search

lamps-wg / cmp-updates

RFC4210bis and RFC6712bis
Other
2 stars 5 forks source link

Be consistent: client - server vs. PKI entity - PKI management entity #5

Closed DDvO closed 1 year ago

DDvO commented 1 year ago

Section 5.1.3.4. Key Encapsulation uses both pairs of terms interchangeably.

For consistency, better stick to one of them. My preference, for simplicity, would be: client - server. The terms "client" and "server" are those used also in, e.g., section 5.1.1, and various other places.

HBrock commented 1 year ago

You are right, this is confusing. PKI entity and PKI management entity refer to the parties involved in the PKI management operation. We use these terms in the Lightweight CMP Profile. RFC4210 uses the terms end entity and PKI, CA, or RA. Client and server refer to the role in a single exchange where one has the client and one the server role. Client and server is also used in RFC 4210, but less often that end entity and PKI/CA/RA. Therefore, I tend to use end entity and PKI if the roles in the PKI management operation are meant.

DDvO commented 1 year ago

I just found that at least according to RFC 4210, "PKI entity" can mean any PKI component: CA, RA, or EE. So certainly better to use "end entity" and "PKI" than "PKI entity".

Yet regarding the HPKE-baesd message flow described in 5.1.3.4, this is not actually confined to EE - PKI communication: it can be used also, e.g., between (L)RA and RA, or RA and CA. So also for this generality I propose to use "client" and "server" here and to mention that the client usually is an EE and the server a PKI management entity.

HBrock commented 1 year ago

this is not actually confined to EE - PKI communication: it can be used also, e.g., between (L)RA and RA, or RA and CA.

This is why I used PKI entity here instead of end entity, as it can be the EE, RA, or CA, as you stated above.

HBrock commented 1 year ago

I could add (client) and (server) in Figure 2 like

Step# PKI entity (client) PKI management entity (server)

for clarification.

HBrock commented 1 year ago

Design team meeting minutes: I will add a note right after Figure 2 to state that the PKI entity has kemCertC and the PKI management entity has kemCertS. I will also add PKI entity after the first occurrence of clinet with kemCertC and the same for PKI management entity.

HBrock commented 1 year ago

Design team meeting minutes: I will add a note right after Figure 2 to state that the PKI entity has kemCertC and the PKI management entity has kemCertS. I will also add PKI entity after the first occurrence of clinet with kemCertC and the same for PKI management entity.

Implemented