFC4212], which were
   intended to be used with either PKIX CMP [RFC4210] or PKIX
   Certificate Management over CMS (CMC) [RFC5272] [RFC5273] [RFC5274]
   [RFC6402].

   This document describes the object identifiers that were assigned in
   that arc, establishes an IANA registry for that arc, and establishes
   IANA allocation policies for any future assignments within that arc.

2.  IANA Considerations

   IANA has created a new subregistry.

2.1.  "SMI Security for PKIX CRMF Registration Controls for Alternate
      Certificate Formats" Registry

   Within the "Structure of Management Information (SMI) Numbers (MIB
   Module Registrations)" registry, IANA has created the "SMI Security
   for PKIX CRMF Registration Controls for Alternate Certificate
   Formats" subregistry (1.3.6.1.5.5.7.5.1.7).  The initial contents of
   this subregistry are as follows:

           +=========+===========================+============+
           | Decimal | Description               | References |
           +=========+===========================+============+
           | 1       | id-acTemplate             | [RFC4212]  |
           +---------+---------------------------+------------+
           | 2       | id-openPGPCertTemplateExt | [RFC4212]  |
           +---------+---------------------------+------------+

                 Table 1: New SMI Security for PKIX CRMF
             Registration Controls for Alternate Certificate
                           Formats Subregistry

   Future updates to the registry table are to be made according to the
   Specification Required policy defined in [RFC8126].  The expert is
   expected to ensure that any new values are strongly related to the
   work that was done by the PKIX Working Group.  In particular,
   additional object identifiers should be needed for use with either
   the PKIX CMP or PKIX CMC to support alternative certificate formats.
   Object identifiers for other purposes should not be assigned in this
   arc.

3.  Security Considerations

   This document populates an IANA registry, and it raises no new
   security considerations.  The protocols that specify these values
   include the security considerations associated with their usage.

4.  References

4.1.  Normative References

   [RFC7299]  Housley, R., "Object Identifier Registry for the PKIX
              Working Group", RFC 7299, DOI 10.17487/RFC7299, July 2014,
              <https://www.rfc-editor.org/info/rfc7299>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

4.2.  Informative References

   [RFC4210]  Adams, C., Farrell, S., Kause, T., and T. Mononen,
              "Internet X.509 Public Key Infrastructure Certificate
              Management Protocol (CMP)", RFC 4210,
              DOI 10.17487/RFC4210, September 2005,
              <https://www.rfc-editor.org/info/rfc4210>.

   [RFC4212]  Blinov, M. and C. Adams, "Alternative Certificate Formats
              for the Public-Key Infrastructure Using X.509 (PKIX)
              Certificate Management Protocols", RFC 4212,
              DOI 10.17487/RFC4212, October 2005,
              <https://www.rfc-editor.org/info/rfc4212>.

   [RFC5272]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC)", RFC 5272, DOI 10.17487/RFC5272, June 2008,
              <https://www.rfc-editor.org/info/rfc5272>.

   [RFC5273]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC): Transport Protocols", RFC 5273,
              DOI 10.17487/RFC5273, June 2008,
              <https://www.rfc-editor.org/info/rfc5273>.

   [RFC5274]  Schaad, J. and M. Myers, "Certificate Management Messages
              over CMS (CMC): Compliance Requirements", RFC 5274,
              DOI 10.17487/RFC5274, June 2008,
              <https://www.rfc-editor.org/info/rfc5274>.

   [RFC6402]  Schaad, J., "Certificate Management over CMS (CMC)
              Updates", RFC 6402, DOI 10.17487/RFC6402, November 2011,
              <https://www.rfc-editor.org/info/rfc6402>.

Author's Address

   Russ Housley
   Vigil Security, LLC
   516 Dranesville Road
   Herndon, VA 20170
   United States of America

   Email: housley@vigilsec.com