Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 5934                           Vigil Security, LLC
Category: Standards Track                                     S. Ashmore
ISSN: 2070-1721                                 National Security Agency
                                                              C. Wallace
                                                      Cygnacom Solutions
                                                             August 2010
        
Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 5934                           Vigil Security, LLC
Category: Standards Track                                     S. Ashmore
ISSN: 2070-1721                                 National Security Agency
                                                              C. Wallace
                                                      Cygnacom Solutions
                                                             August 2010
        

Trust Anchor Management Protocol (TAMP)

信任锚管理协议(TAMP)

Abstract

摘要

This document describes a transport independent protocol for the management of trust anchors (TAs) and community identifiers stored in a trust anchor store. The protocol makes use of the Cryptographic Message Syntax (CMS), and a digital signature is used to provide integrity protection and data origin authentication. The protocol can be used to manage trust anchor stores containing trust anchors represented as Certificate, TBSCertificate, or TrustAnchorInfo objects.

本文档描述了一种独立于传输的协议,用于管理存储在信任锚存储中的信任锚(TA)和社区标识符。该协议使用加密消息语法(CMS),并使用数字签名提供完整性保护和数据源身份验证。该协议可用于管理包含以证书、TBSCertificate或TrustAnchorInfo对象表示的信任锚的信任锚存储。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5934.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5934.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.

本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。

Table of Contents

目录

   1. Introduction ....................................................4
      1.1. Terminology ................................................5
      1.2. Trust Anchors ..............................................5
           1.2.1. Apex Trust Anchors ..................................6
           1.2.2. Management Trust Anchors ............................7
           1.2.3. Identity Trust Anchors ..............................7
      1.3. Architectural Elements .....................................8
           1.3.1. Cryptographic Module ................................8
           1.3.2. Trust Anchor Store ..................................9
           1.3.3. TAMP Processing Dependencies ........................9
           1.3.4. Application-Specific Protocol Processing ...........10
      1.4. ASN.1 Encoding ............................................11
   2. Cryptographic Message Syntax Profile ...........................12
      2.1. ContentInfo ...............................................13
      2.2. SignedData Info ...........................................14
           2.2.1. SignerInfo .........................................15
           2.2.2. EncapsulatedContentInfo ............................16
           2.2.3. Signed Attributes ..................................16
           2.2.4. Unsigned Attributes ................................18
   3. Trust Anchor Formats ...........................................18
   4. Trust Anchor Management Protocol Messages ......................19
      4.1. TAMP Status Query .........................................21
      4.2. TAMP Status Query Response ................................24
      4.3. Trust Anchor Update .......................................27
           4.3.1. Trust Anchor List ..................................31
      4.4. Trust Anchor Update Confirm ...............................32
      4.5. Apex Trust Anchor Update ..................................34
      4.6. Apex Trust Anchor Update Confirm ..........................36
      4.7. Community Update ..........................................38
      4.8. Community Update Confirm ..................................40
      4.9. Sequence Number Adjust ....................................42
      4.10. Sequence Number Adjust Confirm ...........................43
      4.11. TAMP Error ...............................................44
   5. Status Codes ...................................................45
   6. Sequence Number Processing .....................................50
   7. Subordination Processing .......................................51
   8. Implementation Considerations ..................................54
   9. Wrapped Apex Contingency Key Certificate Extension .............54
   10. Security Considerations .......................................55
   11. IANA Considerations ...........................................58
   12. References ....................................................58
      12.1. Normative References .....................................58
      12.2. Informative References ...................................59
        
   1. Introduction ....................................................4
      1.1. Terminology ................................................5
      1.2. Trust Anchors ..............................................5
           1.2.1. Apex Trust Anchors ..................................6
           1.2.2. Management Trust Anchors ............................7
           1.2.3. Identity Trust Anchors ..............................7
      1.3. Architectural Elements .....................................8
           1.3.1. Cryptographic Module ................................8
           1.3.2. Trust Anchor Store ..................................9
           1.3.3. TAMP Processing Dependencies ........................9
           1.3.4. Application-Specific Protocol Processing ...........10
      1.4. ASN.1 Encoding ............................................11
   2. Cryptographic Message Syntax Profile ...........................12
      2.1. ContentInfo ...............................................13
      2.2. SignedData Info ...........................................14
           2.2.1. SignerInfo .........................................15
           2.2.2. EncapsulatedContentInfo ............................16
           2.2.3. Signed Attributes ..................................16
           2.2.4. Unsigned Attributes ................................18
   3. Trust Anchor Formats ...........................................18
   4. Trust Anchor Management Protocol Messages ......................19
      4.1. TAMP Status Query .........................................21
      4.2. TAMP Status Query Response ................................24
      4.3. Trust Anchor Update .......................................27
           4.3.1. Trust Anchor List ..................................31
      4.4. Trust Anchor Update Confirm ...............................32
      4.5. Apex Trust Anchor Update ..................................34
      4.6. Apex Trust Anchor Update Confirm ..........................36
      4.7. Community Update ..........................................38
      4.8. Community Update Confirm ..................................40
      4.9. Sequence Number Adjust ....................................42
      4.10. Sequence Number Adjust Confirm ...........................43
      4.11. TAMP Error ...............................................44
   5. Status Codes ...................................................45
   6. Sequence Number Processing .....................................50
   7. Subordination Processing .......................................51
   8. Implementation Considerations ..................................54
   9. Wrapped Apex Contingency Key Certificate Extension .............54
   10. Security Considerations .......................................55
   11. IANA Considerations ...........................................58
   12. References ....................................................58
      12.1. Normative References .....................................58
      12.2. Informative References ...................................59
        
   Appendix A.  ASN.1 Modules ........................................61
     A.1.  ASN.1 Module Using 1993 Syntax ............................61
     A.2.  ASN.1 Module Using 1988 Syntax ............................70
   Appendix B.  Media Type Registrations .............................77
     B.1.  application/tamp-status-query .............................77
     B.2.  application/tamp-status-response ..........................78
     B.3.  application/tamp-update ...................................79
     B.4.  application/tamp-update-confirm ...........................80
     B.5.  application/tamp-apex-update ..............................81
     B.6.  application/tamp-apex-update-confirm ......................82
     B.7.  application/tamp-community-update .........................83
     B.8.  application/tamp-community-update-confirm .................84
     B.9.  application/tamp-sequence-adjust ..........................85
     B.10. application/tamp-sequence-adjust-confirm ..................86
     B.11. application/tamp-error ....................................87
   Appendix C.  TAMP over HTTP .......................................88
     C.1.  TAMP Status Query Message .................................89
     C.2.  TAMP Status Response Message ..............................89
     C.3.  Trust Anchor Update Message ...............................89
     C.4.  Trust Anchor Update Confirm Message .......................89
     C.5.  Apex Trust Anchor Update Message ..........................89
     C.6.  Apex Trust Anchor Update Confirm Message ..................90
     C.7.  Community Update Message ..................................90
     C.8.  Community Update Confirm Message ..........................90
     C.9.  Sequence Number Adjust Message ............................90
     C.10. Sequence Number Adjust Confirm Message ....................90
     C.11. TAMP Error Message ........................................91
        
   Appendix A.  ASN.1 Modules ........................................61
     A.1.  ASN.1 Module Using 1993 Syntax ............................61
     A.2.  ASN.1 Module Using 1988 Syntax ............................70
   Appendix B.  Media Type Registrations .............................77
     B.1.  application/tamp-status-query .............................77
     B.2.  application/tamp-status-response ..........................78
     B.3.  application/tamp-update ...................................79
     B.4.  application/tamp-update-confirm ...........................80
     B.5.  application/tamp-apex-update ..............................81
     B.6.  application/tamp-apex-update-confirm ......................82
     B.7.  application/tamp-community-update .........................83
     B.8.  application/tamp-community-update-confirm .................84
     B.9.  application/tamp-sequence-adjust ..........................85
     B.10. application/tamp-sequence-adjust-confirm ..................86
     B.11. application/tamp-error ....................................87
   Appendix C.  TAMP over HTTP .......................................88
     C.1.  TAMP Status Query Message .................................89
     C.2.  TAMP Status Response Message ..............................89
     C.3.  Trust Anchor Update Message ...............................89
     C.4.  Trust Anchor Update Confirm Message .......................89
     C.5.  Apex Trust Anchor Update Message ..........................89
     C.6.  Apex Trust Anchor Update Confirm Message ..................90
     C.7.  Community Update Message ..................................90
     C.8.  Community Update Confirm Message ..........................90
     C.9.  Sequence Number Adjust Message ............................90
     C.10. Sequence Number Adjust Confirm Message ....................90
     C.11. TAMP Error Message ........................................91
        
1. Introduction
1. 介绍

This document describes the Trust Anchor Management Protocol (TAMP). TAMP may be used to manage the trust anchors and community identifiers in any device that uses digital signatures; however, this specification was written with the requirements of cryptographic modules in mind. For example, TAMP can support signed firmware packages [RFC4108], where the trust anchor public key can be used to validate digital signatures on firmware packages or validate the X.509 certification path [RFC5280][X.509] of the firmware package signer.

本文档描述了信任锚管理协议(TAMP)。TAMP可用于管理使用数字签名的任何设备中的信任锚和社区标识符;然而,本规范的编写考虑了加密模块的要求。例如,TAMP可支持已签名固件包[RFC4108],其中信任锚公钥可用于验证固件包上的数字签名或验证固件包签名者的X.509认证路径[RFC5280][X.509]。

Most TAMP messages are digitally signed to provide integrity protection and data origin authentication. Both signed and unsigned TAMP messages employ the Cryptographic Message Syntax (CMS) [RFC5652]. The CMS is a data protection encapsulation syntax that makes use of ASN.1 [X.680].

大多数TAMP消息都经过数字签名,以提供完整性保护和数据源身份验证。有符号和无符号TAMP消息均采用加密消息语法(CMS)[RFC5652]。CMS是一种使用ASN.1[X.680]的数据保护封装语法。

This specification does not provide for confidentiality of TAMP messages. If confidentiality is required, then the communications environment that is used to transfer TAMP messages must provide it. This specification is intended to satisfy the protocol-related requirements expressed in "Trust Anchor Management Requirements" [TA-MGMT-REQS] and uses vocabulary from that document.

本规范不提供TAMP消息的保密性。如果需要保密性,则用于传输TAMP消息的通信环境必须提供保密性。本规范旨在满足“信任锚管理要求”[TA-MGMT-REQS]中表达的协议相关要求,并使用该文件中的词汇。

TAMP messages may be exchanged in real time over a network, such as via HTTP as described in Appendix A, or may be stored and transferred using other means. TAMP exchanges consist of a request message that includes instructions for a trust anchor store and, optionally, a corresponding response message that reports the result of carrying out the instructions in the request. Response messages need not be propagated in all cases. For example, a GPS receiver may be unable to transmit a response and may instead use an attached display to indicate the results of processing a TAMP request.

TAMP消息可以通过网络实时交换,例如通过附录a中描述的HTTP,或者可以使用其他方式存储和传输。TAMP交换包括一条请求消息,该消息包括信任锚存储的指令,以及(可选)一条相应的响应消息,该消息报告执行请求中指令的结果。在所有情况下都不需要传播响应消息。例如,GPS接收机可能无法发送响应,而可能使用附加的显示器来指示处理TAMP请求的结果。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

1.2. Trust Anchors
1.2. 信任锚

TAMP manages trust anchors. A trust anchor contains a public key that is used to validate digital signatures. TAMP recognizes three formats for representing trust anchor information: Certificate [RFC5280], TBSCertificate [RFC5280], and TrustAnchorInfo [RFC5914].

TAMP管理信任锚。信任锚包含用于验证数字签名的公钥。TAMP识别三种表示信任锚信息的格式:证书[RFC5280]、TBSCertificate[RFC5280]和信任锚信息[RFC5914]。

All trust anchors are distinguished by the public key, and all trust anchors consist of the following components:

所有信任锚都通过公钥进行区分,并且所有信任锚都由以下组件组成:

o A public key signature algorithm identifier and associated public key, which MAY include parameters

o 公钥签名算法标识符和相关联的公钥,其可以包括参数

o A public key identifier

o 公钥标识符

Other information may appear in a trust anchor, including certification path processing controls and a human readable name.

其他信息可能出现在信任锚中,包括认证路径处理控件和人类可读名称。

TAMP recognizes three types of trust anchors based on functionality: apex trust anchors, management trust anchors, and identity trust anchors.

TAMP根据功能识别三种类型的信任锚:顶点信任锚、管理信任锚和身份信任锚。

In addition to the information described above, apex trust anchors and management trust anchors that sign TAMP messages have an associated sequence number that is used for replay detection.

除上述信息外,签署TAMP消息的apex信任锚和管理信任锚具有用于重播检测的关联序列号。

The public key is used to name a trust anchor, and the public key identifier is used to identify the trust anchor as a signer of a particular object, such as a SignedData object or a public key certificate. This public key identifier can be stored with the trust anchor, or in most public key identifier assignment methods, it can be computed from the public key whenever needed.

公钥用于命名信任锚,公钥标识符用于将信任锚标识为特定对象(如SignedData对象或公钥证书)的签名者。这个公钥标识符可以与信任锚一起存储,或者在大多数公钥标识符分配方法中,只要需要,就可以从公钥计算它。

A trust anchor public key can be used in two different ways to support digital signature validation. In the first approach, the trust anchor public key is used directly to validate the digital signature. In the second approach, the trust anchor public key is used to validate an X.509 certification path, and then the subject public key in the final certificate in the certification path is used to validate the digital signature. When the second approach is employed, the certified public key may be used for things other than digital signature validation; the other possible actions are constrained by the key usage certificate extension.

信任锚公钥可以用两种不同的方式来支持数字签名验证。在第一种方法中,直接使用信任锚公钥来验证数字签名。在第二种方法中,使用信任锚公钥验证X.509证书路径,然后使用证书路径中最终证书中的主题公钥验证数字签名。当采用第二种方法时,认证公钥可用于数字签名验证以外的事情;其他可能的操作受密钥使用证书扩展的约束。

TAMP implementations MUST support validation of TAMP messages that are directly validated using a trust anchor. Support for TAMP messages validated using an X.509 certificate validated using a trust anchor, or using longer certification paths, is OPTIONAL. The CMS provides a location to carry X.509 certificates, and this facility can be used to transfer certificates to aid in the construction of the certification path.

TAMP实现必须支持使用信任锚直接验证的TAMP消息的验证。可选支持使用信任锚验证的X.509证书验证的TAMP消息,或使用更长的证书路径验证的TAMP消息。CMS提供了一个携带X.509证书的位置,该设施可用于传输证书,以帮助构建证书路径。

1.2.1. Apex Trust Anchors
1.2.1. 顶点信托锚

Within the context of a single trust anchor store, one trust anchor is superior to all others. This trust anchor is referred to as the apex trust anchor. This trust anchor represents the ultimate authority over the trust anchor store. Much of this authority can be delegated to other trust anchors.

在单个信任锚存储的上下文中,一个信任锚优于所有其他信任锚。该信任锚称为顶点信任锚。此信任锚表示对信任锚存储的最终权限。这一权力的大部分可以委托给其他信任锚。

The apex trust anchor private key is expected to be controlled by an entity with information assurance responsibility for the trust anchor store. The apex trust anchor is by definition unconstrained and therefore does not have explicit authorization information associated with it.

apex信任锚私钥预计由负责信任锚存储的信息保证的实体控制。根据定义,apex信任锚不受约束,因此没有与其关联的明确授权信息。

Due to the special nature of the apex trust anchor, TAMP includes separate facilities to change it. In particular, TAMP includes a facility to securely replace the apex trust anchor. This action might be taken for one or more of the following reasons:

由于apex trust anchor的特殊性质,TAMP包括单独的设施来更改它。特别是,TAMP包括安全更换apex trust锚的设施。可能出于以下一个或多个原因采取此操作:

o The crypto period for the apex trust anchor public/private key pair has come to an end

o apex信任锚公钥/私钥对的加密期已经结束

o The apex trust anchor private key is no longer available

o apex信任锚私钥不再可用

o The apex trust anchor public/private key pair needs to be revoked

o 需要撤销apex信任锚公钥/私钥对

o The authority has decided to use a different digital signature algorithm or the same digital signature algorithm with different parameters, such as a different elliptic curve

o 管理局已决定使用不同的数字签名算法或具有不同参数的相同数字签名算法,例如不同的椭圆曲线

o The authority has decided to use a different key size

o 管理局决定使用不同的密钥大小

o The authority has decided to transfer control to another authority

o 管理局已决定将控制权移交给另一个管理局

To accommodate these requirements, the apex trust anchor MAY include two public keys. Whenever the apex trust anchor is updated, both public keys will be replaced. The first public key, called the operational public key, is used in the same manner as other trust anchors. Any type of TAMP message, including an Apex Trust Anchor Update message, can be validated with the operational public key. The second public key, called the contingency public key, can only be used to update the apex trust anchor. The contingency private key SHOULD be used at only one point in time; it is used only to sign an Apex Trust Anchor Update message that results in its own replacement (as well as the replacement of the operational public key). The contingency public key is distributed in encrypted form. When the contingency public key is used to validate an Apex Trust Anchor Update message, the symmetric key needed to decrypt the contingency public key is provided as part of the signed Apex Trust Anchor Update message that is to be verified with the contingency public key.

为了满足这些要求,apex信任锚可以包括两个公钥。每当apex信任锚更新时,两个公钥都将被替换。第一个公钥称为操作公钥,其使用方式与其他信任锚相同。任何类型的TAMP消息,包括Apex信任锚更新消息,都可以使用操作公钥进行验证。第二个公钥称为应急公钥,只能用于更新apex信任锚。应急私钥只能在一个时间点使用;它仅用于对导致自身替换(以及操作公钥的替换)的Apex Trust Anchor更新消息进行签名。应急公钥以加密形式分发。当应急公钥用于验证Apex信任锚更新消息时,解密应急公钥所需的对称密钥作为要用应急公钥验证的签名Apex信任锚更新消息的一部分提供。

1.2.2. Management Trust Anchors
1.2.2. 管理信任锚

Management trust anchors are used in the management of cryptographic modules. For example, the TAMP messages specified in this document are validated to a management trust anchor. Likewise, a signed firmware package as specified in [RFC4108] is validated to a management trust anchor.

管理信任锚用于加密模块的管理。例如,此文档中指定的TAMP消息将验证为管理信任锚。类似地,[RFC4108]中指定的已签名固件包将验证为管理信任锚。

1.2.3. Identity Trust Anchors
1.2.3. 身份信任锚

Identity trust anchors are used to validate certification paths, and they represent the trust anchor for a public key infrastructure. They are most often used in the validation of certificates associated with non-management applications.

身份信任锚用于验证证书路径,它们表示公钥基础结构的信任锚。它们最常用于验证与非管理应用程序关联的证书。

1.3. Architectural Elements
1.3. 建筑元素

TAMP does not assume any particular architecture. However, TAMP REQUIRES the following architectural elements: a cryptographic module, a trust anchor store, TAMP protocol processing, and other application-specific protocol processing.

TAMP不采用任何特定的体系结构。但是,TAMP需要以下体系结构元素:加密模块、信任锚存储、TAMP协议处理和其他特定于应用程序的协议处理。

A globally unique algorithm identifier MUST be assigned for each one-way hash function, digital signature generation/validation algorithm, and symmetric key unwrapping algorithm that is implemented. To support CMS, an object identifier (OID) is assigned to name a one-way hash function, and another OID is assigned to name each combination of a one-way hash function when used with a digital signature algorithm. Similarly, certificates associate OIDs assigned to public key algorithms with subject public keys, and certificates make use of an OID that names both the one-way hash function and the digital signature algorithm for the certificate issuer digital signature. [RFC3279], [RFC3370], [RFC5753], and [RFC5754] provide OIDs for a number of commonly used algorithms; however, OIDs may be defined in later or different specifications.

必须为实现的每个单向散列函数、数字签名生成/验证算法和对称密钥展开算法分配全局唯一的算法标识符。为了支持CMS,分配一个对象标识符(OID)来命名单向散列函数,当与数字签名算法一起使用时,分配另一个OID来命名单向散列函数的每个组合。类似地,证书将分配给公钥算法的OID与主体公钥相关联,并且证书利用OID为证书颁发者数字签名命名单向散列函数和数字签名算法。[RFC3279]、[RFC3370]、[RFC5753]和[RFC5754]为许多常用算法提供OID;但是,OID可以在以后的规范或不同的规范中定义。

1.3.1. Cryptographic Module
1.3.1. 密码模块

The cryptographic module MUST include the following capabilities:

加密模块必须包括以下功能:

o The cryptographic module SHOULD support the secure storage of a digital signature private key to sign TAMP responses and either a certificate containing the associated public key or a certificate designator. In the latter case, the certificate is stored elsewhere but is available to parties that need to validate cryptographic module digital signatures. The designator is a public key identifier.

o 密码模块应支持数字签名私钥的安全存储,以签署TAMP响应,以及包含相关公钥或证书标识符的证书。在后一种情况下,证书存储在其他位置,但可供需要验证加密模块数字签名的各方使用。指示符是公钥标识符。

o The cryptographic module MUST support at least one one-way hash function, one digital signature validation algorithm, one digital signature generation algorithm, and, if contingency keys are supported, one symmetric key unwrapping algorithm. If only one one-way hash function is present, it MUST be consistent with the digital signature validation and digital signature generation algorithms. If only one digital signature validation algorithm is present, it MUST be consistent with the apex trust anchor operational public key. If only one digital signature generation algorithm is present, it MUST be consistent with the cryptographic module digital signature private key. These algorithms MUST be available for processing TAMP messages, including the content types defined in [RFC5652], and for validation of X.509

o 密码模块必须支持至少一个单向散列函数、一个数字签名验证算法、一个数字签名生成算法,并且如果支持应急密钥,则必须支持一个对称密钥展开算法。如果只存在一个单向散列函数,则它必须与数字签名验证和数字签名生成算法一致。如果只存在一个数字签名验证算法,则该算法必须与apex trust anchor操作公钥一致。如果只存在一个数字签名生成算法,则该算法必须与加密模块数字签名私钥一致。这些算法必须可用于处理TAMP消息,包括[RFC5652]中定义的内容类型,并用于验证X.509

certification paths. As with similar specifications, such as RFC 5280, this specification does not mandate support for any cryptographic algorithms. However, algorithm requirements may be imposed by specifications that use trust anchors managed via TAMP.

认证路径。与类似规范(如RFC 5280)一样,本规范不要求支持任何加密算法。然而,算法要求可能由使用通过TAMP管理的信任锚的规范施加。

1.3.2. Trust Anchor Store
1.3.2. 信任锚商店

The trust anchor store MUST include the following capabilities:

信任锚存储必须包括以下功能:

o Each trust anchor store MUST have a unique name. For example, a cryptographic module containing a single trust anchor store may be identified by a unique serial number with respect to other modules within the same family where the family is represented as an ASN.1 object identifier (OID) and the unique serial number is represented as a string of octets. Other means of establishing a unique name are also possible.

o 每个信任锚点存储必须具有唯一的名称。例如,包含单个信任锚点存储的加密模块可以相对于同一系列中的其他模块通过唯一序列号进行标识,其中该系列表示为ASN.1对象标识符(OID),唯一序列号表示为八位字节字符串。建立唯一名称的其他方法也是可能的。

o Each trust anchor store SHOULD have the capability to securely store one or more community identifiers. The community identifier is an OID, and it identifies a collection of cryptographic modules that can be the target of a single TAMP message or the intended recipients for a particular management message.

o 每个信任锚存储应该能够安全地存储一个或多个社区标识符。社区标识符是一个OID,它标识一组加密模块,这些模块可以是单个TAMP消息的目标,也可以是特定管理消息的预期收件人。

o The trust anchor store SHOULD support the use of an apex trust anchor. If apex support is provided, the trust anchor store MUST support the secure storage of exactly one apex trust anchor. The trust anchor store SHOULD support the secure storage of at least one additional trust anchor. Each trust anchor MUST contain a unique public key. A public key MUST NOT appear more than once in a trust anchor store.

o 信任锚存储应支持使用apex信任锚。如果提供了apex支持,信任锚点存储必须支持一个apex信任锚点的安全存储。信任锚存储应支持至少一个附加信任锚的安全存储。每个信任锚必须包含唯一的公钥。公钥在信任锚点存储中不得出现多次。

o The trust anchor store MUST have the capability to securely store a sequence number for each trust anchor authorized to generate TAMP messages and be able to report the sequence number along with the key identifier of the trust anchor.

o 信任锚存储必须能够安全地存储授权生成TAMP消息的每个信任锚的序列号,并且能够报告序列号以及信任锚的密钥标识符。

1.3.3. TAMP Processing Dependencies
1.3.3. 夯实处理依赖项

TAMP processing MUST include the following capabilities:

夯实处理必须包括以下功能:

o TAMP processing MUST have a means of locating an appropriate trust anchor. Two mechanisms are available. The first mechanism is based on the public key identifier for digital signature verification, and the second mechanism is based on the trust anchor X.500 distinguished name and other X.509 certification path controls for certificate path discovery and validation. The first mechanism MUST be supported, but the second mechanism MAY be supported.

o TAMP处理必须具有定位适当信任锚的方法。有两种机制可用。第一种机制基于公钥标识符进行数字签名验证,第二种机制基于信任锚X.500可分辨名称和其他X.509证书路径控件进行证书路径发现和验证。必须支持第一种机制,但可以支持第二种机制。

o TAMP processing MUST be able to invoke the digital signature validation algorithm using the public key held in secure storage for trust anchors.

o TAMP处理必须能够使用信任锚安全存储中的公钥调用数字签名验证算法。

o TAMP processing MUST have read and write access to secure storage for sequence numbers associated with each TAMP message signer as described in Section 6.

o TAMP处理必须具有读写权限,以安全存储与第6节所述的每个TAMP消息签名者相关联的序列号。

o TAMP processing MUST have read and write access to secure storage for trust anchors in order to update them. Update operations include adding trust anchors, removing trust anchors, and modifying trust anchors. Application-specific constraints MUST be securely stored with each management trust anchor as described in Section 1.3.4.

o TAMP处理必须具有对信任锚的安全存储的读写访问权限,才能更新信任锚。更新操作包括添加信任定位、删除信任定位和修改信任定位。如第1.3.4节所述,应用程序特定约束必须与每个管理信任锚一起安全存储。

o TAMP processing MUST have read access to secure storage for the community membership list, if any, to determine whether a targeted message ought to be accepted.

o TAMP处理必须具有对社区成员列表(如果有)的安全存储的读取权限,以确定是否应接受目标消息。

o To implement the OPTIONAL community identifier update feature, TAMP processing MUST have read and write access to secure storage for the community membership list.

o 要实现可选的社区标识符更新功能,TAMP处理必须具有对社区成员列表的安全存储的读写访问权限。

o To generate signed confirmation messages, TAMP processing MUST be able to invoke the digital signature generation algorithm using the cryptographic module digital signature private key, and it MUST have read access to the cryptographic module certificate or its designator. TAMP uses X.509 certificates [RFC5280].

o 要生成签名确认消息,TAMP处理必须能够使用加密模块数字签名私钥调用数字签名生成算法,并且必须具有对加密模块证书或其标识符的读取权限。TAMP使用X.509证书[RFC5280]。

o The TAMP processing MUST have read access to the trust anchor store unique name.

o TAMP处理必须具有对信任锚点存储唯一名称的读取权限。

1.3.4. Application-Specific Protocol Processing
1.3.4. 特定于应用程序的协议处理

The apex trust anchor and management trust anchors managed with TAMP can be used by the TAMP application. Other management applications MAY make use of all three types of trust anchors, but non-management applications SHOULD only make use of identity trust anchors. Applications MUST ensure that usage of a trust anchor is consistent with any constraints associated with the trust anchor. For example, if name constraints are associated with a trust anchor, certification paths that start with the trust anchor and contain certificates with names that violate the name constraints MUST be rejected.

TAMP应用程序可以使用由TAMP管理的apex信任锚点和管理信任锚点。其他管理应用程序可以使用所有三种类型的信任锚,但非管理应用程序应仅使用身份信任锚。应用程序必须确保信任锚的使用与与信任锚关联的任何约束一致。例如,如果名称约束与信任锚点关联,则必须拒绝以信任锚点开头并包含名称违反名称约束的证书的证书路径。

The application-specific protocol processing MUST be provided with the following services:

特定于应用程序的协议处理必须提供以下服务:

o The application-specific protocol processing MUST have a means of locating an appropriate trust anchor. Two mechanisms are available to applications. The first mechanism is based on the public key identifier for digital signature verification, and the second mechanism is based on the trust anchor X.500 distinguished name and other X.509 certification path controls for certificate path discovery and validation.

o 特定于应用程序的协议处理必须具有定位适当信任锚的方法。应用程序可以使用两种机制。第一种机制基于公钥标识符进行数字签名验证,第二种机制基于信任锚X.500可分辨名称和其他X.509证书路径控件进行证书路径发现和验证。

o The application-specific protocol processing MUST be able to invoke the digital signature validation algorithm using the public key held in secure storage for trust anchors.

o 特定于应用程序的协议处理必须能够使用存储在信任锚的安全存储中的公钥调用数字签名验证算法。

o The application-specific protocol processing MUST have read access to data associated with trust anchors to ensure that constraints can be enforced appropriately. For example, an application MUST have read access to any name constraints associated with a TA to ensure that certification paths terminated by that TA do not include certificates issued to entities outside the TA manager-designated namespace.

o 特定于应用程序的协议处理必须具有对与信任锚关联的数据的读取权限,以确保可以适当地实施约束。例如,应用程序必须具有对与TA关联的任何名称约束的读取权限,以确保由该TA终止的证书路径不包括颁发给TA管理器指定命名空间之外的实体的证书。

o The application-specific protocol processing MUST have read access to secure storage for the community membership list, if any, to determine whether a targeted message ought to be accepted.

o 特定于应用程序的协议处理必须具有对社区成员列表(如果有)的安全存储的读取权限,以确定是否应接受目标消息。

o If the application-specific protocol requires digital signatures on confirmation messages or receipts, then the application-specific protocol processing MUST be able to invoke the digital signature generation algorithm with the cryptographic module digital signature private key and its associated certificate or certificate designator. Digital signature generation MUST be controlled in a manner that ensures that the content type of signed confirmation messages or receipts is appropriate for the application-specific protocol processing.

o 如果特定于应用程序的协议要求对确认消息或收据进行数字签名,则特定于应用程序的协议处理必须能够使用加密模块数字签名私钥及其相关证书或证书标识符调用数字签名生成算法。数字签名生成的控制方式必须确保签名确认消息或收据的内容类型适合于特定于应用程序的协议处理。

o The application-specific protocol processing MUST have read access to the trust anchor store unique name.

o 特定于应用程序的协议处理必须具有对信任锚点存储唯一名称的读取权限。

1.4. ASN.1 Encoding
1.4. ASN.1编码

The CMS uses Abstract Syntax Notation One (ASN.1) [X.680]. ASN.1 is a formal notation used for describing data protocols, regardless of the programming language used by the implementation. Encoding rules describe how the values defined in ASN.1 will be represented for transmission. The Basic Encoding Rules (BER) [X.690] are the most widely employed rule set, but they offer more than one way to represent data structures. For example, definite-length encoding and indefinite-length encoding are supported. This flexibility is not desirable when digital signatures are used. As a result, the

CMS使用抽象语法符号1(ASN.1)[X.680]。ASN.1是一种用于描述数据协议的正式符号,与实现所使用的编程语言无关。编码规则描述了ASN.1中定义的值在传输时的表示方式。基本编码规则(BER)[X.690]是应用最广泛的规则集,但它们提供了多种表示数据结构的方法。例如,支持定长编码和定长编码。当使用数字签名时,这种灵活性是不可取的。因此

Distinguished Encoding Rules (DER) [X.690] were invented. DER is a subset of BER that ensures a single way to represent a given value. For example, DER always employs definite-length encoding.

发明了区分编码规则(DER)[X.690]。DER是BER的一个子集,确保以单一方式表示给定值。例如,DER总是采用定长编码。

Digitally signed structures MUST be encoded with DER. In other specifications, structures that are not digitally signed do not require DER, but in this specification, DER is REQUIRED for all structures. By always using DER, the TAMP processor will have fewer options to implement.

数字签名结构必须使用DER编码。在其他规范中,未经数字签名的结构不需要DER,但在本规范中,所有结构都需要DER。通过始终使用DER,TAMP处理器将有更少的选项来实现。

ASN.1 is used throughout the text of this document for illustrative purposes. The authoritative source of ASN.1 for the structures defined in this document is Appendix A.

本文件全文使用ASN.1进行说明。本文件中定义的结构ASN.1的权威来源为附录A。

2. Cryptographic Message Syntax Profile
2. 加密消息语法配置文件

TAMP makes use of signed and unsigned messages. The Cryptographic Message Syntax (CMS) is used in both cases. A digital signature is used to protect the message from undetected modification and provide data origin authentication. TAMP makes no general provision for encryption of content.

TAMP使用已签名和未签名的消息。在这两种情况下都使用加密消息语法(CMS)。数字签名用于保护消息免受未检测到的修改,并提供数据源身份验证。TAMP对内容加密没有一般规定。

CMS is used to construct a signed TAMP message. The CMS ContentInfo content type MUST always be present. For signed messages, ContentInfo MUST encapsulate the CMS SignedData content type; for unsigned messages, ContentInfo MUST encapsulate the TAMP message directly. The CMS SignedData content type MUST encapsulate the TAMP message. A unique content type identifier identifies the particular type of TAMP message. The CMS encapsulation of a signed TAMP message is summarized by:

CMS用于构造签名TAMP消息。CMS ContentInfo内容类型必须始终存在。对于签名消息,ContentInfo必须封装CMS SignedData内容类型;对于未签名的消息,ContentInfo必须直接封装TAMP消息。CMS SignedData内容类型必须封装TAMP消息。唯一的内容类型标识符标识TAMP消息的特定类型。签名TAMP消息的CMS封装总结如下:

    ContentInfo {
      contentType id-signedData, -- (1.2.840.113549.1.7.2)
      content     SignedData
    }
        
    ContentInfo {
      contentType id-signedData, -- (1.2.840.113549.1.7.2)
      content     SignedData
    }
        
    SignedData {
      version           CMSVersion, -- Always set to 3
      digestAlgorithms  DigestAlgorithmIdentifiers, -- Only one
      encapContentInfo  EncapsulatedContentInfo,
      certificates      CertificateSet, -- OPTIONAL signer certificates
      crls              CertificateRevocationLists, -- OPTIONAL
      signerInfos       SET OF SignerInfo -- Only one
    }
        
    SignedData {
      version           CMSVersion, -- Always set to 3
      digestAlgorithms  DigestAlgorithmIdentifiers, -- Only one
      encapContentInfo  EncapsulatedContentInfo,
      certificates      CertificateSet, -- OPTIONAL signer certificates
      crls              CertificateRevocationLists, -- OPTIONAL
      signerInfos       SET OF SignerInfo -- Only one
    }
        
    SignerInfo {
      version             CMSVersion, -- Always set to 3
      sid                 SignerIdentifier,
      digestAlgorithm     DigestAlgorithmIdentifier,
      signedAttrs         SignedAttributes,
                                          -- REQUIRED in TAMP messages
      signatureAlgorithm  SignatureAlgorithmIdentifier,
      signature           SignatureValue,
      unsignedAttrs       UnsignedAttributes -- OPTIONAL; may only be
    }                                        -- present in Apex Trust
                                             -- Anchor Update messages
        
    SignerInfo {
      version             CMSVersion, -- Always set to 3
      sid                 SignerIdentifier,
      digestAlgorithm     DigestAlgorithmIdentifier,
      signedAttrs         SignedAttributes,
                                          -- REQUIRED in TAMP messages
      signatureAlgorithm  SignatureAlgorithmIdentifier,
      signature           SignatureValue,
      unsignedAttrs       UnsignedAttributes -- OPTIONAL; may only be
    }                                        -- present in Apex Trust
                                             -- Anchor Update messages
        
    EncapsulatedContentInfo {
      eContentType  OBJECT IDENTIFIER, -- Names TAMP message type
      eContent      OCTET STRING       -- Contains TAMP message
    }
        
    EncapsulatedContentInfo {
      eContentType  OBJECT IDENTIFIER, -- Names TAMP message type
      eContent      OCTET STRING       -- Contains TAMP message
    }
        

When a TAMP message is used to update the apex trust anchor, this same structure is used; however, the digital signature will be validated with either the apex trust anchor operational public key or the contingency public key. When the contingency public key is used, the symmetric key needed to decrypt the previously stored contingency public key is provided as a contingency-public-key-decrypt-key unsigned attribute. Section 4.5 of this document describes the Apex Trust Anchor Update message.

当使用TAMP消息更新apex信任锚时,使用相同的结构;但是,数字签名将使用apex trust anchor操作公钥或应急公钥进行验证。当使用应急公钥时,解密先前存储的应急公钥所需的对称密钥作为应急公钥解密密钥unsigned属性提供。本文件第4.5节描述了Apex Trust Anchor更新消息。

CMS is also used to construct an unsigned TAMP message. The CMS ContentInfo structure MUST always be present, and it MUST be the outermost layer of encapsulation. A unique content type identifier identifies the particular TAMP message. The CMS encapsulation of an unsigned TAMP message is summarized by:

CMS还用于构造未签名的TAMP消息。CMS ContentInfo结构必须始终存在,并且必须是封装的最外层。唯一的内容类型标识符标识特定的TAMP消息。未签名TAMP消息的CMS封装总结如下:

    ContentInfo {
      contentType  OBJECT IDENTIFIER, -- Names TAMP message type
      content      OCTET STRING       -- Contains TAMP message
    }
        
    ContentInfo {
      contentType  OBJECT IDENTIFIER, -- Names TAMP message type
      content      OCTET STRING       -- Contains TAMP message
    }
        
2.1. ContentInfo
2.1. 内容信息

CMS requires the outermost encapsulation to be ContentInfo [RFC5652]. The fields of ContentInfo are used as follows:

CMS要求最外层的封装是ContentInfo[RFC5652]。ContentInfo的字段使用如下:

o contentType indicates the type of the associated content, and for TAMP, the encapsulated type is either SignedData or the content type identifier associated with an unsigned TAMP message. When the id-signedData (1.2.840.113549.1.7.2) object identifier is present in this field, then a signed TAMP message is in the content. Otherwise, an unsigned TAMP message is in the content.

o contentType表示关联内容的类型,对于TAMP,封装类型为SignedData或与未签名TAMP消息关联的内容类型标识符。当id signedData(1.2.840.113549.1.7.2)对象标识符出现在该字段中时,则内容中有一条已签名的TAMP消息。否则,内容中将包含未签名的TAMP消息。

o content holds the content, and for TAMP, the content is either a SignedData content or an unsigned TAMP message.

o 内容保存该内容,对于TAMP,该内容是已签名的数据内容或未签名的TAMP消息。

2.2. SignedData Info
2.2. 签名数据信息

The SignedData content type [RFC5652] contains the signed TAMP message and a digital signature value; the SignedData content type MAY also contain the certificates needed to validate the digital signature. The fields of SignedData are used as follows:

SignedData内容类型[RFC5652]包含已签名的TAMP消息和数字签名值;SignedData内容类型还可能包含验证数字签名所需的证书。SignedData的字段使用如下:

o version is the syntax version number, and for TAMP, the version number MUST be set to 3.

o version是语法版本号,对于TAMP,版本号必须设置为3。

o digestAlgorithms is a collection of one-way hash function identifiers, and for TAMP, it contains a single one-way hash function identifier. The one-way hash function employed by the TAMP message originator in generating the digital signature MUST be present.

o digestAlgorithms是单向哈希函数标识符的集合,对于TAMP,它包含一个单向哈希函数标识符。TAMP消息发起人在生成数字签名时使用的单向散列函数必须存在。

o encapContentInfo is the signed content, consisting of a content type identifier and the content itself. The use of the EncapsulatedContentInfo type is discussed further in Section 2.2.2.

o encapContentInfo是已签名的内容,由内容类型标识符和内容本身组成。第2.2.2节将进一步讨论封装ContentInfo类型的使用。

o certificates is an OPTIONAL collection of certificates. It MAY be omitted, or it MAY include the X.509 certificates needed to construct the certification path of the TAMP message originator. For TAMP messages sent to a trust anchor store where an apex trust anchor or management trust anchor is used directly to validate the TAMP message digital signature, this field SHOULD be omitted. When an apex trust anchor or management trust anchor is used to validate an X.509 certification path [RFC5280], and the subject public key from the final certificate in the certification path is used to validate the TAMP message digital signature, the certificate of the TAMP message originator SHOULD be included, and additional certificates to support certification path construction MAY be included. For TAMP messages sent by a trust anchor store, this field SHOULD include only the signer's certificate or should be omitted. A TAMP message recipient MUST NOT reject a valid TAMP message that contains certificates that are not needed to validate the digital signature. PKCS#6 extended certificates [PKCS#6] and attribute certificates (either version 1 or version 2) [RFC5755] MUST NOT be included in the set of certificates; these certificate formats are not used in TAMP. Certification authority (CA) certificates and end entity certificates MUST conform to the profiles defined in [RFC5280].

o 证书是证书的可选集合。它可以省略,也可以包括构造TAMP消息发起人的认证路径所需的X.509证书。对于发送到信任锚点存储的TAMP消息,其中直接使用apex信任锚点或管理信任锚点来验证TAMP消息数字签名,应省略此字段。当使用apex信任锚或管理信任锚来验证X.509认证路径[RFC5280]时,并且来自认证路径中最终证书的主体公钥用于验证TAMP消息数字签名,则应包括TAMP消息发起人的证书,并且可以包括支持认证路径构造的附加证书。对于由信任锚存储发送的TAMP消息,此字段应仅包括签名者的证书,或者应忽略。TAMP邮件收件人不得拒绝包含验证数字签名不需要的证书的有效TAMP邮件。PKCS#6扩展证书[PKCS#6]和属性证书(版本1或版本2)[RFC5755]不得包含在证书集中;TAMP中不使用这些证书格式。证书颁发机构(CA)证书和最终实体证书必须符合[RFC5280]中定义的配置文件。

o crls is an OPTIONAL collection of certificate revocation lists (CRLs).

o crls是证书吊销列表(CRL)的可选集合。

o signerInfos is a collection of per-signer information, and for TAMP, the collection MUST contain exactly one SignerInfo. The use of the SignerInfo type is discussed further in Section 2.2.1.

o signerInfos是每个签名者信息的集合,对于TAMP,该集合必须仅包含一个signerInfos。第2.2.1节将进一步讨论SignerInfo类型的使用。

2.2.1. SignerInfo
2.2.1. 签名人

The TAMP message originator is represented in the SignerInfo type. The fields of SignerInfo are used as follows:

TAMP消息发起人在SignerInfo类型中表示。SignerInfo的字段使用如下:

o version is the syntax version number. With TAMP, the version MUST be set to 3.

o version是语法版本号。使用TAMP时,版本必须设置为3。

o sid identifies the TAMP message originator's public key. The subjectKeyIdentifier alternative is always used with TAMP, which identifies the public key directly. When the public key is included in a TrustAnchorInfo object, this identifier is included in the keyId field. When the public key is included in a Certificate or TBSCertificate, this identifier is included in the subjectKeyIdentifier certificate extension.

o sid标识TAMP消息发起人的公钥。subjectKeyIdentifier选项始终与TAMP一起使用,TAMP直接标识公钥。当公钥包含在TrustAnchorInfo对象中时,该标识符将包含在keyId字段中。当公钥包含在证书或TBSCertificate中时,此标识符将包含在subjectKeyIdentifier证书扩展中。

o digestAlgorithm identifies the one-way hash function, and any associated parameters, used by the TAMP message originator. It MUST contain the one-way hash functions employed by the originator. This message digest algorithm identifier MUST match the one carried in the digestAlgorithms field in SignedData. The message digest algorithm identifier is carried in two places to facilitate stream processing by the receiver.

o digestAlgorithm识别TAMP消息发起人使用的单向散列函数和任何相关参数。它必须包含发起者使用的单向散列函数。此消息摘要算法标识符必须与SignedData中digestAlgorithms字段中携带的标识符匹配。消息摘要算法标识符在两个位置携带,以便于接收方进行流处理。

o signedAttrs is an OPTIONAL set of attributes that are signed along with the content. The signedAttrs are OPTIONAL in the CMS, but signedAttrs is REQUIRED for all signed TAMP messages. The SET OF Attribute MUST be encoded with the Distinguished Encoding Rules (DER) [X.690]. Section 2.2.3 of this document lists the signed attributes that MUST be included in the collection. Other signed attributes MAY be included, but any unrecognized signed attributes MUST be ignored.

o signedAttrs是随内容一起签名的一组可选属性。SignedAttr在CMS中是可选的,但所有已签名TAMP消息都需要SignedAttr。属性集必须使用可分辨编码规则(DER)[X.690]进行编码。本文件第2.2.3节列出了必须包含在集合中的已签名属性。可以包括其他已签名属性,但必须忽略任何未识别的已签名属性。

o signatureAlgorithm identifies the digital signature algorithm, and any associated parameters, used by the TAMP message originator to generate the digital signature.

o signatureAlgorithm标识TAMP消息发起人用于生成数字签名的数字签名算法和任何相关参数。

o signature is the digital signature value generated by the TAMP message originator.

o 签名是由TAMP消息发起人生成的数字签名值。

o unsignedAttrs is an OPTIONAL set of attributes that are not signed. For TAMP, this field is usually omitted. It is present only in Apex Trust Anchor Update messages that are to be validated using the apex trust anchor contingency public key. In this case, the SET OF Attribute MUST include the symmetric key needed to decrypt the contingency public key in the contingency-public-key-decrypt-key unsigned attribute. Section 2.2.4 of this document describes this unsigned attribute.

o unsignedAttrs是一组可选的未签名属性。对于TAMP,此字段通常被忽略。它仅出现在将使用Apex Trust Anchor应急公钥验证的Apex Trust Anchor更新消息中。在这种情况下,属性集必须在偶然公钥解密密钥未签名属性中包含解密偶然公钥所需的对称密钥。本文件第2.2.4节描述了此未签名属性。

2.2.2. EncapsulatedContentInfo
2.2.2. 封装内容信息

The EncapsulatedContentInfo structure contains the TAMP message. The fields of EncapsulatedContentInfo are used as follows:

封装的ContentInfo结构包含TAMP消息。封装的ContentInfo字段的使用方式如下:

o eContentType is an object identifier that uniquely specifies the content type, and for TAMP, the value identifies the TAMP message. The list of TAMP message content types is provided in Section 4.

o eContentType是唯一指定内容类型的对象标识符,对于TAMP,该值标识TAMP消息。第4节提供了TAMP消息内容类型列表。

o eContent is the TAMP message, encoded as an octet string. In general, the CMS does not require the eContent to be DER-encoded before constructing the octet string. However, TAMP messages MUST be DER-encoded.

o eContent是TAMP消息,编码为八位字节字符串。通常,CMS不需要在构造八位字节字符串之前对eContent进行DER编码。但是,TAMP消息必须进行DER编码。

2.2.3. Signed Attributes
2.2.3. 符号属性

The TAMP message originator MUST digitally sign a collection of attributes along with the TAMP message. Each attribute in the collection MUST be DER-encoded. The syntax for attributes is defined in [RFC5912].

TAMP消息发起人必须对TAMP消息的属性集合进行数字签名。集合中的每个属性都必须进行DER编码。[RFC5912]中定义了属性的语法。

Each of the attributes used with this CMS profile has a single attribute value. Even though the syntax is defined as a SET OF AttributeValue, there MUST be exactly one instance of AttributeValue present.

此CMS配置文件使用的每个属性都有一个属性值。即使语法定义为一组AttributeValue,也必须只存在一个AttributeValue实例。

The SignedAttributes syntax within SignerInfo is defined as a SET OF Attribute. The SignedAttributes MUST include only one instance of any particular attribute. TAMP messages that violate this rule MUST be rejected as malformed.

SignerInfo中的SignedAttributes语法定义为一组属性。SignedAttribute只能包含任何特定属性的一个实例。违反此规则的TAMP邮件必须被视为格式错误而拒绝。

The TAMP message originator MUST include the content-type and message-digest attributes. The TAMP message originator MAY also include the binary-signing-time attribute.

TAMP消息发起人必须包括内容类型和消息摘要属性。TAMP消息发起人还可以包括二进制签名时间属性。

The TAMP message originator MAY include any other attribute that it deems appropriate. The intent is to allow additional signed attributes to be included if a future need is identified. This does not cause an interoperability concern because unrecognized signed attributes MUST be ignored.

TAMP消息发起人可以包括其认为适当的任何其他属性。这样做的目的是,如果确定了未来的需求,则允许包含附加的已签名属性。这不会引起互操作性问题,因为必须忽略无法识别的签名属性。

The following summarizes the signed attribute requirements for TAMP messages:

以下总结了TAMP消息的签名属性要求:

o content-type MUST be supported.

o 必须支持内容类型。

o message-digest MUST be supported.

o 必须支持消息摘要。

o binary-signing-time MAY be supported. When present, it is generally ignored by the recipient.

o 可能支持二进制签名时间。当存在时,收件人通常会忽略它。

o other attributes MAY be supported. Unrecognized attributes MUST be ignored by the recipient.

o 可能支持其他属性。收件人必须忽略无法识别的属性。

2.2.3.1. Content-Type Attribute
2.2.3.1. 内容类型属性

The TAMP message originator MUST include a content-type attribute; it is an object identifier that uniquely specifies the content type. Section 11.1 of [RFC5652] defines the content-type attribute. For TAMP, the value identifies the TAMP message. The list of TAMP message content types and their identifiers is provided in Section 4.

TAMP消息发起人必须包含内容类型属性;它是唯一指定内容类型的对象标识符。[RFC5652]第11.1节定义了内容类型属性。对于TAMP,该值标识TAMP消息。第4节提供了TAMP消息内容类型及其标识符的列表。

A content-type attribute MUST contain the same object identifier as the content type contained in the EncapsulatedContentInfo.

内容类型属性必须包含与封装的ContentInfo中包含的内容类型相同的对象标识符。

2.2.3.2. Message-Digest Attribute
2.2.3.2. 消息摘要属性

The TAMP message originator MUST include a message-digest attribute, having as its value the output of a one-way hash function computed on the TAMP message that is being signed. Section 11.2 of [RFC5652] defines the message-digest attribute.

TAMP消息发起者必须包含一个消息摘要属性,该属性的值为对正在签名的TAMP消息计算的单向散列函数的输出。[RFC5652]的第11.2节定义了消息摘要属性。

2.2.3.3. Binary-Signing-Time Attribute
2.2.3.3. 二进制签名时间属性

The TAMP message originator MAY include a binary-signing-time attribute, specifying the time at which the digital signature was applied to the TAMP message. The binary-signing-time attribute is defined in [RFC4049].

TAMP消息发起人可以包括二进制签名时间属性,指定数字签名应用于TAMP消息的时间。二进制签名时间属性在[RFC4049]中定义。

No processing of the binary-signing-time attribute is REQUIRED of a TAMP message recipient; however, the binary-signing-time attribute MAY be included by the TAMP message originator as a form of message identifier.

TAMP消息收件人不需要处理二进制签名时间属性;然而,TAMP消息发起人可以将二进制签名时间属性包括为消息标识符的形式。

2.2.4. Unsigned Attributes
2.2.4. 无符号属性

For TAMP, unsigned attributes are usually omitted. An unsigned attribute is present only in Apex Trust Anchor Update messages that are to be validated by the apex trust anchor contingency public key. In this case, the symmetric key to decrypt the previous contingency public key is provided in the contingency-public-key-decrypt-key unsigned attribute. This attribute MUST be supported, and it is described in Section 2.2.4.1.

对于TAMP,无符号属性通常被忽略。未签名属性仅存在于将由Apex Trust Anchor应急公钥验证的Apex Trust Anchor更新消息中。在这种情况下,用于解密先前应急公钥的对称密钥在应急公钥解密密钥unsigned属性中提供。必须支持该属性,第2.2.4.1节对此进行了描述。

The TAMP message originator SHOULD NOT include other unsigned attributes, and any unrecognized unsigned attributes MUST be ignored.

TAMP消息发起人不应包括其他未签名属性,并且必须忽略任何无法识别的未签名属性。

The UnsignedAttributes syntax within SignerInfo is defined as a SET OF Attribute. The UnsignedAttributes MUST include only one instance of any particular attribute. TAMP messages that violate this rule MUST be rejected as malformed.

SignerInfo中的UnsignedAttributes语法定义为一组属性。unsignedAttribute只能包含任何特定属性的一个实例。违反此规则的TAMP邮件必须被视为格式错误而拒绝。

2.2.4.1. Contingency-Public-Key-Decrypt-Key Attribute
2.2.4.1. 应急公钥解密密钥属性

The contingency-public-key-decrypt-key attribute provides the plaintext symmetric key needed to decrypt the previously distributed apex trust anchor contingency public key. The symmetric key MUST be useable with the symmetric algorithm used to previously encrypt the contingency public key.

应急公钥解密密钥属性提供解密先前分发的apex trust anchor应急公钥所需的明文对称密钥。对称密钥必须可与先前用于加密应急公钥的对称算法一起使用。

The contingency-public-key-decrypt-key attribute has the following syntax:

应急公钥解密密钥属性具有以下语法:

    contingency-public-key-decrypt-key ATTRIBUTE ::= {
      WITH SYNTAX PlaintextSymmetricKey
      SINGLE VALUE TRUE
      ID id-aa-TAMP-contingencyPublicKeyDecryptKey }
        
    contingency-public-key-decrypt-key ATTRIBUTE ::= {
      WITH SYNTAX PlaintextSymmetricKey
      SINGLE VALUE TRUE
      ID id-aa-TAMP-contingencyPublicKeyDecryptKey }
        
    id-aa-TAMP-contingencyPublicKeyDecryptKey
      OBJECT IDENTIFIER ::= { id-attributes 63 }
        
    id-aa-TAMP-contingencyPublicKeyDecryptKey
      OBJECT IDENTIFIER ::= { id-attributes 63 }
        
    PlaintextSymmetricKey ::= OCTET STRING
        
    PlaintextSymmetricKey ::= OCTET STRING
        
3. Trust Anchor Formats
3. 信任锚格式

TAMP recognizes three formats for representing trust anchor information within the protocol itself: Certificate [RFC5280], TBSCertificate [RFC5280], and TrustAnchorInfo [RFC5914]. The TrustAnchorChoice structure, defined in [RFC5914], is used to select one of these options.

TAMP识别三种格式来表示协议本身中的信任锚信息:证书[RFC5280]、TBSCertificate[RFC5280]和信任锚信息[RFC5914]。[RFC5914]中定义的TrustAnchorChoice结构用于选择这些选项之一。

    TrustAnchorChoice ::= CHOICE {
     certificate  Certificate,
     tbsCert      [1] EXPLICIT TBSCertificate,
     taInfo       [2] EXPLICIT TrustAnchorInfo }
        
    TrustAnchorChoice ::= CHOICE {
     certificate  Certificate,
     tbsCert      [1] EXPLICIT TBSCertificate,
     taInfo       [2] EXPLICIT TrustAnchorInfo }
        

The Certificate structure is commonly used to represent trust anchors. Certificates include a signature, which removes the ability for relying parties to customize the information within the structure itself. TBSCertificate contains all of the information of the Certificate structure except for the signature, enabling tailoring of the information. TrustAnchorInfo is intended to serve as a minimalist representation of trust anchor information for scenarios where storage or bandwidth is highly constrained.

证书结构通常用于表示信任锚。证书包含一个签名,它使依赖方无法在结构本身中自定义信息。TBSCertificate包含除签名之外的证书结构的所有信息,支持对信息进行裁剪。TrustAnchorInfo旨在为存储或带宽高度受限的场景提供信任锚信息的最低限度表示。

Implementations are not required to support all three options. The unsupportedTrustAnchorFormat error code should be indicated when generating a TAMPError due to receipt of an unsupported trust anchor format.

实现不需要支持所有三个选项。由于接收到不受支持的信任锚格式而生成篡改错误时,应指示unsupportedTrustAnchorFormat错误代码。

4. Trust Anchor Management Protocol Messages
4. 信任锚管理协议消息

TAMP makes use of signed and unsigned messages. The CMS is used in both cases. An object identifier is assigned to each TAMP message type, and this object identifier is used as a content type in the CMS.

TAMP使用已签名和未签名的消息。两种情况下均使用CMS。对象标识符分配给每个TAMP消息类型,该对象标识符用作CMS中的内容类型。

TAMP specifies eleven message types. The following provides the content type identifier for each TAMP message type, and it indicates whether a digital signature is required. If the following indicates that the TAMP message MUST be signed, then implementations MUST reject a message of that type that is not signed.

TAMP指定11种消息类型。下面提供了每个TAMP消息类型的内容类型标识符,并指示是否需要数字签名。如果以下指示必须对TAMP消息进行签名,则实现必须拒绝未签名的该类型的消息。

o The TAMP Status Query message MUST be signed. It uses the following object identifier: { id-tamp 1 }.

o 必须对TAMP状态查询消息进行签名。它使用以下对象标识符:{id tamp 1}。

o The TAMP Status Response message SHOULD be signed. It uses the following object identifier: { id-tamp 2 }.

o 应对TAMP状态响应消息进行签名。它使用以下对象标识符:{id tamp 2}。

o The Trust Anchor Update message MUST be signed. It uses the following object identifier: { id-tamp 3 }.

o 必须对信任锚点更新消息进行签名。它使用以下对象标识符:{id tamp 3}。

o The Trust Anchor Update Confirm message SHOULD be signed. It uses the following object identifier: { id-tamp 4 }.

o 应签署信任锚点更新确认消息。它使用以下对象标识符:{id tamp 4}。

o The Apex Trust Anchor Update message MUST be signed. It uses the following object identifier: { id-tamp 5 }.

o 必须对Apex信任锚更新消息进行签名。它使用以下对象标识符:{id tamp 5}。

o The Apex Trust Anchor Update Confirm message SHOULD be signed. It uses the following object identifier: { id-tamp 6 }.

o 应签署Apex信任锚更新确认消息。它使用以下对象标识符:{id tamp 6}。

o The Community Update message MUST be signed. It uses the following object identifier: { id-tamp 7 }.

o 必须对社区更新消息进行签名。它使用以下对象标识符:{id tamp 7}。

o The Community Update Confirm message SHOULD be signed. It uses the following object identifier: { id-tamp 8 }.

o 应签署社区更新确认消息。它使用以下对象标识符:{id tamp 8}。

o The Sequence Number Adjust MUST be signed. It uses the following object identifier: { id-tamp 10 }.

o 序列号调整必须签名。它使用以下对象标识符:{id tamp 10}。

o The Sequence Number Adjust Confirm message SHOULD be signed. It uses the following object identifier: { id-tamp 11 }.

o 应签署序列号调整确认消息。它使用以下对象标识符:{id tamp 11}。

o The TAMP Error message SHOULD be signed. It uses the following object identifier: { id-tamp 9 }.

o 应该对TAMP错误消息进行签名。它使用以下对象标识符:{id tamp 9}。

Trust anchor managers generate TAMP Status Query, Trust Anchor Update, Apex Trust Anchor Update, Community Update, and Sequence Number Adjust messages. Trust anchor stores generate TAMP Status Response, Trust Anchor Update Confirm, Apex Trust Anchor Update Confirm, Community Update Confirm, Sequence Number Adjust Confirm, and TAMP Error messages.

信任锚管理器生成TAMP状态查询、信任锚更新、Apex信任锚更新、社区更新和序列号调整消息。信任锚存储生成TAMP状态响应、信任锚更新确认、Apex信任锚更新确认、社区更新确认、序列号调整确认和TAMP错误消息。

Support for Trust Anchor Update messages is REQUIRED. Support for all other message formats is RECOMMENDED. Implementations that support the HTTP binding described in Appendix C MUST additionally support Trust Anchor Update Confirm and TAMP Error messages and MAY support 0 or more of the following pairs of messages: TAMP Status Query and TAMP Status Query Response; Apex Trust Anchor Update and Apex Trust Anchor Update Confirm; Community Update and Community Update Confirm; Sequence Number Adjust and Sequence Number Adjust Confirm. Implementations that operate in a disconnected manner MUST NOT assume a response will be received from each consumer of a TAMP message.

需要对信任锚更新消息的支持。建议支持所有其他消息格式。支持附录C中描述的HTTP绑定的实现还必须支持信任锚更新确认和TAMP错误消息,并且可能支持以下消息对中的0或更多:TAMP状态查询和TAMP状态查询响应;Apex Trust锚更新和Apex Trust锚更新确认;社区更新和社区更新确认;序号调整和序号调整确认。以断开连接的方式运行的实现不能假设将从TAMP消息的每个使用者接收响应。

A typical interaction between a trust anchor manager and a trust anchor store will follow the message flow shown in Figure 1. Figure 1 does not illustrate a flow where an error occurs.

信任锚管理器和信任锚存储之间的典型交互将遵循图1所示的消息流。图1没有说明发生错误的流程。

      +---------+                                +----------+
      |         |  Trust Anchor Status Query     |          |
      |         |------------------------------->|          |
      |         |                                |          |
      |         |  Trust Anchor Status Response  |          |
      | Trust   |<-------------------------------| Trust    |
      | Anchor  |                                | Anchor   |
      | Manager |  Trust Anchor Update           | Store    |
      |         |------------------------------->|          |
      |         |                                |          |
      |         |  Trust Anchor Update Confirm   |          |
      |         |<-------------------------------|          |
      |         |                                |          |
      +---------+                                +----------+
        
      +---------+                                +----------+
      |         |  Trust Anchor Status Query     |          |
      |         |------------------------------->|          |
      |         |                                |          |
      |         |  Trust Anchor Status Response  |          |
      | Trust   |<-------------------------------| Trust    |
      | Anchor  |                                | Anchor   |
      | Manager |  Trust Anchor Update           | Store    |
      |         |------------------------------->|          |
      |         |                                |          |
      |         |  Trust Anchor Update Confirm   |          |
      |         |<-------------------------------|          |
      |         |                                |          |
      +---------+                                +----------+
        

Figure 1. Typical TAMP Message Flow

图1。典型TAMP消息流

Each TAMP query and update message includes an indication of the type of response that is desired. The response can either be terse or verbose. All trust anchor stores MUST support both the terse and verbose responses and SHOULD generate a response of the type indicated in the corresponding request. TAMP response processors MUST support processing of both terse and verbose responses.

每个TAMP查询和更新消息都包括所需响应类型的指示。响应可以是简洁的,也可以是冗长的。所有信任锚点存储都必须支持简洁和详细的响应,并应生成相应请求中指示的类型的响应。TAMP响应处理器必须支持简洁和详细响应的处理。

Trust anchor stores SHOULD be able to process and properly act upon the valid payload of the TAMP Status Query message, the Trust Anchor Update message, the Apex Trust Anchor Update message, and the Sequence Number Adjust message. TAMP implementations MAY also process and act upon the valid payload of the Community Update message.

信任锚点存储应该能够处理TAMP状态查询消息、信任锚点更新消息、Apex信任锚点更新消息和序列号调整消息的有效负载,并对其进行正确操作。TAMP实现还可以处理社区更新消息的有效负载并对其采取行动。

TAMP implementations SHOULD support generation of the TAMP Status Response message, the Trust Anchor Update Confirm message, the Apex Trust Anchor Update Confirm message, the Sequence Number Adjust Confirm message, and the TAMP Error message. If a TAMP implementation supports the Community Update message, then generation of Community Update Confirm messages SHOULD also be supported.

TAMP实现应支持生成TAMP状态响应消息、信任锚更新确认消息、Apex信任锚更新确认消息、序列号调整确认消息和TAMP错误消息。如果TAMP实现支持社区更新消息,则还应支持生成社区更新确认消息。

4.1. TAMP Status Query
4.1. 夯实状态查询

The TAMP Status Query message is used to request information about the trust anchors that are currently installed in a trust anchor store, and for the list of communities to which the store belongs. The TAMP Status Query message MUST be signed. For the query message to be valid, the trust anchor store MUST be an intended recipient of the query; the sequence number checking described in Section 6 MUST be successful when the TAMP message signer is a trust anchor; and the digital signature MUST be validated by the apex trust anchor

TAMP Status查询消息用于请求有关当前安装在信任锚存储中的信任锚的信息,以及该存储所属社区的列表。必须对TAMP状态查询消息进行签名。要使查询消息有效,信任锚存储必须是查询的预期收件人;当TAMP消息签名者是信任锚时,第6节中描述的序列号检查必须成功;并且数字签名必须由apex信任锚验证

operational public key, an authorized management trust anchor, or via an authorized X.509 certification path originating with such a trust anchor.

操作公钥、授权管理信任锚,或通过由此类信任锚发起的授权X.509认证路径。

If the digital signature on the TAMP Status Query message is valid, sequence number checking is successful, the signer is authorized, and the trust anchor store is an intended recipient of the TAMP message, then a TAMP Status Response message SHOULD be returned. If a TAMP Status Response message is not returned, then a TAMP Error message SHOULD be returned.

如果TAMP状态查询消息上的数字签名有效,序列号检查成功,签名者获得授权,并且信任锚存储是TAMP消息的预期收件人,则应返回TAMP状态响应消息。如果未返回TAMP状态响应消息,则应返回TAMP错误消息。

The TAMP Status Query content type has the following syntax:

TAMP状态查询内容类型具有以下语法:

    CONTENT-TYPE  ::= TYPE-IDENTIFIER
        
    CONTENT-TYPE  ::= TYPE-IDENTIFIER
        
    tamp-status-query CONTENT-TYPE  ::=
       { TAMPStatusQuery IDENTIFIED BY id-ct-TAMP-statusQuery }
        
    tamp-status-query CONTENT-TYPE  ::=
       { TAMPStatusQuery IDENTIFIED BY id-ct-TAMP-statusQuery }
        
    id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
    id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
    TAMPStatusQuery ::= SEQUENCE {
      Version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      query    TAMPMsgRef }
        
    TAMPStatusQuery ::= SEQUENCE {
      Version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      query    TAMPMsgRef }
        
    TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
    TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
    TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
    TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
    TAMPMsgRef ::= SEQUENCE {
      target  TargetIdentifier,
      seqNum  SeqNumber }
        
    TAMPMsgRef ::= SEQUENCE {
      target  TargetIdentifier,
      seqNum  SeqNumber }
        
    SeqNumber ::= INTEGER (0..9223372036854775807)
        
    SeqNumber ::= INTEGER (0..9223372036854775807)
        
    TargetIdentifier ::= CHOICE {
      hwModules    [1] HardwareModuleIdentifierList,
      communities  [2] CommunityIdentifierList,
      allModules   [3] NULL,
      uri          [4] IA5String,
      otherName    [5] AnotherName }
        
    TargetIdentifier ::= CHOICE {
      hwModules    [1] HardwareModuleIdentifierList,
      communities  [2] CommunityIdentifierList,
      allModules   [3] NULL,
      uri          [4] IA5String,
      otherName    [5] AnotherName }
        
    HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
    HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
    HardwareModules ::= SEQUENCE {
      hwType           OBJECT IDENTIFIER,
      hwSerialEntries  SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
    HardwareModules ::= SEQUENCE {
      hwType           OBJECT IDENTIFIER,
      hwSerialEntries  SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
    HardwareSerialEntry ::= CHOICE {
      all     NULL,
      single  OCTET STRING,
      block   SEQUENCE {
        low     OCTET STRING,
        high    OCTET STRING } }
        
    HardwareSerialEntry ::= CHOICE {
      all     NULL,
      single  OCTET STRING,
      block   SEQUENCE {
        low     OCTET STRING,
        high    OCTET STRING } }
        
    CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
    CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
    Community ::= OBJECT IDENTIFIER
        
    Community ::= OBJECT IDENTIFIER
        

The fields of TAMPStatusQuery are used as follows:

TAMPStatusQuery的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o terse indicates the type of response that is desired. A terse response is indicated by a value of 1, and a verbose response is indicated by a value of 2, which is omitted during encoding since it is the default value.

o 简洁表示所需的响应类型。简洁响应由值1表示,详细响应由值2表示,由于它是默认值,因此在编码过程中会忽略该值。

o query contains two items: the target and the seqNum. target identifies the target(s) of the query message. seqNum is a single-use value that will be used to match the TAMP Status Query message with the TAMP Status Response message. The sequence number is also used to detect TAMP message replay. The sequence number processing described in Section 6 MUST successfully complete before a response is returned.

o 查询包含两项:目标和seqNum。目标标识查询消息的目标。seqNum是一个一次性使用值,用于将TAMP状态查询消息与TAMP状态响应消息相匹配。序列号还用于检测TAMP消息重播。在返回响应之前,第6节中描述的序列号处理必须成功完成。

The fields of TAMPMsgRef are used as follows:

TAMPMsgRef的字段使用如下:

o target identifies the target(s) of the query. Several alternatives for naming a target are provided. To identify a cryptographic module, a combination of a cryptographic type and serial number are used. The cryptographic type is represented as an ASN.1 object identifier, and the unique serial number is represented as a string of octets. To facilitate compact representation of serial numbers, a contiguous block can be specified by the lowest included serial number and the highest included serial number. When present, the high and low octet strings MUST have the same length. The HardwareModuleIdentifierList sequence MUST NOT contain duplicate hwType values, so that each member of the sequence names all of the cryptographic modules of this type. Object identifiers are also used to identify communities of trust anchor stores. A sequence of these object identifiers is used if more than one community is the target of the message. A trust anchor store is considered a target if it is a member of any of the listed

o 目标标识查询的目标。提供了几种用于命名目标的备选方案。为了识别加密模块,使用加密类型和序列号的组合。加密类型表示为ASN.1对象标识符,唯一序列号表示为八位字节字符串。为了便于序列号的紧凑表示,可以通过最低包含序列号和最高包含序列号来指定连续块。当存在时,高位和低位八进制字符串必须具有相同的长度。HardwareModuleIdentifierList序列不得包含重复的hwType值,以便序列的每个成员命名此类型的所有加密模块。对象标识符还用于标识信任锚点存储的社区。如果消息的目标是多个社区,则使用这些对象标识符的序列。如果信任锚点存储是列出的任何一个应用程序的成员,则它将被视为目标

communities. An explicit NULL value is used to identify all modules that consider the signer of the TAMP message to be an authorized source for that message type. The uri field can be used to identify a target, i.e., a trust anchor store, using a Uniform Resource Identifier [RFC3986]. Additional name types are supported via the otherName field, which is of type AnotherName. AnotherName is defined in [RFC5280]. The format and semantics of the name are indicated through the OBJECT IDENTIFIER in the type-id field. The name itself is conveyed as a value field in otherName. Implementations MUST support the allModules option and SHOULD support all TargetIdentifier options.

社区。显式NULL值用于标识所有认为TAMP消息的签名者是该消息类型的授权源的模块。uri字段可用于使用统一资源标识符识别目标,即信任锚存储[RFC3986]。通过类型为AnotherName的otherName字段支持其他名称类型。[RFC5280]中定义了另一个名称。名称的格式和语义通过type id字段中的对象标识符指示。名称本身在otherName中作为值字段传递。实现必须支持allModules选项,并应支持所有TargetIdentifier选项。

o seqNum contains a single-use value that will be used to match the TAMP Status Query message with the successful TAMP Status Response message. The sequence number processing described in Section 6 MUST successfully complete before a response is returned.

o seqNum包含一个单一使用值,用于将TAMP状态查询消息与成功的TAMP状态响应消息相匹配。在返回响应之前,第6节中描述的序列号处理必须成功完成。

To determine whether a particular cryptographic module serial number is considered part of a specified block, all of the following conditions MUST be met. First, the cryptographic module serial number MUST be the same length as both the high and low octet strings. Second, the cryptographic module serial number MUST be greater than or equal to the low octet string. Third, the cryptographic module serial number MUST be less than or equal to the high octet string.

要确定特定加密模块序列号是否被视为指定块的一部分,必须满足以下所有条件。首先,加密模块序列号必须与高位和低位八位字节字符串的长度相同。其次,加密模块序列号必须大于或等于低位八位字节字符串。第三,加密模块序列号必须小于或等于高八位字节字符串。

One octet string is equal to another if they are of the same length and are the same at each octet position. An octet string, S1, is greater than another, S2, where S1 and S2 have the same length, if and only if S1 and S2 have different octets in one or more positions, and in the first such position, the octet in S1 is greater than that in S2, considering the octets as unsigned binary numbers. Note that these octet string comparison definitions are consistent with those in clause 6 of [X.690].

如果一个八位组字符串的长度相同,并且在每个八位组位置上相同,则一个八位组字符串等于另一个八位组字符串。八位元字符串S1大于另一个S2,其中S1和S2具有相同的长度,当且仅当S1和S2在一个或多个位置具有不同的八位元,并且在第一个这样的位置,S1中的八位元大于S2中的八位元,将八位元视为无符号二进制数。请注意,这些八位字节字符串比较定义与[X.690]第6条中的定义一致。

4.2. TAMP Status Query Response
4.2. TAMP状态查询响应

The TAMP Status Response message is a reply by a trust anchor store to a valid TAMP Status Query message. The TAMP Status Response message provides information about the trust anchors that are currently installed in the trust anchor store and the list of communities to which the trust anchor store belongs, if any. The TAMP Status Response message MAY be signed or unsigned. A TAMP Status Response message MUST be signed if the implementation is capable of signing it.

TAMP状态响应消息是信任锚存储对有效TAMP状态查询消息的回复。TAMP Status响应消息提供有关当前安装在信任锚存储中的信任锚以及信任锚存储所属的社区列表(如果有)的信息。TAMP状态响应消息可以是已签名的或未签名的。如果实现能够对TAMP状态响应消息进行签名,则必须对其进行签名。

The TAMP Status Response content type has the following syntax:

TAMP状态响应内容类型具有以下语法:

    tamp-status-response CONTENT-TYPE  ::=
       { TAMPStatusResponse IDENTIFIED BY id-ct-TAMP-statusResponse }
        
    tamp-status-response CONTENT-TYPE  ::=
       { TAMPStatusResponse IDENTIFIED BY id-ct-TAMP-statusResponse }
        
    id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
    id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
    TAMPStatusResponse ::= SEQUENCE {
      version   [0] TAMPVersion DEFAULT v2,
      query     TAMPMsgRef,
      response  StatusResponse,
      usesApex  BOOLEAN DEFAULT TRUE }
        
    TAMPStatusResponse ::= SEQUENCE {
      version   [0] TAMPVersion DEFAULT v2,
      query     TAMPMsgRef,
      response  StatusResponse,
      usesApex  BOOLEAN DEFAULT TRUE }
        
    StatusResponse ::= CHOICE {
      terseResponse          [0] TerseStatusResponse,
      verboseResponse        [1] VerboseStatusResponse }
        
    StatusResponse ::= CHOICE {
      terseResponse          [0] TerseStatusResponse,
      verboseResponse        [1] VerboseStatusResponse }
        
    TerseStatusResponse ::= SEQUENCE {
      taKeyIds               KeyIdentifiers,
      communities            CommunityIdentifierList OPTIONAL }
        
    TerseStatusResponse ::= SEQUENCE {
      taKeyIds               KeyIdentifiers,
      communities            CommunityIdentifierList OPTIONAL }
        
    KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
    KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
    VerboseStatusResponse ::= SEQUENCE {
      taInfo                 TrustAnchorChoiceList,
      continPubKeyDecryptAlg [0] AlgorithmIdentifier OPTIONAL,
      communities            [1] CommunityIdentifierList OPTIONAL,
      tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
    VerboseStatusResponse ::= SEQUENCE {
      taInfo                 TrustAnchorChoiceList,
      continPubKeyDecryptAlg [0] AlgorithmIdentifier OPTIONAL,
      communities            [1] CommunityIdentifierList OPTIONAL,
      tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
    TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
    TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
    TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF TAMPSequenceNumber
        
    TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF TAMPSequenceNumber
        
    TAMPSequenceNumber ::= SEQUENCE {
      keyId       KeyIdentifier,
      seqNumber   SeqNumber }
        
    TAMPSequenceNumber ::= SEQUENCE {
      keyId       KeyIdentifier,
      seqNumber   SeqNumber }
        

The fields of TAMPStatusResponse are used as follows:

TAMPStatusResponse的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o query identifies the TAMPStatusQuery to which the trust anchor store is responding. The query structure repeats the TAMPMsgRef from the TAMP Status Query message (see Section 4.1). The sequence number processing described in Section 6 MUST successfully complete before any response is returned.

o 查询标识信任锚存储响应的状态查询。查询结构从TAMP状态查询消息中重复TAMPMsgRef(参见第4.1节)。在返回任何响应之前,必须成功完成第6节中描述的序列号处理。

o response contains either a terse response or a verbose response. The terse response is represented by TerseStatusResponse, and the verbose response is represented by VerboseStatusResponse.

o 响应包含简洁的响应或详细的响应。简洁的响应由TerseStatusResponse表示,详细的响应由VerboseStatusResponse表示。

o usesApex is a Boolean value that indicates whether the first item in the TerseStatusResponse.taKeyIds or VerboseStatusResponse.taInfo field identifies the apex TA.

o usesApex是一个布尔值,指示TerseStatusResponse.taKeyIds或VerboseStatusResponse.taInfo字段中的第一项是否标识顶点TA。

The fields of TerseStatusResponse are used as follows:

TerseStatusResponse字段使用如下:

o taKeyIds contains a sequence of key identifiers. Each trust anchor contained in the trust anchor store is represented by one key identifier. When TAMPStatusResponse.usesApex is TRUE, the apex trust anchor is represented by the first key identifier in the sequence, which contains the key identifier of the operational public key.

o taKeyIds包含一系列关键标识符。信任锚存储中包含的每个信任锚由一个密钥标识符表示。当TAMPStatusResponse.usesApex为TRUE时,apex信任锚由序列中的第一个密钥标识符表示,其中包含操作公钥的密钥标识符。

o communities is OPTIONAL. When present, it contains a sequence of object identifiers. Each object identifier names one community to which this trust anchor store belongs. When the trust anchor store belongs to no communities, this field is omitted.

o 社区是可选的。当存在时,它包含一系列对象标识符。每个对象标识符命名此信任锚点存储所属的一个社区。当信任锚点存储不属于任何社区时,将忽略此字段。

The fields of VerboseStatusResponse are used as follows:

VerboseStatusResponse的字段使用如下:

o taInfo contains a sequence of TrustAnchorChoice structures. One entry in the sequence is provided for each trust anchor contained in the trust anchor store. When TAMPStatusResponse.usesApex is TRUE, the apex trust anchor is the first trust anchor in the sequence.

o taInfo包含一系列信任选择结构。为信任锚存储中包含的每个信任锚提供序列中的一个条目。当TAMPStatusResponse.usesApex为TRUE时,apex信任锚点是序列中的第一个信任锚点。

o continPubKeyDecryptAlg is OPTIONAL. When present, it indicates the decryption algorithm needed to decrypt the currently installed apex trust anchor contingency public key, if a contingency key is associated with the apex trust anchor. When present, TAMPStatusResponse.usesApex MUST be TRUE.

o continPubKeyDecryptAlg是可选的。当存在时,它指示解密当前安装的apex trust anchor应急公钥所需的解密算法(如果应急密钥与apex trust anchor关联)。存在时,TAMPStatusResponse.usesApex必须为TRUE。

o communities is OPTIONAL. When present, it contains a sequence of object identifiers. Each object identifier names one community to which this trust anchor store belongs. When the trust anchor store belongs to no communities, this field is omitted.

o 社区是可选的。当存在时,它包含一系列对象标识符。每个对象标识符命名此信任锚点存储所属的一个社区。当信任锚点存储不属于任何社区时,将忽略此字段。

o tampSeqNumbers is OPTIONAL. When present, it is used to indicate the currently held sequence number for each trust anchor authorized to sign TAMP messages. The keyId field identifies the trust anchor, and the seqNumber field provides the current sequence number associated with the trust anchor.

o 数字是可选的。当存在时,它用于指示授权签署TAMP消息的每个信任锚点当前持有的序列号。keyId字段标识信任锚,seqNumber字段提供与信任锚关联的当前序列号。

4.3. Trust Anchor Update
4.3. 信任锚更新

The Trust Anchor Update message is used to add, remove, and change management and identity trust anchors. The Trust Anchor Update message cannot be used to update the apex trust anchor. The Trust Anchor Update message MUST be signed. For a Trust Anchor Update message to be valid, the trust anchor store MUST be an intended recipient of the update; the sequence number checking described in Section 6 MUST be successful when the TAMP message signer is a trust anchor; and the digital signature MUST be validated using the apex trust anchor operational public key, an authorized management trust anchor, or via an authorized X.509 certification path originating with such a trust anchor.

信任锚更新消息用于添加、删除和更改管理和身份信任锚。信任锚更新消息不能用于更新apex信任锚。必须对信任锚点更新消息进行签名。要使信任锚更新消息有效,信任锚存储必须是更新的预期收件人;当TAMP消息签名者是信任锚时,第6节中描述的序列号检查必须成功;并且必须使用apex trust anchor操作公钥、授权管理信任锚或通过使用此类信任锚发起的授权X.509认证路径来验证数字签名。

If the digital signature on the Trust Anchor Update message is valid, sequence number checking is successful, the signer is authorized, and the trust anchor store is an intended recipient of the TAMP message, then the trust anchor store MUST perform the specified updates and return a Trust Anchor Update Confirm message. If a Trust Anchor Update Confirm message is not returned, then a TAMP Error message SHOULD be returned.

如果信任锚更新消息上的数字签名有效,序列号检查成功,签名者获得授权,并且信任锚存储是TAMP消息的预期收件人,则信任锚存储必须执行指定的更新并返回信任锚更新确认消息。如果未返回信任锚点更新确认消息,则应返回TAMP错误消息。

The Trust Anchor Update content type has the following syntax:

信任锚点更新内容类型具有以下语法:

    tamp-update CONTENT-TYPE  ::=
       { TAMPUpdate IDENTIFIED BY id-ct-TAMP-update }
        
    tamp-update CONTENT-TYPE  ::=
       { TAMPUpdate IDENTIFIED BY id-ct-TAMP-update }
        
    id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
    id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
    TAMPUpdate ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      msgRef   TAMPMsgRef,
      updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
      tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
    TAMPUpdate ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      msgRef   TAMPMsgRef,
      updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
      tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
    TrustAnchorUpdate ::= CHOICE {
      add     [1] TrustAnchorChoice,
      remove  [2] SubjectPublicKeyInfo,
      change  [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
    TrustAnchorUpdate ::= CHOICE {
      add     [1] TrustAnchorChoice,
      remove  [2] SubjectPublicKeyInfo,
      change  [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
    TrustAnchorChangeInfoChoice ::= CHOICE {
      tbsCertChange  [0] TBSCertificateChangeInfo,
      taChange       [1] TrustAnchorChangeInfo }
        
    TrustAnchorChangeInfoChoice ::= CHOICE {
      tbsCertChange  [0] TBSCertificateChangeInfo,
      taChange       [1] TrustAnchorChangeInfo }
        
    TBSCertificateChangeInfo  ::=  SEQUENCE  {
      serialNumber         CertificateSerialNumber OPTIONAL,
      signature            [0] AlgorithmIdentifier OPTIONAL,
      issuer               [1] Name OPTIONAL,
      validity             [2] Validity OPTIONAL,
      subject              [3] Name OPTIONAL,
      subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
      exts                 [5] EXPLICIT Extensions OPTIONAL }
        
    TBSCertificateChangeInfo  ::=  SEQUENCE  {
      serialNumber         CertificateSerialNumber OPTIONAL,
      signature            [0] AlgorithmIdentifier OPTIONAL,
      issuer               [1] Name OPTIONAL,
      validity             [2] Validity OPTIONAL,
      subject              [3] Name OPTIONAL,
      subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
      exts                 [5] EXPLICIT Extensions OPTIONAL }
        
    TrustAnchorChangeInfo ::= SEQUENCE {
      pubKey          SubjectPublicKeyInfo,
      keyId           KeyIdentifier OPTIONAL,
      taTitle         TrustAnchorTitle OPTIONAL,
      certPath        CertPathControls OPTIONAL,
      exts            [1] Extensions OPTIONAL }
        
    TrustAnchorChangeInfo ::= SEQUENCE {
      pubKey          SubjectPublicKeyInfo,
      keyId           KeyIdentifier OPTIONAL,
      taTitle         TrustAnchorTitle OPTIONAL,
      certPath        CertPathControls OPTIONAL,
      exts            [1] Extensions OPTIONAL }
        

The fields of TAMPUpdate are used as follows:

TAMPUpdate的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o terse indicates the type of response that is desired. A terse response is indicated by a value of 1, and a verbose response is indicated by a value of 2, which is omitted during encoding since it is the default value.

o 简洁表示所需的响应类型。简洁响应由值1表示,详细响应由值2表示,由于它是默认值,因此在编码过程中会忽略该值。

o msgRef contains two items: the target and the seqNum. target identifies the target(s) of the update message. The TargetIdentifier syntax is described in Section 4.1. seqNum is a single-use value that will be used to match the Trust Anchor Update message with the Trust Anchor Update Confirm message. The sequence number is also used to detect TAMP message replay. The sequence number processing described in Section 6 MUST successfully complete before any of the updates are processed.

o msgRef包含两项:target和seqNum。目标标识更新消息的目标。第4.1节描述了TargetIdentifier语法。seqNum是一个单次使用值,用于将信任锚更新消息与信任锚更新确认消息相匹配。序列号还用于检测TAMP消息重播。在处理任何更新之前,必须成功完成第6节中描述的序列号处理。

o updates contains a sequence of updates, which are used to add, remove, and change management or identity trust anchors. Each entry in the sequence represents one of these actions, and is indicated by an instance of TrustAnchorUpdate. The actions are a batch of updates that MUST be processed in the order that they appear, but each of the updates is processed independently. Each of the updates MUST satisfy the subordination checks described in Section 7. Even if one or more of the updates fail, then the remaining updates MUST be processed. These updates MUST NOT make any changes to the apex trust anchor.

o 更新包含一系列更新,用于添加、删除和更改管理或标识信任锚。序列中的每个条目表示这些操作之一,并由TrustAnchorUpdate实例指示。这些操作是一批更新,必须按照它们出现的顺序进行处理,但每个更新都是独立处理的。每个更新必须满足第7节中描述的从属检查。即使一个或多个更新失败,也必须处理其余的更新。这些更新不得对apex信任锚进行任何更改。

o tampSeqNumbers MAY be included to provide the initial or new sequence numbers for trust anchors added or changed by the updates field. Elements included in the tampSeqNumbers field that do not correspond to an element in the updates field are ignored. Elements included in the tampSeqNumbers field that do correspond to an element in the updates field and contain a sequence number less than or equal to the most recently stored sequence number for the trust anchor are ignored. Elements included in the tampSeqNumbers field that do correspond to an element in the updates field and contain a sequence number greater than the most recently stored sequence number for the indicated trust anchor are processed by setting the stored sequence number for the trust anchor equal to the new value.

o 可以包括tampSeqNumbers,为更新字段添加或更改的信任锚提供初始或新序列号。TampSeqNumber字段中包含的与更新字段中的元素不对应的元素将被忽略。tampSeqNumbers字段中包含的元素与updates字段中的元素相对应,并且包含的序列号小于或等于信任锚点最近存储的序列号,这些元素将被忽略。tampSeqNumbers字段中包含的元素与updates字段中的元素相对应,并且包含大于所指示信任锚点的最近存储序列号的序列号,通过将信任锚点的存储序列号设置为新值来处理。

The TrustAnchorUpdate is a choice of three structures, and each alternative represents one of the three possible actions: add, remove, and change. A description of the syntax associated with each of these actions follows:

TrustAnchorUpdate有三种结构可供选择,每种结构代表三种可能的操作之一:添加、删除和更改。以下是与这些操作相关联的语法说明:

o add is used to insert a new management or identity trust anchor into the trust anchor store. The TrustAnchorChoice structure is used to provide the trusted public key and all of the information associated with it. However, the action MUST fail with the error code notAuthorized if the subordination checks described in Section 7 are not satisfied. See Section 3 for a discussion of the TrustAnchorChoice structure. The apex trust anchor cannot be introduced into a trust anchor store using this action; therefore, the id-pe-wrappedApexContinKey MUST NOT be present in the extensions field. The constraints of the existing trust anchors are unchanged by this action. An attempt to add a management or identity trust anchor that is already in place with the same values for every field in the TrustAnchorChoice structure MUST be treated as a successful addition. An attempt to add a management or identity trust anchor that is already present with the same pubKey values, but with different values for any of the fields in the TrustAnchorChoice structure, MUST fail with the error code improperTAAddition. This means a trust anchor may not be added twice using different TrustAnchorChoice options. If a different format is desired, the existing trust anchor must be removed and the new format added.

o 添加用于将新的管理或标识信任锚插入信任锚存储。TrustAnchorChoice结构用于提供受信任的公钥以及与之相关的所有信息。但是,如果不满足第7节中描述的从属检查,则操作必须失败,错误代码未授权。关于托管人选择结构的讨论见第3节。无法使用此操作将apex信任锚引入信任锚存储;因此,id pe WrappedAppExcontinkey不能出现在extensions字段中。此操作不会改变现有信任锚的约束。如果试图添加一个管理或标识信任锚点,而该锚点已经就位,并且信任锚点选择结构中的每个字段都具有相同的值,则必须将其视为成功添加。尝试添加管理或标识信任锚点时,如果该锚点已存在相同的pubKey值,但TrustAnchorChoice结构中的任何字段的值不同,则添加该锚点时必须失败,错误代码为improperTAAddition。这意味着不能使用不同的TrustAnchorChoice选项两次添加信任锚。如果需要不同的格式,则必须删除现有信任锚点并添加新格式。

o remove is used to delete an existing management or identity trust anchor from the trust anchor store, including the deletion of the management trust anchor associated with the TAMP message signer. However, the action MUST fail with the error code notAuthorized if the subordination checks described in Section 7 are not satisfied. The public key contained in SubjectPublicKeyInfo names the management or identity trust anchor to be deleted. An attempt to

o remove用于从信任锚存储中删除现有管理或标识信任锚,包括删除与TAMP消息签名者关联的管理信任锚。但是,如果不满足第7节中描述的从属检查,则操作必须失败,错误代码未授权。SubjectPublicKeyInfo中包含的公钥指定要删除的管理或身份信任锚。企图

delete a trust anchor that is not present MUST be treated as a successful deletion. The constraints of the deleted trust anchor are not distributed to other trust anchors in any manner. The apex trust anchor cannot be removed using this action, which ensures that this action cannot place the trust anchor store in an unrecoverable configuration.

删除不存在的信任锚点必须视为成功删除。已删除信任锚的约束不会以任何方式分发给其他信任锚。无法使用此操作删除apex信任锚,这将确保此操作不会将信任锚存储置于不可恢复的配置中。

o change is used to update the information associated with an existing management or identity trust anchor in the trust anchor store. Attempts to change a trust anchor added as a Certificate MUST fail with the error code improperTAChange. The public key contained in the SubjectPublicKeyInfo field of TrustAnchorChangeInfo or in the subjectPublicKeyInfo field of a TBSCertificateChangeInfo names the to-be-updated trust anchor. However, the action MUST fail with the error code notAuthorized if the subordination checks described in Section 7 are not satisfied. An attempt to change a trust anchor that is not present MUST result in a failure with the trustAnchorNotFound status code. The TrustAnchorChangeInfo structure or the TBSCertificateChangeInfo structure is used to provide the revised configuration of the management or identity trust anchor. If the update fails for any reason, then the original trust anchor configuration MUST be preserved. The apex trust anchor information cannot be changed using this action. Attempts to change a trust anchor added as a TBSCertificate using a TrustAnchorChangeInfo MUST fail with an improperTAChange error. Attempts to change a trust anchor added as a TrustAnchorInfo using a TBSCertificateChangeInfo MUST fail with an improperTAChange error.

o 更改用于更新与信任锚点存储中的现有管理或标识信任锚点关联的信息。尝试更改作为证书添加的信任锚点必须失败,错误代码为ImpropertChange。TrustAnchorChangeInfo的SubjectPublicKeyInfo字段或TBSCertificateChangeInfo的SubjectPublicKeyInfo字段中包含的公钥将命名要更新的信任锚。但是,如果不满足第7节中描述的从属检查,则操作必须失败,错误代码未授权。试图更改不存在的信任锚点必须导致trustAnchorNotFound状态代码失败。TrustAnchorChangeInfo结构或TBSCertificateChangeInfo结构用于提供管理或身份信任锚的修订配置。如果更新因任何原因失败,则必须保留原始信任锚点配置。无法使用此操作更改apex信任锚信息。尝试使用TrustAnchorChangeInfo更改作为TBSCertificate添加的信任锚点必须失败,并出现错误。尝试使用TBSCertificateChangeInfo更改添加为TrustAnchorInfo的信任锚点必须失败,并出现错误。

The fields of TrustAnchorChangeInfo are used as follows:

TrustAnchorChangeInfo的字段使用如下:

o pubKey contains the algorithm identifier and the public key of the management or identity trust anchor. It is used to locate the to-be-updated trust anchor in the trust anchor store.

o pubKey包含算法标识符和管理或身份信任锚的公钥。它用于在信任锚点存储中定位要更新的信任锚点。

o keyId is OPTIONAL, and when present, it contains the public key identifier of the trust anchor public key, which is contained in the pubKey field. If this field is not present, then the public key identifier remains unchanged. If this field is present, the provided public key identifier replaces the previous one.

o keyId是可选的,当存在时,它包含信任锚点公钥的公钥标识符,该公钥包含在pubKey字段中。如果此字段不存在,则公钥标识符保持不变。如果存在此字段,则提供的公钥标识符将替换上一个公钥标识符。

o taTitle is OPTIONAL, and when present, it provides a human readable name for the management or identity trust anchor. When absent in a change trust anchor update, any title that was previously associated with the trust anchor is removed. Similarly, when present in a change trust anchor update, the title

o taTitle是可选的,当存在时,它为管理或身份信任锚提供了一个人类可读的名称。在更改信任锚更新中不存在时,将删除以前与信任锚关联的任何标题。类似地,当出现在变更信任锚更新中时,标题

in the message is associated with the trust anchor. If a previous title was associated with the trust anchor, then the title is replaced. If a title was not previously associated with the trust anchor, then the title from the update message is added.

在消息中,与信任锚关联。如果以前的标题与信任锚关联,则该标题将被替换。如果以前未将标题与信任锚关联,则会添加更新消息中的标题。

o certPath is OPTIONAL, and when present, it provides the controls needed to construct and validate an X.509 certification path. When absent in a change trust anchor update, any controls that were previously associated with the management or identity trust anchor are removed, which means that delegation is no longer permitted. Similarly, when present in a change trust anchor update, the controls in the message are associated with the management or identity trust anchor. If previous controls, including the trust anchor distinguished name, were associated with the trust anchor, then the controls are replaced, which means that delegation continues to be supported, but that different certification paths will be valid. If controls were not previously associated with the management or identity trust anchor, then the controls from the update message are added, which enables delegation. The syntax and semantics of CertPathControls are discussed in [RFC5914].

o certPath是可选的,当存在时,它提供构造和验证X.509认证路径所需的控件。当变更信任锚更新中不存在时,将删除以前与管理或标识信任锚关联的任何控件,这意味着不再允许委派。类似地,当出现在更改信任锚更新中时,消息中的控件与管理或标识信任锚关联。如果以前的控件(包括信任锚点可分辨名称)与信任锚点关联,则将替换这些控件,这意味着继续支持委托,但不同的认证路径将有效。如果控件以前未与管理或标识信任锚关联,则会添加更新消息中的控件,从而启用委派。[RFC5914]中讨论了CertPathControl的语法和语义。

o exts is OPTIONAL, and when present, it provides the extensions values that are associated with the trust anchor. When absent in a change trust anchor update, any extensions that were previously associated with the trust anchor are removed. Similarly, when present in a change trust anchor update, the extensions in the message are associated with the trust anchor. Any extensions previously associated with the trust anchor are replaced or removed.

o exts是可选的,当存在时,它提供与信任锚关联的扩展值。在更改信任锚更新中不存在时,将删除以前与信任锚关联的所有扩展。类似地,当出现在变更信任锚更新中时,消息中的扩展与信任锚关联。替换或删除以前与信任锚关联的任何扩展。

The fields of TBSCertificateChangeInfo are used to alter the fields within a TBSCertificate structure. TBSCertificate is described in [RFC5280]. For all fields except exts, if the field is absent in a change trust anchor update, then any previous value associated with a trust anchor is unchanged. For the exts field, if the field is absent in a change trust anchor update, then any previous value associated with a trust anchor is removed. For all fields, if the field is present in a change trust anchor update, then any previous value associated with a trust anchor is replaced with the value from the update message.

TBSCertificateChangeInfo的字段用于更改TBSCertificate结构中的字段。[RFC5280]中描述了TBSC证书。对于除EXT之外的所有字段,如果更改信任锚更新中缺少该字段,则与信任锚关联的任何以前的值都将保持不变。对于exts字段,如果更改信任锚点更新中缺少该字段,则删除与信任锚点关联的任何以前的值。对于所有字段,如果该字段出现在更改信任锚更新中,则与信任锚关联的任何以前的值都将替换为更新消息中的值。

4.3.1. Trust Anchor List
4.3.1. 信任锚列表

[RFC5914] defines the TrustAnchorList structure to convey a list of trust anchors. TAMP implementations MAY process TrustAnchorList objects (with eContentType (or contentType) using the id-ct-trustAnchorList OID defined in [RFC5914]) as equivalent to TAMPUpdate

[RFC5914]定义信任锚列表结构,以传递信任锚列表。TAMP实现可以使用[RFC5914]中定义的id ct TrustAnchorList OID处理TrustAnchorList对象(带有eContentType(或contentType)),等同于TAMPUpdate

objects with terse set to terse, msgRef set to allModules (with a suitable sequence number), and all elements within the list contained within the add field. This alternative to TrustAnchorUpdate is provided for implementations that perform integrity and authorization checks out-of-band as a simple means of transferring trust anchors from one trust anchor store to another. It does not provide a means of removing or changing trust anchors and has no HTTP binding.

对象,将terse设置为terse,将msgRef设置为allModules(具有适当的序列号),以及add字段中包含的列表中的所有元素。此TrustAnchorUpdate的替代方案用于执行带外完整性和授权检查的实现,作为将信任锚从一个信任锚存储转移到另一个信任锚存储的简单方法。它不提供删除或更改信任锚的方法,并且没有HTTP绑定。

4.4. Trust Anchor Update Confirm
4.4. 信任锚更新确认

The Trust Anchor Update Confirm message is a reply by a trust anchor store to a valid Trust Anchor Update message. The Trust Anchor Update Confirm message provides success and failure information for each of the requested updates. The Trust Anchor Update Confirm message MAY be signed or unsigned. A Trust Anchor Update Confirm message MUST be signed if the implementation is capable of signing it.

信任锚更新确认消息是信任锚存储对有效信任锚更新消息的回复。信任锚更新确认消息为每个请求的更新提供成功和失败信息。信任锚点更新确认消息可以是已签名或未签名的。如果实现能够对信任锚更新确认消息进行签名,则必须对其进行签名。

The Trust Anchor Update Confirm content type has the following syntax:

信任锚更新确认内容类型具有以下语法:

    tamp-update-confirm CONTENT-TYPE  ::=
       { TAMPUpdateConfirm IDENTIFIED BY id-ct-TAMP-updateConfirm }
        
    tamp-update-confirm CONTENT-TYPE  ::=
       { TAMPUpdateConfirm IDENTIFIED BY id-ct-TAMP-updateConfirm }
        
    id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
    id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
    TAMPUpdateConfirm ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      update   TAMPMsgRef,
      confirm  UpdateConfirm }
        
    TAMPUpdateConfirm ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      update   TAMPMsgRef,
      confirm  UpdateConfirm }
        
    UpdateConfirm ::= CHOICE {
      terseConfirm    [0] TerseUpdateConfirm,
      verboseConfirm  [1] VerboseUpdateConfirm }
        
    UpdateConfirm ::= CHOICE {
      terseConfirm    [0] TerseUpdateConfirm,
      verboseConfirm  [1] VerboseUpdateConfirm }
        
    TerseUpdateConfirm ::= StatusCodeList
        
    TerseUpdateConfirm ::= StatusCodeList
        
    StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
    StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
    VerboseUpdateConfirm ::= SEQUENCE {
      status          StatusCodeList,
      taInfo          TrustAnchorChoiceList,
      tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
      usesApex        BOOLEAN DEFAULT TRUE }
        
    VerboseUpdateConfirm ::= SEQUENCE {
      status          StatusCodeList,
      taInfo          TrustAnchorChoiceList,
      tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
      usesApex        BOOLEAN DEFAULT TRUE }
        

The fields of TAMPUpdateConfirm are used as follows:

TAMPUpdateConfirm的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o update identifies the TAMPUpdate message to which the trust anchor store is responding. The update structure repeats the TAMPMsgRef from the Trust Anchor Update message (see Section 4.3). The sequence number processing described in Section 6 MUST successfully complete before any of the updates are processed.

o update标识信任锚点存储响应的TAMPUpdate消息。更新结构从信任锚更新消息中重复TAMPMsgRef(参见第4.3节)。在处理任何更新之前,必须成功完成第6节中描述的序列号处理。

o confirm contains either a terse update confirmation or a verbose update confirmation. The terse update confirmation is represented by TerseUpdateConfirm, and the verbose response is represented by VerboseUpdateConfirm.

o 确认包含简洁的更新确认或详细的更新确认。简洁的更新确认由TerseUpdateConfirm表示,详细响应由VerboseUpdateConfirm表示。

The TerseUpdateConfirm contains a sequence of status codes, one for each TrustAnchorUpdate structure in the Trust Anchor Update message. The status codes MUST appear in the same order as the TrustAnchorUpdate structures to which they apply, and the number of elements in the status code list MUST be the same as the number of elements in the trust anchor update list. Each of the status codes is discussed in Section 5.

TerseUpdateConfirm包含一系列状态代码,在信任锚更新消息中,每个TrustAnchorUpdate结构对应一个状态代码。状态代码必须以与其应用的TrustAnchorUpdate结构相同的顺序出现,并且状态代码列表中的元素数量必须与trust anchor update列表中的元素数量相同。第5节讨论了每个状态代码。

The fields of VerboseUpdateConfirm are used as follows:

VerboseUpdateConfirm的字段使用如下:

o status contains a sequence of status codes, one for each TrustAnchorUpdate structure in the Trust Anchor Update message. The status codes appear in the same order as the TrustAnchorUpdate structures to which they apply, and the number of elements in the status code list MUST be the same as the number of elements in the trust anchor update list. Each of the status codes is discussed in Section 5.

o status包含一系列状态代码,在信任锚更新消息中,每个TrustAnchorUpdate结构对应一个状态代码。状态代码的显示顺序与其应用的TrustAnchorUpdate结构相同,并且状态代码列表中的元素数量必须与trust anchor update列表中的元素数量相同。第5节讨论了每个状态代码。

o taInfo contains a sequence of TrustAnchorChoice structures. One entry in the sequence is provided for each trust anchor contained in the trust anchor store. These represent the state of the trust anchors after the updates have been processed. When usesApex is true, the apex trust anchor is the first trust anchor in the sequence.

o taInfo包含一系列信任选择结构。为信任锚存储中包含的每个信任锚提供序列中的一个条目。这些表示更新处理后信任锚的状态。当usesApex为true时,apex信任锚点是序列中的第一个信任锚点。

o tampSeqNumbers is used to indicate the currently held sequence number for each trust anchor authorized to sign TAMP messages. The keyId field identifies the trust anchor, and the seqNumber field provides the current sequence number associated with the trust anchor.

o TampSeqNumber用于指示授权签署TAMP消息的每个信任锚点的当前持有序列号。keyId字段标识信任锚,seqNumber字段提供与信任锚关联的当前序列号。

o usesApex is a Boolean value that indicates whether the first item in the taInfo field identifies the apex TA.

o usesApex是一个布尔值,指示taInfo字段中的第一项是否标识顶点TA。

4.5. Apex Trust Anchor Update
4.5. Apex信任锚更新

The Apex Trust Anchor Update message replaces the operational public key and, optionally, the contingency public key associated with the apex trust anchor. Each trust anchor store has exactly one apex trust anchor. No constraints are associated with the apex trust anchor. The public key identifier of the operational public key is used to identify the apex trust anchor in subsequent TAMP messages. The digital signature on the Apex Trust Anchor Update message is validated with either the current operational public key or the current contingency public key. For the Apex Trust Anchor Update message that is validated with the operational public key to be valid, the trust anchor store MUST be a target of the update, the sequence number MUST be larger than the most recently stored sequence number for the operational public key, and the digital signature MUST be validated directly with the operational public key. That is, no delegation via a certification path is permitted. For the Apex Trust Anchor Update message that is validated with the contingency public key to be valid, the trust anchor store MUST be a target of the update, the provided decryption key MUST properly decrypt the contingency public key, and the digital signature MUST be validated directly with the decrypted contingency public key. Again, no delegation via a certification path is permitted.

Apex Trust Anchor Update消息将替换操作公钥以及与Apex Trust Anchor关联的应急公钥(可选)。每个信任锚商店都有一个apex信任锚。没有约束与apex信任锚关联。操作公钥的公钥标识符用于识别后续TAMP消息中的apex信任锚。Apex Trust Anchor Update消息上的数字签名使用当前操作公钥或当前应急公钥进行验证。对于使用操作公钥验证的Apex信任锚更新消息,信任锚存储必须是更新的目标,序列号必须大于操作公钥最近存储的序列号,数字签名必须直接使用可操作的公钥进行验证。也就是说,不允许通过认证路径进行委托。对于使用应急公钥验证的Apex信任锚更新消息,信任锚存储必须是更新的目标,提供的解密密钥必须正确解密应急公钥,并且必须使用解密的应急公钥直接验证数字签名。同样,不允许通过认证路径进行授权。

If the Apex Trust Anchor Update message is validated using the operational public key, then sequence number processing is handled normally, as described in Section 6. If the Apex Trust Anchor Update message is validated using the contingency public key, then the TAMPMsgRef sequence number MUST contain a zero value. A sequence number for subsequent messages that will be validated with the new operational public key can optionally be provided. If no value is provided, then the trust anchor store MUST be prepared to accept any sequence number in the next TAMP message validated with the newly installed apex trust anchor operational public key. If the Apex Trust Anchor Update message is valid and the clearTrustAnchors flag is set to TRUE, then all of the management and identity trust anchors stored in the trust anchor store MUST be deleted. That is, the new apex trust anchor MUST be the only trust anchor remaining in the trust anchor store. If the Apex Trust Anchor Update message is valid and the clearCommunities flag is set to TRUE, then all community identifiers stored in the trust anchor store MUST be deleted.

如果使用操作公钥验证Apex Trust Anchor Update消息,则序列号处理将正常进行,如第6节所述。如果使用应急公钥验证Apex信任锚更新消息,则TAMPMsgRef序列号必须包含零值。可以选择提供将使用新的操作公钥验证的后续消息的序列号。如果未提供任何值,则信任锚存储区必须准备好接受下一条TAMP消息中的任何序列号,该消息使用新安装的apex trust anchor操作公钥进行验证。如果Apex信任锚更新消息有效且clearTrustAnchors标志设置为TRUE,则必须删除信任锚存储中存储的所有管理和标识信任锚。也就是说,新的apex信任锚点必须是信任锚点存储中剩余的唯一信任锚点。如果Apex信任锚更新消息有效且clearCommunities标志设置为TRUE,则必须删除信任锚存储中存储的所有社区标识符。

The SignedData structure includes a SignerInfo.sid value, and it identifies the apex trust anchor public key that will be used to validate the digital signature on this TAMP message. The public key

SignedData结构包含SignerInfo.sid值,它标识将用于验证此TAMP消息上的数字签名的apex trust anchor公钥。公钥

identifier for the operational public key is known in advance, and it is stored as part of the apex trust anchor. The public key identifier for the contingency public key is not known in advance; however, the presence of the unsigned attribute containing the symmetric key needed to decrypt the contingency public key unambiguously indicates that the TAMP message signer used the contingency private key to sign the Apex Trust Anchor Update message.

操作公钥的标识符是预先知道的,它存储为apex信任锚的一部分。应急公钥的公钥标识符事先未知;但是,存在包含解密应急公钥所需的对称密钥的未签名属性明确表示TAMP消息签名者使用应急私钥对Apex信任锚更新消息进行签名。

If the digital signature on the Apex Trust Anchor Update message is valid using either the apex trust anchor operational public key or the apex trust anchor contingency public key, sequence number checking is successful, and the trust anchor store is an intended recipient of the TAMP message, then the trust anchor store MUST update the apex trust anchor and return an Apex Trust Anchor Update Confirm message. If an Apex Trust Anchor Update Confirm message is not returned, then a TAMP Error message SHOULD be returned. Note that the sequence number MUST be zero if the Apex Trust Anchor Update message is validated with the apex trust anchor contingency public key.

如果使用Apex Trust Anchor操作公钥或Apex Trust Anchor应急公钥,Apex Trust Anchor更新消息上的数字签名有效,则序列号检查成功,并且信任Anchor存储是TAMP消息的预期收件人,然后,信任锚存储必须更新apex信任锚并返回apex信任锚更新确认消息。如果未返回Apex信任锚更新确认消息,则应返回TAMP错误消息。请注意,如果使用Apex Trust Anchor应急公钥验证Apex Trust Anchor更新消息,则序列号必须为零。

The Apex Trust Anchor Update content type has the following syntax:

Apex信任锚更新内容类型具有以下语法:

    tamp-apex-update CONTENT-TYPE  ::=
       { TAMPApexUpdate IDENTIFIED BY id-ct-TAMP-apexUpdate }
        
    tamp-apex-update CONTENT-TYPE  ::=
       { TAMPApexUpdate IDENTIFIED BY id-ct-TAMP-apexUpdate }
        
    id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
    id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
    TAMPApexUpdate ::= SEQUENCE {
      version            [0] TAMPVersion DEFAULT v2,
      terse              [1] TerseOrVerbose DEFAULT verbose,
      msgRef             TAMPMsgRef,
      clearTrustAnchors  BOOLEAN,
      clearCommunities   BOOLEAN,
      seqNumber          SeqNumber OPTIONAL,
      apexTA             TrustAnchorChoice }
        
    TAMPApexUpdate ::= SEQUENCE {
      version            [0] TAMPVersion DEFAULT v2,
      terse              [1] TerseOrVerbose DEFAULT verbose,
      msgRef             TAMPMsgRef,
      clearTrustAnchors  BOOLEAN,
      clearCommunities   BOOLEAN,
      seqNumber          SeqNumber OPTIONAL,
      apexTA             TrustAnchorChoice }
        

The fields of TAMPApexUpdate are used as follows:

TAMPApexUpdate的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o terse indicates the type of response that is desired. A terse response is indicated by a value of 1, and a verbose response is indicated by a value of 2, which is omitted during encoding since it is the default value.

o 简洁表示所需的响应类型。简洁响应由值1表示,详细响应由值2表示,由于它是默认值,因此在编码过程中会忽略该值。

o msgRef contains two items: the target and the seqNum. target identifies the target(s) of the Apex Trust Anchor Update message.

o msgRef包含两项:target和seqNum。target标识Apex信任锚更新消息的目标。

The TargetIdentifier syntax as described in Section 4.1 is used. seqNum is a single-use value that will be used to match the Apex Trust Anchor Update message with the Apex Trust Anchor Update Confirm message. The sequence number is also used to detect TAMP message replay if the message is validated with the apex trust anchor operational public key. The sequence number processing described in Section 6 MUST successfully complete before any action is taken. However, seqNum MUST contain a zero value if the message is validated with the apex trust anchor contingency public key.

使用第4.1节所述的TargetIdentifier语法。seqNum是一个一次性使用值,用于将Apex Trust Anchor更新消息与Apex Trust Anchor更新确认消息相匹配。如果使用apex trust anchor操作公钥验证消息,则序列号还用于检测TAMP消息重播。在采取任何措施之前,必须成功完成第6节中描述的序列号处理。但是,如果使用apex trust anchor应急公钥验证消息,则seqNum必须包含零值。

o clearTrustAnchors is a Boolean. If the value is set to TRUE, then all of the management and identity trust anchors stored in the trust anchor store MUST be deleted, leaving the newly installed apex trust anchor as the only trust anchor in the trust anchor store. If the value is set to FALSE, the other trust anchors MUST NOT be changed.

o clearTrustAnchors是一个布尔值。如果该值设置为TRUE,则必须删除存储在信任锚点存储中的所有管理和标识信任锚点,将新安装的apex信任锚点保留为信任锚点存储中的唯一信任锚点。如果该值设置为FALSE,则不得更改其他信任锚。

o clearCommunities is a Boolean. If the value is set to TRUE, then all of the community identifiers stored in the trust anchor store MUST be deleted, leaving none. If the value is set to FALSE, the list of community identifiers MUST NOT be changed.

o clearCommunities是一个布尔值。如果该值设置为TRUE,则必须删除存储在信任锚点存储中的所有社区标识符,不保留任何标识符。如果该值设置为FALSE,则不得更改社区标识符列表。

o seqNumber is OPTIONAL, and when present, it provides the initial sequence number for the apex trust anchor. If seqNumber is absent, the trust anchor store is prepared to accept any sequence number value for the apex trust anchor operational public key.

o seqNumber是可选的,当存在时,它为apex信任锚点提供初始序列号。如果缺少seqNumber,则信任锚存储准备接受apex信任锚操作公钥的任何序列号值。

o apexTA provides the information for the replacement apex trust anchor. The TrustAnchorChoice structure is used to provide the trusted public key and all of the information associated with it. The pubKey, keyId, taTitle, certPath, and exts fields apply to the operational public key of the apex trust anchor. The ApexTrustAnchorInfo certificate extension MAY appear as an extension. Section 9 describes the WrappedApexContingencyKey certificate extension.

o apexTA提供替换apex信任锚的信息。TrustAnchorChoice结构用于提供受信任的公钥以及与之相关的所有信息。pubKey、keyId、taTitle、certPath和exts字段应用于apex信任锚的操作公钥。ApexTrustAnchorInfo证书扩展可能显示为扩展。第9节介绍WrappedAppExcontingencyKey证书扩展。

4.6. Apex Trust Anchor Update Confirm
4.6. Apex信任锚更新确认

The Apex Trust Anchor Update Confirm message is a reply by a trust anchor store to a valid Apex Trust Anchor Update message. The Apex Trust Anchor Update Confirm message provides success or failure information for the apex trust anchor update. The Apex Trust Anchor Update Confirm message MAY be signed or unsigned. An Apex Trust Anchor Update Confirm message MUST be signed if the trust anchor store is capable of signing it.

Apex信任锚更新确认消息是信任锚存储对有效Apex信任锚更新消息的回复。Apex Trust Anchor Update确认消息提供Apex Trust Anchor更新的成功或失败信息。Apex Trust Anchor更新确认消息可以是已签名或未签名的。如果信任锚存储能够对Apex信任锚更新确认消息进行签名,则必须对该消息进行签名。

The Apex Trust Anchor Update Confirm content type has the following syntax:

Apex信任锚更新确认内容类型具有以下语法:

    tamp-apex-update-confirm CONTENT-TYPE  ::=
       { TAMPApexUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-apexUpdateConfirm }
        
    tamp-apex-update-confirm CONTENT-TYPE  ::=
       { TAMPApexUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-apexUpdateConfirm }
        
    id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
    id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
    TAMPApexUpdateConfirm ::= SEQUENCE {
      version      [0] TAMPVersion DEFAULT v2,
      apexReplace  TAMPMsgRef,
      apexConfirm  ApexUpdateConfirm }
        
    TAMPApexUpdateConfirm ::= SEQUENCE {
      version      [0] TAMPVersion DEFAULT v2,
      apexReplace  TAMPMsgRef,
      apexConfirm  ApexUpdateConfirm }
        
    ApexUpdateConfirm ::= CHOICE {
      terseApexConfirm    [0] TerseApexUpdateConfirm,
      verboseApexConfirm  [1] VerboseApexUpdateConfirm }
        
    ApexUpdateConfirm ::= CHOICE {
      terseApexConfirm    [0] TerseApexUpdateConfirm,
      verboseApexConfirm  [1] VerboseApexUpdateConfirm }
        
    TerseApexUpdateConfirm ::= StatusCode
        
    TerseApexUpdateConfirm ::= StatusCode
        
    VerboseApexUpdateConfirm ::= SEQUENCE {
      status                 StatusCode,
      taInfo                 TrustAnchorChoiceList,
      communities            [0] CommunityIdentifierList OPTIONAL,
      tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        
    VerboseApexUpdateConfirm ::= SEQUENCE {
      status                 StatusCode,
      taInfo                 TrustAnchorChoiceList,
      communities            [0] CommunityIdentifierList OPTIONAL,
      tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        

The fields of TAMPApexUpdateConfirm are used as follows:

TAMPApexUpdateConfirm的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o apexReplace identifies the Apex Trust Anchor Update message to which the trust anchor store is responding. The apexReplace structure repeats the TAMPMsgRef from the beginning of the Apex Trust Anchor Update message (see Section 4.5). When the Apex Trust Anchor Update message is validated with the operational public key, the sequence number processing described in Section 6 MUST successfully complete before an Apex Trust Anchor Update Confirm message is generated. When the Apex Trust Anchor Update message is validated with the contingency public key, normal sequence number processing is ignored, but the seqNum MUST be zero.

o apexReplace标识信任锚存储响应的Apex信任锚更新消息。apexReplace结构从Apex信任锚更新消息开始重复TAMPMsgRef(参见第4.5节)。当使用操作公钥验证Apex信任锚更新消息时,在生成Apex信任锚更新确认消息之前,必须成功完成第6节中描述的序列号处理。当使用应急公钥验证Apex Trust Anchor Update消息时,将忽略正常的序列号处理,但seqNum必须为零。

o apexConfirm contains either a terse update confirmation or a verbose update confirmation. The terse update confirmation is represented by TerseApexUpdateConfirm, and the verbose response is represented by VerboseApexUpdateConfirm.

o ApexConfig包含简洁的更新确认或详细的更新确认。简洁的更新确认由TerseApexUpdateConfirm表示,详细响应由VerboseApexUpdateConfirm表示。

The TerseApexUpdateConfirm contains a single status code, indicating the success or failure of the apex trust anchor update. If the apex trust anchor update failed, then the status code provides the reason for the failure. Each of the status codes is discussed in Section 5.

TerseApexUpdateConfirm包含一个状态代码,指示apex信任锚更新的成功或失败。如果apex trust anchor更新失败,则状态代码提供失败的原因。第5节讨论了每个状态代码。

The fields of VerboseApexUpdateConfirm are used as follows:

VerboseApexUpdateConfirm的字段使用如下:

o status contains a single status code, indicating the success or failure of the apex trust anchor update. If the apex trust anchor update failed, then the status code provides the reason for the failure. Each of the status codes is discussed in Section 5.

o status包含一个状态代码,指示apex trust anchor更新的成功或失败。如果apex trust anchor更新失败,则状态代码提供失败的原因。第5节讨论了每个状态代码。

o taInfo contains a sequence of TrustAnchorChoice structures. One entry in the sequence is provided for each trust anchor contained in the trust anchor store. These represent the state of the trust anchors after the apex trust anchor update has been processed. See [RFC5914] for a description of the TrustAnchorInfo structure. The apex trust anchor is the first trust anchor in the sequence.

o taInfo包含一系列信任选择结构。为信任锚存储中包含的每个信任锚提供序列中的一个条目。这些表示处理apex信任锚更新后信任锚的状态。有关TrustAnchorInfo结构的说明,请参见[RFC5914]。顶点信任锚点是序列中的第一个信任锚点。

o communities is OPTIONAL. When present, it contains a sequence of object identifiers. Each object identifier names one community to which this trust anchor store belongs. When the trust anchor store belongs to no communities, this field is omitted.

o 社区是可选的。当存在时,它包含一系列对象标识符。每个对象标识符命名此信任锚点存储所属的一个社区。当信任锚点存储不属于任何社区时,将忽略此字段。

o tampSeqNumbers is used to indicate the currently held sequence number for each trust anchor authorized to sign TAMP messages. The keyId field identifies the trust anchor, and the seqNumber field provides the current sequence number associated with the trust anchor.

o TampSeqNumber用于指示授权签署TAMP消息的每个信任锚点的当前持有序列号。keyId字段标识信任锚,seqNumber字段提供与信任锚关联的当前序列号。

4.7. Community Update
4.7. 社区更新

The trust anchor store maintains a list of identifiers for the communities of which it is a member. The Community Update message can be used to remove or add community identifiers from this list. The Community Update message MUST be signed. For the Community Update message to be valid, the trust anchor store MUST be a target of the update; the sequence number checking described in Section 6 MUST be successful when the TAMP message signer is a trust anchor; and the digital signature MUST be validated by the apex trust anchor operational public key, an authorized management trust anchor, or via an authorized X.509 certification path originating with such a trust anchor.

信任锚存储维护它所属社区的标识符列表。社区更新消息可用于从此列表中删除或添加社区标识符。必须对社区更新消息进行签名。为了使社区更新消息有效,信任锚存储必须是更新的目标;当TAMP消息签名者是信任锚时,第6节中描述的序列号检查必须成功;并且数字签名必须由apex信任锚操作公钥、授权管理信任锚或通过由此类信任锚发起的授权X.509认证路径进行验证。

If the trust anchor store supports the Community Update message, the digital signature on the Community Update message is valid, sequence number checking is successful, the signer is authorized, and the trust anchor store is an intended recipient of the TAMP message, then

如果信任锚存储支持社区更新消息,则社区更新消息上的数字签名有效,序列号检查成功,签名者获得授权,并且信任锚存储是TAMP消息的预期收件人,然后

the trust anchor store MUST make the specified updates and return a Community Update Confirm message. If a Community Update Confirm message is not returned, then a TAMP Error message SHOULD be returned.

信任锚存储必须进行指定的更新并返回社区更新确认消息。如果未返回社区更新确认消息,则应返回TAMP错误消息。

The Community Update message contains a batch of updates, and all of the updates MUST be accepted for the trust anchor store to return a successful Community Update Confirm message. The remove updates, if present, MUST be processed before the add updates. Where remove is present with an empty list, all community identifiers MUST be removed. This approach prevents community identifiers that are intended to be mutually exclusive from being installed by a successful addition and a failed removal. Where add is present, at least one community identifier MUST appear in the list.

社区更新消息包含一批更新,必须接受所有更新,信任锚点存储才能返回成功的社区更新确认消息。删除更新(如果存在)必须在添加更新之前进行处理。如果remove带有空列表,则必须删除所有社区标识符。此方法可防止通过成功添加和失败删除来安装旨在相互排斥的社区标识符。如果存在add,则列表中必须至少显示一个社区标识符。

The Community Update content type has the following syntax:

社区更新内容类型具有以下语法:

    tamp-community-update CONTENT-TYPE  ::=
       { TAMPCommunityUpdate IDENTIFIED BY id-ct-TAMP-communityUpdate }
        
    tamp-community-update CONTENT-TYPE  ::=
       { TAMPCommunityUpdate IDENTIFIED BY id-ct-TAMP-communityUpdate }
        
    id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
    id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
    TAMPCommunityUpdate ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      msgRef   TAMPMsgRef,
      updates  CommunityUpdates }
        
    TAMPCommunityUpdate ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      terse    [1] TerseOrVerbose DEFAULT verbose,
      msgRef   TAMPMsgRef,
      updates  CommunityUpdates }
        
    CommunityUpdates ::= SEQUENCE {
      remove     [1] CommunityIdentifierList OPTIONAL,
      add        [2] CommunityIdentifierList OPTIONAL }
       -- At least one MUST be present
        
    CommunityUpdates ::= SEQUENCE {
      remove     [1] CommunityIdentifierList OPTIONAL,
      add        [2] CommunityIdentifierList OPTIONAL }
       -- At least one MUST be present
        

The fields of TAMPCommunityUpdate are used as follows:

TAMPCommunityUpdate的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o terse indicates the type of response that is desired. A terse response is indicated by a value of 1, and a verbose response is indicated by a value of 2, which is omitted during encoding since it is the default value.

o 简洁表示所需的响应类型。简洁响应由值1表示,详细响应由值2表示,由于它是默认值,因此在编码过程中会忽略该值。

o msgRef contains two items: the target and the seqNum. target identifies the target(s) of the update message. The TargetIdentifier syntax as described in Section 4.1 is used. seqNum is a single-use value that will be used to match the Community Update message with the Community Update Confirm

o msgRef包含两项:target和seqNum。目标标识更新消息的目标。使用第4.1节所述的TargetIdentifier语法。seqNum是一个单次使用值,用于将社区更新消息与社区更新确认匹配

message. The sequence number is also used to detect TAMP message replay. The sequence number processing described in Section 6 MUST successfully complete before any of the updates are processed.

消息序列号还用于检测TAMP消息重播。在处理任何更新之前,必须成功完成第6节中描述的序列号处理。

o updates contains a sequence of community identifiers to be removed and a sequence of community identifiers to be added. These are represented by the CommunityUpdates structure.

o 更新包含要删除的社区标识符序列和要添加的社区标识符序列。这些由CommunityUpdates结构表示。

The CommunityUpdates is a sequence of two OPTIONAL sequences, but at least one of these sequences MUST be present. The first sequence contains community identifiers to be removed, and if there are none, it is absent. Where remove is present with an empty list, all community identifiers MUST be removed. The second sequence contains community identifiers to be added, and if there are none, it is absent. The remove updates, if present, MUST be processed before the add updates. An error is generated if any of the requested removals or additions cannot be accomplished. However, requests to remove community identifiers that are not present are treated as successful removals. Likewise, requests to add community identifiers that are already present are treated as successful additions. If an error is generated, the trust anchor store community list MUST NOT be changed.

CommunityUpdates是由两个可选序列组成的序列,但必须至少存在其中一个序列。第一个序列包含要删除的社区标识符,如果没有,则不存在。如果remove带有空列表,则必须删除所有社区标识符。第二个序列包含要添加的社区标识符,如果没有,则不存在。删除更新(如果存在)必须在添加更新之前进行处理。如果无法完成任何请求的删除或添加,则会生成错误。但是,删除不存在的社区标识符的请求将被视为成功删除。同样,添加已经存在的社区标识符的请求也被视为成功添加。如果生成错误,则不得更改信任锚点存储社区列表。

A description of the syntax associated with each of these actions follows:

以下是与这些操作相关联的语法说明:

o remove is used to remove one, multiple, or all community identifiers from the trust anchor store.

o remove用于从信任锚存储中删除一个、多个或所有社区标识符。

o add is used to insert one or more new community identifiers into the trust anchor store.

o add用于将一个或多个新社区标识符插入信任锚存储区。

4.8. Community Update Confirm
4.8. 社区更新确认

The Community Update Confirm message is a reply by a trust anchor store to a valid Community Update message. The Community Update Confirm message provides success or failure information for the requested updates. Success is returned only if the whole batch of updates is successfully processed. If any of the requested updates cannot be performed, then a failure is indicated, and the set of community identifiers stored in the trust anchor store is unchanged. The Community Update Confirm message MAY be signed or unsigned. A Community Update Confirm message MUST be signed if the trust anchor store is capable of signing it.

社区更新确认消息是信任锚存储对有效社区更新消息的回复。社区更新确认消息为请求的更新提供成功或失败信息。仅当成功处理整批更新时,才会返回Success。如果无法执行任何请求的更新,则指示失败,并且存储在信任锚点存储中的社区标识符集保持不变。社区更新确认消息可以是已签名的,也可以是未签名的。如果信任锚存储能够对社区更新确认消息进行签名,则必须对其进行签名。

The Community Update Confirm content type has the following syntax:

社区更新确认内容类型具有以下语法:

    tamp-community-update-confirm CONTENT-TYPE  ::=
       { TAMPCommunityUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-communityUpdateConfirm }
        
    tamp-community-update-confirm CONTENT-TYPE  ::=
       { TAMPCommunityUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-communityUpdateConfirm }
        
    id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::=
       { id-tamp 8 }
        
    id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::=
       { id-tamp 8 }
        
    TAMPCommunityUpdateConfirm ::= SEQUENCE {
      version      [0] TAMPVersion DEFAULT v2,
      update       TAMPMsgRef,
      commConfirm  CommunityConfirm }
        
    TAMPCommunityUpdateConfirm ::= SEQUENCE {
      version      [0] TAMPVersion DEFAULT v2,
      update       TAMPMsgRef,
      commConfirm  CommunityConfirm }
        
    CommunityConfirm ::= CHOICE {
      terseCommConfirm     [0] TerseCommunityConfirm,
      verboseCommConfirm   [1] VerboseCommunityConfirm }
        
    CommunityConfirm ::= CHOICE {
      terseCommConfirm     [0] TerseCommunityConfirm,
      verboseCommConfirm   [1] VerboseCommunityConfirm }
        
    TerseCommunityConfirm ::= StatusCode
        
    TerseCommunityConfirm ::= StatusCode
        
    VerboseCommunityConfirm ::= SEQUENCE {
      status       StatusCode,
      communities  CommunityIdentifierList OPTIONAL }
        
    VerboseCommunityConfirm ::= SEQUENCE {
      status       StatusCode,
      communities  CommunityIdentifierList OPTIONAL }
        

The fields of TAMPCommunityUpdateConfirm are used as follows:

TAMPCommunityUpdateConfirm的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o update identifies the Community Update message to which the trust anchor store is responding. The update structure repeats the TAMPMsgRef from the Community Update message (see Section 4.7). The sequence number processing described in Section 6 MUST successfully complete before any of the updates are processed.

o 更新标识信任锚存储响应的社区更新消息。更新结构从社区更新消息中重复TAMPMsgRef(参见第4.7节)。在处理任何更新之前,必须成功完成第6节中描述的序列号处理。

o commConfirm contains either a terse community update confirmation or a verbose community update confirmation. The terse response is represented by TerseCommunityConfirm, and the verbose response is represented by VerboseCommunityConfirm.

o commConfirm包含简洁的社区更新确认或详细的社区更新确认。简洁响应由TerseCommunityConfirm表示,详细响应由VerboseCommunityConfirm表示。

The TerseCommunityConfirm contains a single status code, indicating the success or failure of the Community Update message processing. If the community update failed, then the status code indicates the reason for the failure. Each of the status codes is discussed in Section 5.

TerSecomUnityConfig包含一个状态代码,指示社区更新消息处理的成功或失败。如果社区更新失败,则状态代码指示失败的原因。第5节讨论了每个状态代码。

The fields of VerboseCommunityConfirm are used as follows:

VerboseCommunityConfig的字段使用如下:

o status contains a single status code, indicating the success or failure of the Community Update message processing. If the community update failed, then the status code indicates the reason for the failure. Each of the status codes is discussed in Section 5.

o status包含一个状态代码,指示社区更新消息处理的成功或失败。如果社区更新失败,则状态代码指示失败的原因。第5节讨论了每个状态代码。

o communities is OPTIONAL. When present, it contains the sequence of community identifiers present in the trust anchor store after the update is processed. When the trust anchor store belongs to no communities, this field is omitted.

o 社区是可选的。当存在时,它包含处理更新后信任锚点存储中存在的社区标识符序列。当信任锚点存储不属于任何社区时,将忽略此字段。

4.9. Sequence Number Adjust
4.9. 序号调整

The trust anchor store maintains the current sequence number for the apex trust anchor and each management trust anchor authorized for TAMP messages. Sequence number processing is discussed in Section 6. The Sequence Number Adjust message can be used to provide the most recently used sequence number to one or more targets, thereby reducing the possibility of replay. The Sequence Number Adjust message MUST be signed. For the Sequence Number Adjust message to be valid, the trust anchor store MUST be an intended recipient of the Sequence Number Adjust message, the sequence number MUST be equal to or larger than the most recently stored sequence number for the originating trust anchor, and the digital signature MUST be validated by the apex trust anchor operational public key or an authorized management trust anchor.

信任锚存储维护apex信任锚和每个授权用于TAMP消息的管理信任锚的当前序列号。第6节讨论了序列号处理。序列号调整消息可用于向一个或多个目标提供最近使用的序列号,从而减少重播的可能性。序列号调整消息必须签名。为了使序列号调整消息有效,信任锚存储必须是序列号调整消息的预期收件人,序列号必须等于或大于发起信任锚最近存储的序列号,数字签名必须由apex信任锚操作公钥或授权管理信任锚验证。

If the digital signature on the Sequence Number Adjust message is valid, the sequence number is equal to or larger than the most recently stored sequence number for the originating trust anchor, the signer is authorized, and the trust anchor store is an intended recipient of the TAMP message, then the trust anchor store MUST update the sequence number associated with the originating trust anchor and return a Sequence Number Adjust Confirm message. If a Sequence Number Adjust Confirm message is not returned, then a TAMP Error message SHOULD be returned.

如果序列号调整消息上的数字签名有效,则序列号等于或大于发起信任锚的最近存储序列号,签名者被授权,并且信任锚存储是TAMP消息的预期接收者,然后,信任锚存储必须更新与发起信任锚关联的序列号,并返回序列号调整确认消息。如果未返回序列号调整确认消息,则应返回TAMP错误消息。

The Sequence Number Adjust message contains an adjustment for the sequence number of the TAMP message signer.

序列号调整消息包含对TAMP消息签名者序列号的调整。

The Sequence Number Adjust content type has the following syntax:

序列号调整内容类型具有以下语法:

    tamp-sequence-number-adjust CONTENT-TYPE  ::=
       { SequenceNumberAdjust IDENTIFIED BY id-ct-TAMP-seqNumAdjust }
        
    tamp-sequence-number-adjust CONTENT-TYPE  ::=
       { SequenceNumberAdjust IDENTIFIED BY id-ct-TAMP-seqNumAdjust }
        
    id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
    id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
    SequenceNumberAdjust ::= SEQUENCE {
      Version  [0] TAMPVersion DEFAULT v2,
      msgRef   TAMPMsgRef }
        
    SequenceNumberAdjust ::= SEQUENCE {
      Version  [0] TAMPVersion DEFAULT v2,
      msgRef   TAMPMsgRef }
        

The fields of SequenceNumberAdjust are used as follows:

SequenceNumberJust的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o msgRef contains two items: the target and the seqNum. target identifies the target(s) of the sequence number adjust message. The TargetIdentifier syntax as described in Section 4.1 is used. The allModules target is expected to be used for Sequence Number Adjust messages. seqNum MUST be equal to or larger than the most recently stored sequence number for this TAMP message signer, and the value will be used to match the Sequence Number Adjust message with the Sequence Number Adjust Confirm message. The sequence number processing described in Section 6 applies, except that the sequence number in a Sequence Number Adjust message is acceptable if it matches the most recently stored sequence number for this TAMP message signer. If sequence number checking completes successfully, then the sequence number is adjusted; otherwise, it remains unchanged.

o msgRef包含两项:target和seqNum。目标标识序列号调整消息的目标。使用第4.1节所述的TargetIdentifier语法。allModules目标预期用于序列号调整消息。seqNum必须等于或大于此TAMP消息签名者最近存储的序列号,该值将用于将序列号调整消息与序列号调整确认消息匹配。第6节中描述的序列号处理适用,除非序列号调整消息中的序列号与该TAMP消息签名者最近存储的序列号匹配,则该序列号调整消息中的序列号是可接受的。如果序列号检查成功完成,则调整序列号;否则,它将保持不变。

4.10. Sequence Number Adjust Confirm
4.10. 序号调整确认

The Sequence Number Adjust Confirm message is a reply by a trust anchor store to a valid Sequence Number Adjust message. The Sequence Number Adjust Confirm message provides success or failure information. Success is returned only if the sequence number for the trust anchor that signed the Sequence Number Adjust message originator is adjusted. If the sequence number cannot be adjusted, then a failure is indicated, and the sequence number stored in the trust anchor store is unchanged. The Sequence Number Adjust Confirm message MAY be signed or unsigned. A Sequence Number Adjust Confirm message MUST be signed if the trust anchor store is capable of signing it.

序列号调整确认消息是信任锚点存储对有效序列号调整消息的回复。序列号调整确认消息提供成功或失败信息。仅当签名序列号调整消息发起人的信任锚的序列号调整时,才会返回Success。如果无法调整序列号,则指示故障,并且存储在信任锚点存储中的序列号保持不变。序列号调整确认消息可以是有符号的,也可以是无符号的。如果信任锚存储能够对序列号调整确认消息进行签名,则必须对其进行签名。

The Sequence Number Adjust Confirm content type has the following syntax:

序列号调整确认内容类型具有以下语法:

    tamp-sequence-number-adjust-confirm CONTENT-TYPE  ::=
       { SequenceNumberAdjustConfirm IDENTIFIED BY
         id-ct-TAMP-seqNumAdjustConfirm }
        
    tamp-sequence-number-adjust-confirm CONTENT-TYPE  ::=
       { SequenceNumberAdjustConfirm IDENTIFIED BY
         id-ct-TAMP-seqNumAdjustConfirm }
        
    id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::=
       { id-tamp 11 }
        
    id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::=
       { id-tamp 11 }
        
    SequenceNumberAdjustConfirm ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      adjust   TAMPMsgRef,
      status   StatusCode }
        
    SequenceNumberAdjustConfirm ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      adjust   TAMPMsgRef,
      status   StatusCode }
        

The fields of SequenceNumberAdjustConfirm are used as follows:

SequenceNumberJustConfirm的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o adjust identifies the Sequence Number Adjust message to which the trust anchor store is responding. The adjust structure repeats the TAMPMsgRef from the Sequence Number Adjust message (see Section 4.9). The sequence number processing described in Section 6 MUST successfully complete to adjust the sequence number associated with the Sequence Number Adjust message originator.

o adjust标识信任锚存储响应的序列号adjust消息。调整结构重复序列号调整消息中的TAMPMsgRef(参见第4.9节)。第6节中描述的序列号处理必须成功完成,以调整与序列号调整消息发起人关联的序列号。

o status contains a single status code, indicating the success or failure of the Sequence Number Adjust message processing. If the adjustment failed, then the status code indicates the reason for the failure. Each of the status codes is discussed in Section 5.

o status包含一个状态代码,指示序列号调整消息处理的成功或失败。如果调整失败,则状态代码指示失败的原因。第5节讨论了每个状态代码。

4.11. TAMP Error
4.11. 夯实误差

The TAMP Error message is a reply by a trust anchor store to any invalid TAMP message. The TAMP Error message provides an indication of the reason for the error. The TAMP Error message MAY be signed or unsigned. A TAMP Error message MUST be signed if the trust anchor store is capable of signing it. For the request types defined in this specification, TAMP Error messages MUST NOT be used to indicate a request message was successfully processed. Each TAMP Error message identifies the type of TAMP message that caused the error. In cases where the TAMP message type cannot be determined, errors MAY be returned via other means, such as at the protocol level, via an attached display, etc.

TAMP错误消息是信任锚存储对任何无效TAMP消息的回复。TAMP错误消息提供错误原因的指示。TAMP错误消息可以是有符号的,也可以是无符号的。如果信任锚存储能够对TAMP错误消息进行签名,则必须对其进行签名。对于本规范中定义的请求类型,TAMP错误消息不得用于指示请求消息已成功处理。每个TAMP错误消息标识导致错误的TAMP消息的类型。在无法确定TAMP消息类型的情况下,可以通过其他方式返回错误,例如在协议级别,通过附加的显示器等。

The TAMP Error message content type has the following syntax:

TAMP错误消息内容类型具有以下语法:

    tamp-error CONTENT-TYPE  ::=
       { TAMPError IDENTIFIED BY id-ct-TAMP-error }
        
    tamp-error CONTENT-TYPE  ::=
       { TAMPError IDENTIFIED BY id-ct-TAMP-error }
        
    id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
    id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
    TAMPError ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      msgType  OBJECT IDENTIFIER,
      status   StatusCode,
      msgRef   TAMPMsgRef OPTIONAL }
        
    TAMPError ::= SEQUENCE {
      version  [0] TAMPVersion DEFAULT v2,
      msgType  OBJECT IDENTIFIER,
      status   StatusCode,
      msgRef   TAMPMsgRef OPTIONAL }
        

The fields of TAMPError are used as follows:

TAMPError的字段使用如下:

o version identifies version of TAMP. For this version of the specification, the default value, v2, MUST be used.

o 版本标识TAMP的版本。对于此版本的规范,必须使用默认值v2。

o msgType indicates the content type of the TAMP message that caused the error.

o msgType指示导致错误的TAMP消息的内容类型。

o status contains a status code that indicates the reason for the error. Each of the status codes is discussed in Section 5.

o status包含一个状态代码,指示错误原因。第5节讨论了每个状态代码。

o msgRef is OPTIONAL, but whenever possible it SHOULD be present. It identifies the TAMP message that caused the error. It repeats the target and seqNum from the TAMP message that caused the error (see Sections 4.1, 4.3, 4.5, 4.7, and 4.9).

o msgRef是可选的,但只要可能,它就应该存在。它标识导致错误的TAMP消息。它从导致错误的TAMP消息中重复目标和seqNum(参见第4.1、4.3、4.5、4.7和4.9节)。

5. Status Codes
5. 状态代码

The Trust Anchor Update Confirm, the Apex Trust Anchor Update Confirm, the Community Update Confirm, the Sequence Number Adjust Confirm, and the TAMP Error messages include status codes. The syntax for the status codes is:

信任锚更新确认、Apex信任锚更新确认、社区更新确认、序列号调整确认和TAMP错误消息包括状态代码。状态代码的语法为:

     StatusCode ::= ENUMERATED {
       success                            (0),
       decodeFailure                      (1),
       badContentInfo                     (2),
       badSignedData                      (3),
       badEncapContent                    (4),
       badCertificate                     (5),
       badSignerInfo                      (6),
       badSignedAttrs                     (7),
       badUnsignedAttrs                   (8),
       missingContent                     (9),
       noTrustAnchor                     (10),
        
     StatusCode ::= ENUMERATED {
       success                            (0),
       decodeFailure                      (1),
       badContentInfo                     (2),
       badSignedData                      (3),
       badEncapContent                    (4),
       badCertificate                     (5),
       badSignerInfo                      (6),
       badSignedAttrs                     (7),
       badUnsignedAttrs                   (8),
       missingContent                     (9),
       noTrustAnchor                     (10),
        

notAuthorized (11), badDigestAlgorithm (12), badSignatureAlgorithm (13), unsupportedKeySize (14), unsupportedParameters (15), signatureFailure (16), insufficientMemory (17), unsupportedTAMPMsgType (18), apexTAMPAnchor (19), improperTAAddition (20), seqNumFailure (21), contingencyPublicKeyDecrypt (22), incorrectTarget (23), communityUpdateFailed (24), trustAnchorNotFound (25), unsupportedTAAlgorithm (26), unsupportedTAKeySize (27), unsupportedContinPubKeyDecryptAlg (28), missingSignature (29), resourcesBusy (30), versionNumberMismatch (31), missingPolicySet (32), revokedCertificate (33), unsupportedTrustAnchorFormat (34), improperTAChange (35), malformed (36), cmsError (37), unsupportedTargetIdentifier (38), other (127) }

未授权(11)、badDigestAlgorithm(12)、badSignatureAlgorithm(13)、unsupportedKeySize(14)、unsupportedParameters(15)、signatureFailure(16)、内存不足(17)、UnsupportedAmpMsgType(18)、apexTAMPAnchor(19)、不正确的添加(20)、seqNumFailure(21)、意外发布密码(22)、不正确的目标(23)、communityUpdateFailed(24)、trustAnchorNotFound(25)、unsupportedTAAlgorithm(26)、unsupportedTAKeySize(27)、UnsupportedContinuPubKeyDecryptalG(28)、missingSignature(29)、resourcesBusy(30)、versionNumberMismatch(31)、missingPolicySet(32)、revokedCertificate(33)、unsupportedTrustAnchorFormat(34)、IncorTranschange(35)、格式错误(36)、cmsError(37),无支持的目标识别器(38),其他(127)}

The various values of StatusCode are used as follows:

StatusCode的各种值使用如下:

o success is used to indicate that an update, portion of an update, or adjust was processed successfully.

o 成功用于指示更新、更新的一部分或调整已成功处理。

o decodeFailure is used to indicate that the trust anchor store was unable to successfully decode the provided message. The specified content type and the provided content do not match.

o decodeFailure用于指示信任锚点存储无法成功解码所提供的消息。指定的内容类型与提供的内容不匹配。

o badContentInfo is used to indicate that the ContentInfo syntax is invalid or that the contentType carried within the ContentInfo is unknown or unsupported.

o badContentInfo用于指示ContentInfo语法无效或ContentInfo中包含的contentType未知或不受支持。

o badSignedData is used to indicate that the SignedData syntax is invalid, the version is unknown or unsupported, or more than one entry is present in digestAlgorithms.

o badSignedData用于指示SignedData语法无效、版本未知或不受支持,或者digestAlgorithms中存在多个条目。

o badEncapContent is used to indicate that the EncapsulatedContentInfo syntax is invalid. This error can be generated due to problems located in SignedData.

o badEncapContent用于指示封装的ContentInfo语法无效。由于SignedData中存在的问题,可能会生成此错误。

o badCertificate is used to indicate that the syntax for one or more certificates in CertificateSet is invalid.

o badCertificate用于指示CertificateSet中一个或多个证书的语法无效。

o badSignerInfo is used to indicate that the SignerInfo syntax is invalid, or the version is unknown or unsupported.

o badSignerInfo用于指示SignerInfo语法无效,或版本未知或不受支持。

o badSignedAttrs is used to indicate that the signedAttrs syntax within SignerInfo is invalid.

o badSignedAttrs用于指示SignerInfo中的signedAttrs语法无效。

o badUnsignedAttrs is used to indicate that the unsignedAttrs syntax within SignerInfo is invalid.

o badUnsignedAttrs用于指示SignerInfo中的unsignedAttrs语法无效。

o missingContent is used to indicate that the OPTIONAL eContent is missing in EncapsulatedContentInfo, which is REQUIRED in this specification. This error can be generated due to problems located in SignedData.

o missingContent用于指示在封装的ContentInfo中缺少可选的eContent,这是本规范所要求的。由于SignedData中存在的问题,可能会生成此错误。

o noTrustAnchor is used to indicate one of two possible error situations. In one case, the subjectKeyIdentifier does not identify the public key of a trust anchor or a certification path that terminates with an installed trust anchor. In the other case, the issuerAndSerialNumber is used to identify the TAMP message signer, which is prohibited by this specification.

o noTrustAnchor用于指示两种可能的错误情况之一。在一种情况下,subjectKeyIdentifier不标识以安装的信任锚点终止的信任锚点或证书路径的公钥。在另一种情况下,issuerAndSerialNumber用于标识TAMP消息签名者,这是本规范所禁止的。

o notAuthorized is used to indicate one of two possible error situations. In one case, the sid within SignerInfo leads to an installed trust anchor, but that trust anchor is not an authorized signer for the received TAMP message content type. Identity trust anchors are not authorized signers for any of the TAMP message content types. In the other case, the signer of a Trust Anchor Update message is not authorized to manage the to-be-updated trust anchor as determined by a failure of the subordination processing in Section 7.

o notAuthorized用于指示两种可能的错误情况之一。在一种情况下,SignerInfo中的sid导致安装了信任锚,但该信任锚不是接收到的TAMP消息内容类型的授权签名者。身份信任锚不是任何TAMP消息内容类型的授权签名者。在另一种情况下,信任锚更新消息的签名者未被授权管理由第7部分中的从属处理失败确定的待更新信任锚。

o badDigestAlgorithm is used to indicate that the digestAlgorithm in either SignerInfo or SignedData is unknown or unsupported.

o badDigestAlgorithm用于指示SignerInfo或SignedData中的digestAlgorithm未知或不受支持。

o badSignatureAlgorithm is used to indicate that the signatureAlgorithm in SignerInfo is unknown or unsupported.

o badSignatureAlgorithm用于指示SignerInfo中的signatureAlgorithm未知或不受支持。

o unsupportedKeySize is used to indicate that the signatureAlgorithm in SignerInfo is known and supported, but the TAMP message digital signature could not be validated because an unsupported key size was employed by the signer.

o unsupportedKeySize用于指示SignerInfo中的signatureAlgorithm已知并受支持,但无法验证TAMP消息数字签名,因为签名者使用了不受支持的密钥大小。

o unsupportedParameters is used to indicate that the signatureAlgorithm in SignerInfo is known, but the TAMP message digital signature could not be validated because unsupported parameters were employed by the signer.

o unsupportedParameters用于指示SignerInfo中的signatureAlgorithm是已知的,但无法验证TAMP消息数字签名,因为签名者使用了不支持的参数。

o signatureFailure is used to indicate that the signatureAlgorithm in SignerInfo is known and supported, but the digital signature in the signature field within SignerInfo could not be validated.

o signatureFailure用于指示SignerInfo中的signatureAlgorithm是已知的并受支持的,但无法验证SignerInfo中signature字段中的数字签名。

o insufficientMemory indicates that the update could not be processed because the trust anchor store did not have sufficient memory to store the resulting trust anchor configuration or community identifier.

o 内存不足表示无法处理更新,因为信任锚点存储没有足够的内存来存储生成的信任锚点配置或社区标识符。

o unsupportedTAMPMsgType indicates that the TAMP message could not be processed because the trust anchor store does not support the provided TAMP message type. This code will be used if the id-ct-TAMP-communityUpdate content type is provided and the trust anchor store does not support the Community Update message. This status code will also be used if the contentType value within eContentType is not one that is defined in this specification.

o unsupportedTAMPMsgType表示无法处理TAMP消息,因为信任锚点存储不支持提供的TAMP消息类型。如果提供了id ct TAMP communityUpdate内容类型,并且信任锚点存储不支持社区更新消息,则将使用此代码。如果eContentType中的contentType值不是本规范中定义的值,也将使用此状态代码。

o apexTAMPAnchor indicates that the update could not be processed because the Trust Anchor Update message tried to remove the apex trust anchor.

o apexTAMPAnchor表示无法处理更新,因为信任锚点更新消息试图删除apex信任锚点。

o improperTAAddition indicates that a trust anchor update is trying to add a new trust anchor that may already exist, but some attributes of the to-be-added trust anchor are being modified in an improper manner. The desired trust anchor configuration may be attainable with a change operation instead of an add operation.

o ImpropertAddition表示信任锚点更新正在尝试添加可能已存在的新信任锚点,但正在以不正确的方式修改待添加信任锚点的某些属性。期望的信任锚配置可以通过更改操作而不是添加操作来实现。

o seqNumFailure indicates that the TAMP message could not be processed because the processing of the sequence number, which is described in Section 6, resulted in an error.

o seqNumFailure表示无法处理TAMP消息,因为第6节中描述的序列号处理导致错误。

o contingencyPublicKeyDecrypt indicates that the update could not be processed because an error occurred while decrypting the contingency public key.

o OrtentialPublicKeyDecrypt表示无法处理更新,因为解密应急公钥时出错。

o incorrectTarget indicates that the query, update, or adjust message could not be processed because the trust anchor store is not the intended recipient.

o incorrectTarget表示无法处理查询、更新或调整消息,因为信任锚点存储不是预期的收件人。

o communityUpdateFailed indicates that the community update requested the addition of a community identifier or the removal of a community identifier, but the request could not be honored.

o communityUpdateFailed表示社区更新请求添加社区标识符或删除社区标识符,但无法满足该请求。

o trustAnchorNotFound indicates that a change to a trust anchor was requested, but the referenced trust anchor is not represented in the trust anchor store.

o trustAnchorNotFound表示请求对信任锚点进行更改,但引用的信任锚点未在信任锚点存储中表示。

o unsupportedTAAlgorithm indicates that an update message would result in the trust anchor with a public key associated with a digital signature validation algorithm that is not implemented. In addition, this status code is used if the algorithm is supported, but the parameters associated with the algorithm are not supported.

o unsupportedTAAlgorithm表示更新消息将导致信任锚点具有与未实现的数字签名验证算法关联的公钥。此外,如果支持算法,但不支持与算法关联的参数,则使用此状态代码。

o unsupportedTAKeySize indicates that the trust anchor would include a public key of a size that is not supported.

o unsupportedTAKeySize表示信任锚点将包含大小不受支持的公钥。

o unsupportedContinPubKeyDecryptAlg indicates that the decryption algorithm for the apex trust anchor contingency public key is not supported.

o UnsupportedContinuPubKeyDecryptalg表示不支持apex信任锚应急公钥的解密算法。

o missingSignature indicates that an unsigned TAMP message was received, but the received TAMP message type MUST be signed.

o missingSignature表示接收到未签名的TAMP消息,但必须对接收到的TAMP消息类型进行签名。

o resourcesBusy indicates that the resources necessary to process the TAMP message are not available at the present time, but the resources might be available at some point in the future.

o resourcesBusy表示处理TAMP消息所需的资源目前不可用,但这些资源可能在将来某个时候可用。

o versionNumberMismatch indicates that the version number in a received TAMP message is not acceptable.

o versionNumberMismatch表示接收到的TAMP消息中的版本号不可接受。

o missingPolicySet indicates that the policyFlags associated with a trust anchor are set in a fashion that requires the policySet to be present, but the policySet is missing.

o missingPolicySet表示与信任锚点关联的PolicyFlag的设置方式要求policySet存在,但policySet缺失。

o revokedCertificate indicates that one or more of the certificates needed to properly process the TAMP message have been revoked.

o revokedCertificate表示正确处理TAMP消息所需的一个或多个证书已被吊销。

o unsupportedTrustAnchorFormat indicates that an unsupported trust anchor format was presented or the version is unknown or unsupported.

o unsupportedTrustAnchorFormat表示提供了不受支持的信任锚格式,或者版本未知或不受支持。

o improperTAChange indicates that a trust anchor update is trying to change a new trust anchor using a format different than the format of the existing trust anchor.

o ImpropertChange表示信任锚点更新正在尝试使用不同于现有信任锚点格式的格式更改新的信任锚点。

o malformed indicates an error in the composition of the CMS structure encapsulating a TAMP message.

o 格式错误表示封装TAMP消息的CMS结构的组成中存在错误。

o cmsError indicates an error processing a CMS structure that encapsulated a TAMP message, such as an error processing ContentType or MessageDigest attributes.

o cmsError表示处理封装TAMP消息的CMS结构时出错,例如处理ContentType或MessageDigest属性时出错。

o unsupportedTargetIdentifier indicates that a msgRef with an unsupported TargetIdentifier option was encountered.

o unsupportedTargetIdentifier表示遇到带有不受支持的TargetIdentifier选项的msgRef。

o other indicates that the update could not be processed, but the reason is not covered by any of the assigned status codes. Use of this status code SHOULD be avoided.

o other表示无法处理更新,但原因不在任何分配的状态代码中。应避免使用此状态代码。

6. Sequence Number Processing
6. 序列号处理

The sequence number processing facilities in TAMP represent a balance between replay protection, operational considerations, and trust anchor store memory management. The goal is to provide replay protection without making TAMP difficult to use, creating an environment where surprising error conditions occur on a regular basis, or imposing onerous memory management requirements on implementations. This balance is achieved by performing sequence number checking on TAMP messages that are validated directly using a trust anchor, and allowing these checks to be skipped whenever the TAMP message originator is not represented by a trust anchor. Implementations MUST perform sequence number checking on TAMP messages that are validated directly using a trust anchor and MAY perform sequence number checking for TAMP messages validated using a certification path.

TAMP中的序列号处理设施代表了重播保护、操作注意事项和信任锚存储内存管理之间的平衡。我们的目标是提供重播保护,而不使TAMP难以使用,创建一个经常发生意外错误情况的环境,或对实现施加繁重的内存管理要求。这种平衡是通过对直接使用信任锚验证的TAMP消息执行序列号检查来实现的,并允许在TAMP消息发起人未由信任锚表示时跳过这些检查。实现必须对直接使用信任锚验证的TAMP消息执行序列号检查,并且可以对使用认证路径验证的TAMP消息执行序列号检查。

The TAMP Status Query, Trust Anchor Update, Apex Trust Anchor Update, Community Update, and Sequence Number Adjust messages include a sequence number. This single-use identifier is used to match a TAMP message with the response to that TAMP message. When the TAMP message is validated directly using a trust anchor, the sequence number is also used to detect TAMP message replay.

TAMP状态查询、信任锚更新、Apex信任锚更新、社区更新和序列号调整消息包括序列号。此一次性标识符用于将TAMP消息与对该TAMP消息的响应相匹配。当使用信任锚直接验证TAMP消息时,序列号也用于检测TAMP消息重播。

To provide replay protection, each TAMP message originator MUST treat the sequence number as a monotonically increasing non-negative integer. The sequence number counter is associated with the signing operation performed by the private key. The trust anchor store MUST ensure that a newly received TAMP message that is validated directly by a trust anchor public key contains a sequence number that is greater than the most recent successfully processed TAMP message from that originator. Note that the Sequence Number Adjust message is considered valid if the sequence number is greater than or equal to the most recent successfully processed TAMP message from that

为了提供重播保护,每个TAMP消息发起者必须将序列号视为单调递增的非负整数。序列号计数器与私钥执行的签名操作相关联。信任锚存储区必须确保新收到的由信任锚公钥直接验证的TAMP消息包含的序列号大于来自该发起者的最近成功处理的TAMP消息。请注意,如果序列号大于或等于来自该消息的最近成功处理的TAMP消息,则序列号调整消息被视为有效

originator. If the sequence number in a received TAMP message does not meet these conditions, then the trust anchor store MUST reject the TAMP message, returning a sequence number failure (seqNumFailure) error.

发起者。如果收到的TAMP消息中的序列号不符合这些条件,则信任锚点存储必须拒绝TAMP消息,并返回序列号失败(seqNumFailure)错误。

Whenever a trust anchor is authorized for TAMP messages, either as a newly installed trust anchor or as a modification to an existing trust anchor, if a sequence number value is not provided in the Trust Anchor Update message, memory MUST be allocated for the sequence number and set to zero. The first TAMP message received that is validated using that trust anchor is not rejected based on sequence number checks, and the sequence number from that first TAMP message is stored. The TAMP message recipient MUST maintain a database of the most recent sequence number from a successfully processed TAMP message from a trust anchor. The index for this database is the trust anchor public key. This could be the apex trust anchor operational public key or a management trust anchor public key. In the first case, the apex trust anchor operational public key is used directly to validate the TAMP message digital signature. In the second case, a management trust anchor public key is used directly to validate the TAMP message digital signature.

每当信任锚被授权用于TAMP消息时,无论是作为新安装的信任锚还是作为对现有信任锚的修改,如果信任锚更新消息中未提供序列号值,则必须为序列号分配内存并将其设置为零。根据序列号检查,未拒绝使用该信任锚点验证的接收到的第一条TAMP消息,并存储来自该第一条TAMP消息的序列号。TAMP邮件收件人必须维护一个数据库,其中包含来自信任锚成功处理的TAMP邮件的最新序列号。此数据库的索引是信任锚公钥。这可以是apex信任锚操作公钥或管理信任锚公钥。在第一种情况下,直接使用apex trust anchor操作公钥验证TAMP消息数字签名。在第二种情况下,直接使用管理信任锚公钥来验证TAMP消息数字签名。

Sequence number values MUST be 64-bit non-negative integers. Since ASN.1 encoding of an INTEGER always includes a sign bit, a TAMP message signer can generate 9,223,372,036,854,775,807 TAMP messages before exhausting the 64-bit sequence number space, before which the TAMP message signer MUST transition to a different public/private key pair. The ability to reset a sequence number provided by the Trust Anchor Update and Sequence Number Adjust messages is not intended to avoid the transition to a different key pair; rather, it is intended to aid recovery from operational errors. A relatively small non-volatile storage requirement is imposed on the trust anchor store for the apex trust anchor and each management trust anchor authorized for TAMP messages.

序列号值必须是64位非负整数。由于整数的ASN.1编码始终包含符号位,因此TAMP消息签名者可以在耗尽64位序列号空间之前生成9223372036854775807 TAMP消息,在此之前,TAMP消息签名者必须转换到不同的公钥/私钥对。重置信任锚更新和序列号调整消息提供的序列号的能力不是为了避免转换到不同的密钥对;相反,它旨在帮助从操作错误中恢复。对于apex信任锚和授权用于TAMP消息的每个管理信任锚,对信任锚存储施加了相对较小的非易失性存储要求。

When the apex trust anchor or a management trust anchor is replaced or removed from the trust anchor store, the associated sequence number storage SHOULD be reclaimed.

当从信任锚存储中替换或移除apex信任锚或管理信任锚时,应回收关联的序列号存储。

7. Subordination Processing
7. 从属处理

When a TAMP update message is processed, several checks are performed:

处理TAMP update消息时,将执行多项检查:

o TAMP message authentication is checked including, if necessary, building and validating a certification path to the signer.

o 检查TAMP消息身份验证,如有必要,包括建立和验证签名者的认证路径。

o The signer's authorization is checked, including authorization to manage trust anchors included in the update message.

o 将检查签名者的授权,包括管理更新消息中包含的信任锚的授权。

o Calculation of the trust anchor information to be stored.

o 计算要存储的信任锚信息。

This section describes how to perform the second and third steps. Section 1.2 discusses authentication of TAMP messages. Where a trust anchor is represented as a certificate and the calculation of the trust anchor information to be stored is different than the information in the certificate, the TAMP update fails. The TAMP message signer may then wrap the certificate inside a TrustAnchorInfo structure to assert the intended information.

本节介绍如何执行第二步和第三步。第1.2节讨论TAMP消息的身份验证。当信任锚被表示为证书并且要存储的信任锚信息的计算不同于证书中的信息时,TAMP更新失败。然后,TAMP消息签名者可以将证书包装在TrustAnchorInfo结构中,以断言预期的信息。

The apex trust anchor is unconstrained, which means that subordination checking need not be performed on Trust Anchor Update messages signed with the apex trust anchor operational public key and that trust anchor information can be stored as it appears in the update message. Subordination checking is performed as part of the validation process of all other Trust Anchor Update messages.

apex trust anchor是无约束的,这意味着不需要对使用apex trust anchor操作公钥签名的trust anchor更新消息执行从属检查,并且可以存储更新消息中显示的信任锚信息。从属关系检查作为所有其他信任锚点更新消息的验证过程的一部分执行。

For a Trust Anchor Update message that is not signed with the apex trust anchor operational public key to be valid, the digital signature MUST be validated using an authorized trust anchor, either directly or via an X.509 certification path originating with the apex trust anchor operational public key or an authorized management trust anchor. The following subordination checks MUST also be performed as part of validation of the update message.

对于未使用apex Trust Anchor操作公钥签名的信任锚更新消息,必须使用授权的信任锚直接或通过使用apex Trust Anchor操作公钥或授权的管理信任锚发起的X.509认证路径验证数字签名。作为更新消息验证的一部分,还必须执行以下从属关系检查。

Each Trust Anchor Update message contains one or more individual updates, each of which is used to add, modify, or remove a trust anchor. For each individual update, the constraints of the TAMP message signer MUST be greater than or equal to the constraints of the trust anchor in the update. Specifically, constraints included in the CertPathControls field of a TrustAnchorInfo object (or equivalent extensions in Certificate or TBSCertificate objects) must be checked as described below. [RFC5280] describes how the intersection and union operations referenced below are performed.

每个信任锚更新消息包含一个或多个单独的更新,每个更新用于添加、修改或删除信任锚。对于每个单独的更新,TAMP消息签名者的约束必须大于或等于更新中信任锚的约束。具体而言,必须按如下所述检查TrustAnchorInfo对象(或证书或TBSCertificate对象中的等效扩展名)的CertPathControls字段中包含的约束。[RFC5280]描述了如何执行以下引用的相交和并集操作。

o The values of the policy flags stored with a trust anchor as the result of a TAMPUpdate are either true or equal to the value of the policy flags associated with the TAMP message signer, i.e., an update may set a flag to false only if the value associated with the TAMP message signer is false. The policy flags associated with the TAMP message signer are read from the policyFlags field or policyConstraints and inhibitAnyPolicy extensions if the signer

o 作为TAMP更新的结果,与信任锚一起存储的策略标志的值要么为真,要么等于与TAMP消息签名者相关联的策略标志的值,即,仅当与TAMP消息签名者相关联的值为假时,更新才可以将标志设置为假。与TAMP消息签名者关联的策略标志从policyFlags字段或policyConstraints中读取,如果签名者

is represented as a trust anchor or from the explicit_policy, policy_mapping, and inhibit_anyPolicy state variables following path validation if the signer is not represented as a trust anchor.

表示为信任锚点,或者如果签名者未表示为信任锚点,则表示为路径验证后的显式策略、策略映射和禁止策略状态变量。

o The certificate policies stored with a trust anchor as the result of a TAMPUpdate are equal to the intersection of the value of the certificate policies associated with the TAMP message signer and the value of the policySet field or certificatePolicies extension from the update. The certificate policies associated with the TAMP message signer are read from the policySet field in a TrustAnchorInfo or certificatePolicies extension in a Certificate or TBSCertificate if the signer is represented as a trust anchor or from the valid_policy_tree returned following path validation if the signer is not represented by a trust anchor. Where the TAMP message signer is represented as a trust anchor, no policy mapping is performed. If the intersection is NULL and the to-be-stored requireExplicitPolicy value is true, the TAMP update fails.

o 作为TAMP更新的结果,与信任锚点一起存储的证书策略等于与TAMP消息签名者关联的证书策略的值与来自更新的policySet字段或CertificatePolicys扩展的值的交集。与TAMP消息签名者关联的证书策略从证书或TBSCertificate中TrustAnchorInfo或CertificatePolicys扩展的policySet字段读取(如果签名者表示为信任锚),或者从路径验证后返回的有效_policy_树读取(如果签名者未表示为信任)锚如果TAMP消息签名者表示为信任锚,则不执行策略映射。如果交叉点为NULL且待存储的requireExplicitPolicy值为true,则TAMP更新失败。

o The excluded names stored with a trust anchor as the result of a TAMPUpdate are equal to the union of the excluded names associated with the TAMP message signer and the value from the nameConstr field or nameConstraints extension from the update. The name constraints associated with the TAMP message signer are read from the nameConstr field in a TrustAnchorInfo or nameConstraints extension in a Certificate or TBSCertificate if the signer is a trust anchor or from the excludedSubtrees state variable following path validation if the signer is not a trust anchor. The name of the trust anchor included in the update MUST NOT fall within the excluded name space of the TAMP signer. If the name of the trust anchor falls within the excluded name space of the TAMP signer, the TAMP update fails.

o 作为TAMP更新的结果,存储在信任锚点中的排除名称等于与TAMP消息签名者关联的排除名称与更新中的nameConstr字段或nameConstraints扩展的值的并集。与TAMP消息签名者关联的名称约束将从TrustAnchorInfo中的nameConstr字段读取,如果签名者是信任锚,则从证书或TBSCertificate中的nameConstraints扩展名读取,如果签名者不是信任锚,则从路径验证后的excludedSubtrees状态变量读取。更新中包含的信任锚点的名称不得位于TAMP签名者的排除名称空间内。如果信任锚点的名称位于TAMP签名者排除的名称空间内,则TAMP更新失败。

o The permitted names stored with a trust anchor as the result of a TAMPUpdate are equal to the intersection of the permitted names associated with the TAMP message signer and the value from the nameConstr field or nameConstraints extension from the update. The name constraints associated with the TAMP message signer are read from the nameConstr field in a TrustAnchorInfo or nameConstraints extension in a Certificate or TBSCertificate if the signer is a trust anchor or from the permittedSubtrees state variable following path validation if the signer is not a trust anchor. The name of the trust anchor included in the update MUST fall within the permitted name space of the TAMP signer. If the name of the trust anchor does not fall within the permitted name space of the TAMP signer, the TAMP update fails. If the intersection is NULL for all name forms, the TAMP update fails.

o 作为TAMPUpdate的结果,与信任锚点一起存储的允许名称等于与TAMP消息签名者关联的允许名称与来自更新的nameConstr字段或nameConstraints扩展的值的交集。与TAMP消息签名者相关联的名称约束从TrustAnchorInfo中的nameConstr字段读取,如果签名者是信任锚,则从证书或TBSCertificate中的nameConstraints扩展名读取,如果签名者不是信任锚,则从路径验证后的permittedSubtrees状态变量读取。更新中包含的信任锚点的名称必须位于TAMP签名者允许的名称空间内。如果信任锚的名称不在TAMP签名者允许的名称空间内,则TAMP更新失败。如果所有名称表单的交叉点都为空,则TAMP更新失败。

No other extensions defined in [RFC5280] must be processed as part of subordination processing. Other extensions may define subordination rules.

[RFC5280]中定义的任何其他扩展都不得作为从属处理的一部分进行处理。其他扩展可以定义从属规则。

8. Implementation Considerations
8. 实施考虑

A public key identifier is used to identify a TAMP message signer. Since there is no guarantee that the same public key identifier is not associated with more than one public key, implementations MUST be prepared for one or more trust anchors to have the same public key identifier. In practical terms, this means that when a digital signature validation fails, the implementation MUST see if there is another trust anchor with the same public key identifier that can be used to validate the digital signature. While duplicate public key identifiers are expected to be rare, implementations MUST NOT fail to find the correct trust anchor when they do occur.

公钥标识符用于标识TAMP消息签名者。由于不能保证同一公钥标识符不与多个公钥相关联,因此必须为一个或多个信任锚具有相同公钥标识符的实现做好准备。实际上,这意味着当数字签名验证失败时,实现必须查看是否有另一个具有相同公钥标识符的信任锚可用于验证数字签名。虽然重复的公钥标识符预计很少见,但实现在发生时一定不能找不到正确的信任锚。

An X.500 distinguished name is used to identify certificate issuers and certificate subjects. The same X.500 distinguished name can be associated with more than one trust anchor. However, the trust anchor public key will be different. The probability that two trust anchors will have the same X.500 distinguished name and the same public key identifier but a different public key is diminishingly small. Therefore, the authority key identifier certificate extension can be used to resolve X.500 distinguished name collisions.

X.500可分辨名称用于识别证书颁发者和证书主体。同一个X.500可分辨名称可以与多个信任锚关联。但是,信任锚公钥将不同。两个信任锚具有相同的X.500可分辨名称和相同的公钥标识符,但具有不同公钥的概率越来越小。因此,授权密钥标识符证书扩展可用于解决X.500可分辨名称冲突。

TAMP assumes a reliable underlying transport protocol.

TAMP采用可靠的底层传输协议。

9. Wrapped Apex Contingency Key Certificate Extension
9. 包装的Apex应急密钥证书扩展

An apex trust anchor MAY contain contingency key information using the WrappedApexContingencyKey extension. The extension uses the ApexContingencyKey structure as defined below.

apex信任锚点可能包含使用WrappedAppExcontingencyKey扩展的应急密钥信息。扩展使用以下定义的APEXCONTINGECYKEY结构。

    ApexContingencyKey ::= SEQUENCE {
      wrapAlgorithm        AlgorithmIdentifier OPTIONAL,
      wrappedContinPubKey  OCTET STRING  OPTIONAL }
        
    ApexContingencyKey ::= SEQUENCE {
      wrapAlgorithm        AlgorithmIdentifier OPTIONAL,
      wrappedContinPubKey  OCTET STRING  OPTIONAL }
        

The fields of ApexContingencyKey are used as described below. When one field is present, both MUST be present. When one field is absent, both MUST be absent. The fields are allowed to be absent to enable usage of this extension as a means of indicating that the corresponding public key is recognized as an apex trust anchor by some relying parties.

APEXCONTINGECYKEY字段的使用如下所述。当一个字段存在时,两个字段都必须存在。当一个字段不存在时,两个字段都必须不存在。允许不存在这些字段,以允许将此扩展用作指示相应公钥被某些依赖方识别为apex信任锚的方法。

o wrapAlgorithm identifies the symmetric algorithm used to encrypt the apex trust anchor contingency public key. If this public key is ever needed, the symmetric key needed to decrypt it will be

o wrapAlgorithm识别用于加密apex信任锚应急公钥的对称算法。如果需要此公钥,则解密它所需的对称密钥将是

provided in the message that is to be validated using it. The algorithm identifier is an AlgorithmIdentifier, which contains an object identifier and OPTIONAL parameters. The object identifier indicates the syntax of the parameters, if present.

在要使用它进行验证的消息中提供。算法标识符是一个算法标识符,它包含一个对象标识符和可选参数。对象标识符指示参数的语法(如果存在)。

o wrappedContinPubKey is the encrypted apex trust anchor contingency public key. Once decrypted, it yields the PublicKeyInfo structure, which consists of the algorithm identifier followed by the public key itself. The algorithm identifier is an AlgorithmIdentifier that contains an object identifier and OPTIONAL parameters. The object identifier indicates the format of the public key and the syntax of the parameters, if present. The public key is encoded as a BIT STRING.

o WrappedContinuPubKey是加密的apex信任锚应急公钥。一旦解密,它将生成PublicKeyInfo结构,该结构由算法标识符和公钥本身组成。算法标识符是包含对象标识符和可选参数的算法标识符。对象标识符指示公钥的格式和参数的语法(如果存在)。公钥被编码为位字符串。

The WrappedApexContingencyKey certificate extension MAY be critical, and it MUST appear at most one time in a set of extensions. The apex trust anchor info extension is identified by the id-pe-wrappedApexContinKey object identifier:

WrappedAppExcontingencyKey证书扩展可能是关键的,它必须在一组扩展中最多出现一次。apex信任锚信息扩展由id pe WrappedAppExcontinkey对象标识符标识:

         id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
             { iso(1) identified-organization(3) dod(6) internet(1)
               security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
         id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
             { iso(1) identified-organization(3) dod(6) internet(1)
               security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
10. Security Considerations
10. 安全考虑

The majority of this specification is devoted to the syntax and semantics of TAMP messages. It relies on other specifications, especially [RFC5914], [RFC3852], and [RFC5280], for the syntax and semantics of trust anchors, intermediate CMS content types, and X.509 certificates, respectively. Since TAMP messages that change the trust anchor state of a trust anchor store are always signed by a Trust Anchor Manager, no further data integrity or data origin authentication mechanisms are needed; however, no confidentiality for these messages is provided. Similarly, certificates are digitally signed, and no additional data integrity or data origin authentication mechanisms are needed. Trust anchor configurations, Trust Anchor Manager certificates, and trust anchor store certificates are not intended to be sensitive. As a result, this specification does not provide for confidentiality of TAMP messages.

本规范的大部分内容致力于TAMP消息的语法和语义。它依赖于其他规范,特别是[RFC5914]、[RFC3852]和[RFC5280],分别用于信任锚、中间CMS内容类型和X.509证书的语法和语义。由于更改信任锚存储的信任锚状态的TAMP消息始终由信任锚管理器签名,因此不需要进一步的数据完整性或数据源身份验证机制;但是,未提供这些消息的保密性。同样,证书是数字签名的,不需要额外的数据完整性或数据源身份验证机制。信任锚点配置、信任锚点管理器证书和信任锚点存储证书不是敏感的。因此,本规范不提供TAMP消息的机密性。

Security factors outside the scope of this specification greatly affect the assurance provided. The procedures used by certification authorities (CAs) to validate the binding of the subject identity to their public key greatly affect the assurance associated with the resulting certificate. This is particularly important when issuing certificates to other CAs. In the context of TAMP, the issuance of an end entity certificate under a management trust anchor is an act of delegation. However, such end entities cannot further delegate.

本规范范围之外的安全因素对所提供的保证有很大影响。认证机构(CA)用于验证主体身份与其公钥的绑定的过程极大地影响了与生成的证书相关的保证。这在向其他CA颁发证书时尤为重要。在TAMP的上下文中,根据管理信托锚发布最终实体证书是一种委托行为。但是,这样的最终实体不能进一步委托。

On the other hand, issuance of a CA certificate under a management trust anchor is an act of delegation where the CA can perform further delegation. The scope of the delegation can be constrained by including appropriate certificate extensions in a CA certificate.

另一方面,在管理信任锚下颁发CA证书是一种委托行为,CA可以执行进一步的委托。可以通过在CA证书中包含适当的证书扩展来限制委派的范围。

X.509 certification path construction involves comparison of X.500 distinguished names. Inconsistent application of name comparison rules can result in acceptance of invalid X.509 certification paths or rejection of valid ones. Name comparison can be extremely complex. To avoid imposing this complexity on trust anchor stores, any certificate profile used with TAMP SHOULD employ simple name structures and impose rigorous restrictions on acceptable distinguished names, including the way that they are encoded. The goal of that certificate profile should be to enable simple binary comparison. That is, case conversion, character set conversion, white space compression, and leading and trailing white space trimming SHOULD be avoided.

X.509认证路径构建涉及X.500可分辨名称的比较。名称比较规则的不一致应用可能导致接受无效的X.509认证路径或拒绝有效路径。名称比较可能非常复杂。为了避免对信任锚存储施加这种复杂性,与TAMP一起使用的任何证书配置文件都应该使用简单的名称结构,并对可接受的可分辨名称施加严格的限制,包括它们的编码方式。该证书配置文件的目标应该是启用简单的二进制比较。也就是说,应该避免大小写转换、字符集转换、空白压缩以及前导和尾随空白修剪。

Some digital signature algorithms (DSAs) require the generation of random one-time values. For example, when generating a DSA digital signature, the signer MUST generate a random k value [DSS]. Also, the generation of public/private key pairs relies on random numbers.

一些数字签名算法(DSA)需要生成随机的一次性值。例如,在生成DSA数字签名时,签名者必须生成随机k值[DSS]。此外,公钥/私钥对的生成依赖于随机数。

The use of an inadequate random number generator (RNG) or an inadequate pseudo-random number generator (PRNG) to generate such cryptographic values can result in little or no security. An attacker may find it much easier to reproduce the random number generation environment, searching the resulting small set of possibilities, rather than brute-force searching the whole space.

使用不适当的随机数生成器(RNG)或不适当的伪随机数生成器(PRNG)生成此类加密值可能导致很少或没有安全性。攻击者可能会发现,复制随机数生成环境、搜索生成的一小部分可能性比暴力搜索整个空间要容易得多。

Compromise of an identity trust anchor private key permits unauthorized parties to issue certificates that will be acceptable to all trust anchor stores configured with the corresponding identity trust anchor. The unauthorized private key holder will be limited by the certification path controls associated with the identity trust anchor. For example, clearance constraints in the identity trust anchor will determine the clearances that will be accepted in certificates that are issued by the unauthorized private key holder.

身份信任锚私钥的泄露允许未经授权的方颁发证书,这些证书将被配置了相应身份信任锚的所有信任锚存储区接受。未经授权的私钥持有者将受到与身份信任锚关联的认证路径控制的限制。例如,身份信任锚中的清除约束将确定未经授权的私钥持有人颁发的证书中可接受的清除。

Compromise of a management trust anchor private key permits unauthorized parties to generate signed messages that will be acceptable to all trust anchor stores configured with the corresponding management trust anchor. All devices that include the compromised management trust anchor can be configured as desired by the unauthorized private key holder within the limits of the subordination checks described in Section 7. If the management trust anchor is associated with content types other than TAMP, then the unauthorized private key holder can generate signed messages of that

管理信任锚点私钥的泄露允许未经授权的各方生成签名消息,这些消息将被配置了相应管理信任锚点的所有信任锚点存储所接受。在第7节所述的从属检查的限制范围内,未经授权的私钥持有人可以根据需要配置包括受损管理信任锚的所有设备。如果管理信任锚与TAMP以外的内容类型相关联,则未经授权的私钥持有者可以生成该内容的签名消息

type. For example, if the management trust anchor is associated with firmware packages, then the unauthorized private key holder can install different firmware.

类型例如,如果管理信任锚与固件包关联,则未经授权的私钥持有者可以安装不同的固件。

Compromise of the apex trust anchor operational private key permits unauthorized parties to generate signed messages that will be acceptable to all trust anchor stores configured with the corresponding apex trust anchor. All devices that include that apex trust anchor can be configured as desired by the unauthorized private key holder, and the unauthorized private key holder can generate signed messages of any content type. The optional contingency private key offers a potential way to recover from such a compromise.

apex trust anchor操作私钥的泄露允许未经授权的各方生成签名消息,这些消息将被配置了相应apex trust anchor的所有信任anchor存储区接受。包括该apex信任锚的所有设备可以由未经授权的私钥持有人根据需要进行配置,并且未经授权的私钥持有人可以生成任何内容类型的签名消息。可选的应急私钥提供了一种从这种妥协中恢复的潜在方法。

The compromise of a CA's private key leads to the same type of problems as the compromise of an identity or a management trust anchor private key. The unauthorized private key holder will be limited by the certification path controls and extensions associated with the trust anchor.

CA私钥的泄露会导致与身份或管理信任锚私钥泄露相同类型的问题。未经授权的私钥持有人将受到与信任锚关联的认证路径控制和扩展的限制。

The compromise of an end entity private key leads to the same type of problems as the compromise of an identity or a management trust anchor private key, except that the end entity is unable to issue any certificates. The unauthorized private key holder will be limited by the certification path controls and extensions associated with the trust anchor.

终端实体私钥的泄露会导致与身份或管理信任锚私钥泄露相同类型的问题,但终端实体无法颁发任何证书除外。未经授权的私钥持有人将受到与信任锚关联的认证路径控制和扩展的限制。

Compromise of a trust anchor store's digital signature private key permits unauthorized parties to generate signed TAMP response messages, masquerading as the trust anchor store.

信任锚存储的数字签名私钥的泄露允许未授权方生成签名的TAMP响应消息,伪装为信任锚存储。

Premature disclosure of the key-encryption key used to encrypt the apex trust anchor contingency public key may result in early exposure of the apex trust anchor contingency public key.

过早公开用于加密apex trust anchor应急公钥的密钥加密密钥可能导致apex trust anchor应急公钥的提前公开。

TAMP implementations need to be able to parse messages and certificates. Care must be taken to ensure that there are no implementation defects in the TAMP message parser or the processing that acts on the message content. A validation suite is one way to increase confidence in the parsing of TAMP messages, CMS content types, attributes, certificates, and extensions.

TAMP实现需要能够解析消息和证书。必须注意确保TAMP消息解析器或作用于消息内容的处理中没有实现缺陷。验证套件是提高TAMP消息、CMS内容类型、属性、证书和扩展解析可信度的一种方法。

TrustAnchorList messages do not provide a replay detection mechanism. Where TrustAnchorList messages are accepted as an alternative means of adding trust anchors to a trust anchor store, applications may require additional mechanisms to address the risks associated with replay of old TrustAnchorList messages.

信任列表消息不提供重播检测机制。在接受TrustAnchorList消息作为向信任锚存储添加信任锚的替代方法的情况下,应用程序可能需要额外的机制来解决与重播旧的TrustAnchorList消息相关的风险。

As sequence number values are used to detect replay attempts, trust anchor store managers must take care to maintain their own sequence number state, i.e., knowledge of which sequence number to include in the next TAMP message generated by the trust anchor store manager. Loss of sequence number state can result in generation of TAMP messages that cannot be processed due to seqNumFailure. In the event of loss, sequence number state can be restored by inspecting the most recently generated TAMP message, provided the messages are logged, or in collaboration with a trust anchor store manager who can successfully issue a TAMPStatusQuery message.

由于序列号值用于检测重播尝试,信任锚点存储管理器必须注意维护其自己的序列号状态,即知道信任锚点存储管理器生成的下一个TAMP消息中要包含的序列号。序列号状态的丢失可能导致生成由于seqNumFailure而无法处理的TAMP消息。在丢失的情况下,可以通过检查最近生成的TAMP消息来恢复序列号状态,前提是这些消息已被记录,或者与能够成功发出TAMPStatusQuery消息的信任锚点存储管理器协作。

11. IANA Considerations
11. IANA考虑

The details of TAMP requests and responses are communicated using object identifiers (OIDs). The objects are defined in an arc delegated by IANA to the PKIX working group. This document also includes eleven media type registrations in Appendix B. No further action by IANA is necessary for this document or any anticipated updates.

TAMP请求和响应的详细信息使用对象标识符(OID)进行通信。这些对象在IANA委托给PKIX工作组的arc中定义。本文件还包括附录B中的十一种媒体类型注册。IANA无需对本文件或任何预期更新采取进一步行动。

12. References
12. 工具书类
12.1. Normative References
12.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.

[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。

[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, September 2009.

[RFC5652]Housley,R.,“加密消息语法(CMS)”,RFC 56522009年9月。

[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, June 2010.

[RFC5912]Hoffman,P.和J.Schaad,“使用X.509(PKIX)的公钥基础设施的新ASN.1模块”,RFC 5912,2010年6月。

[RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Format", RFC 5914, June 2010.

[RFC5914]Housley,R.,Ashmore,S.,和C.Wallace,“信任锚格式”,RFC 59142010年6月。

[X.680] "ITU-T Recommendation X.680 - Information Technology - Abstract Syntax Notation One", 1997.

[X.680]“ITU-T建议X.680——信息技术——抽象语法符号一”,1997年。

[X.690] "ITU-T Recommendation X.690 - Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", 1997.

[X.690]“ITU-T建议X.690-信息技术-ASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范”,1997年。

12.2. Informative References
12.2. 资料性引用

[DSS] "FIPS Pub 186: Digital Signature Standard", May 1994.

[DSS]“FIPS Pub 186:数字签名标准”,1994年5月。

[PKCS#6] "PKCS #6: Extended-Certificate Syntax Standard, Version 1.5", November 1993.

[PKCS#6]“PKCS#6:扩展证书语法标准,1.5版”,1993年11月。

[RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279, April 2002.

[RFC3279]Bassham,L.,Polk,W.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件的算法和标识符”,RFC 3279,2002年4月。

[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002.

[RFC3370]Housley,R.,“加密消息语法(CMS)算法”,RFC3370,2002年8月。

[RFC4049] Housley, R., "BinaryTime: An Alternate Format for Representing Date and Time in ASN.1", RFC 4049, April 2005.

[RFC4049]Housley,R.,“二进制时间:在ASN.1中表示日期和时间的替代格式”,RFC 4049,2005年4月。

[RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages", RFC 4108, August 2005.

[RFC4108]Housley,R.“使用加密消息语法(CMS)保护固件包”,RFC 4108,2005年8月。

[RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)", RFC 5753, January 2010.

[RFC5753]Turner,S.和D.Brown,“加密消息语法(CMS)中椭圆曲线加密(ECC)算法的使用”,RFC 5753,2010年1月。

[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, January 2010.

[RFC5754]Turner,S.,“将SHA2算法与加密消息语法结合使用”,RFC 5754,2010年1月。

[RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet Attribute Certificate Profile for Authorization", RFC 5755, January 2010.

[RFC5755]Farrell,S.,Housley,R.,和S.Turner,“用于授权的互联网属性证书配置文件”,RFC 57552010年1月。

[TA-MGMT-REQS] Reddy, R. and C. Wallace, "Trust Anchor Management Requirements", Work in Progress, March 2010.

[TA-MGMT-REQS]Reddy,R.和C.Wallace,“信托锚管理要求”,正在进行的工作,2010年3月。

[X.208] "ITU-T Recommendation X.208 - Specification of Abstract Syntax Notation One (ASN.1)", 1988.

[X.208]“ITU-T建议X.208-抽象语法符号一规范(ASN.1)”,1988年。

[X.509] "ITU-T Recommendation X.509 - The Directory - Authentication Framework", 2000.

[X.509]“ITU-T建议X.509——目录——认证框架”,2000年。

Appendix A. ASN.1 Modules
附录A.ASN.1模块
   Appendix A.1 provides the normative ASN.1 definitions for the
   structures described in this specification using ASN.1 as defined in
   [X.680].  Appendix A.2 provides a module using ASN.1 as defined in
   [X.208].  The module in Appendix A.2 removes usage of newer ASN.1
   features that provide support for limiting the types of elements that
   may appear in certain SEQUENCE and SET constructions.  Otherwise, the
   modules are compatible in terms of encoded representation, i.e., the
   modules are bits-on-the-wire compatible aside from the limitations on
   SEQUENCE and SET constituents.  Extension markers are not used due to
   lack of support in [X.208].  Appendix A.2 is included as a courtesy
   to developers using ASN.1 compilers that do not support current
   ASN.1.  Appendix A.1 includes definitions imported from [RFC5280],
   [RFC5912], and [RFC5914].
        
   Appendix A.1 provides the normative ASN.1 definitions for the
   structures described in this specification using ASN.1 as defined in
   [X.680].  Appendix A.2 provides a module using ASN.1 as defined in
   [X.208].  The module in Appendix A.2 removes usage of newer ASN.1
   features that provide support for limiting the types of elements that
   may appear in certain SEQUENCE and SET constructions.  Otherwise, the
   modules are compatible in terms of encoded representation, i.e., the
   modules are bits-on-the-wire compatible aside from the limitations on
   SEQUENCE and SET constituents.  Extension markers are not used due to
   lack of support in [X.208].  Appendix A.2 is included as a courtesy
   to developers using ASN.1 compilers that do not support current
   ASN.1.  Appendix A.1 includes definitions imported from [RFC5280],
   [RFC5912], and [RFC5914].
        
A.1. ASN.1 Module Using 1993 Syntax
A.1. 使用1993语法的ASN.1模块
   TAMP-Protocol-v2
   { joint-iso-ccitt(2) country(16) us(840) organization(1)
     gov(101) dod(2) infosec(1) modules(0) 30 }
        
   TAMP-Protocol-v2
   { joint-iso-ccitt(2) country(16) us(840) organization(1)
     gov(101) dod(2) infosec(1) modules(0) 30 }
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   IMPORTS
   TrustAnchorChoice, TrustAnchorTitle, CertPathControls
   FROM TrustAnchorInfoModule
      { joint-iso-ccitt(2) country(16) us(840)
      organization(1) gov(101) dod(2) infosec(1)
      modules(0) 33 }
   AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, KEY-WRAP
   FROM AlgorithmInformation-2009
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-algorithmInformation-02(58)}
   Certificate, Name, TBSCertificate,
   CertificateSerialNumber, Validity, SubjectPublicKeyInfo
   FROM PKIX1Explicit-2009 -- from [RFC5912]
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-explicit-02(51)}
   KeyIdentifier, OTHER-NAME
   FROM PKIX1Implicit-2009 -- from [RFC5912]
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-implicit-02(59)}
   EXTENSION, Extensions {}, ATTRIBUTE, SingleAttribute{}
        
   IMPORTS
   TrustAnchorChoice, TrustAnchorTitle, CertPathControls
   FROM TrustAnchorInfoModule
      { joint-iso-ccitt(2) country(16) us(840)
      organization(1) gov(101) dod(2) infosec(1)
      modules(0) 33 }
   AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, KEY-WRAP
   FROM AlgorithmInformation-2009
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-algorithmInformation-02(58)}
   Certificate, Name, TBSCertificate,
   CertificateSerialNumber, Validity, SubjectPublicKeyInfo
   FROM PKIX1Explicit-2009 -- from [RFC5912]
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-explicit-02(51)}
   KeyIdentifier, OTHER-NAME
   FROM PKIX1Implicit-2009 -- from [RFC5912]
      {iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-implicit-02(59)}
   EXTENSION, Extensions {}, ATTRIBUTE, SingleAttribute{}
        
   FROM PKIX-CommonTypes-2009 -- from [RFC5912]
      { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkixCommon-02(57) }         ;
        
   FROM PKIX-CommonTypes-2009 -- from [RFC5912]
      { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkixCommon-02(57) }         ;
        

-- Object Identifier Arc for TAMP Message Content Types

--TAMP消息内容类型的对象标识符弧

   id-tamp OBJECT IDENTIFIER ::= {
   joint-iso-ccitt(2) country(16) us(840) organization(1)
   gov(101) dod(2) infosec(1) formats(2) 77 }
        
   id-tamp OBJECT IDENTIFIER ::= {
   joint-iso-ccitt(2) country(16) us(840) organization(1)
   gov(101) dod(2) infosec(1) formats(2) 77 }
        
   SupportedSigAlgorithms SIGNATURE-ALGORITHM ::= {
      -- add any locally defined algorithms here
      ...
   }
        
   SupportedSigAlgorithms SIGNATURE-ALGORITHM ::= {
      -- add any locally defined algorithms here
      ...
   }
        
   SupportedWrapAlgorithms KEY-WRAP ::= {
      -- add any locally defined algorithms here
      ...
   }
        
   SupportedWrapAlgorithms KEY-WRAP ::= {
      -- add any locally defined algorithms here
      ...
   }
        

-- CMS Content Types

--内容类型

   CONTENT-TYPE  ::= TYPE-IDENTIFIER
        
   CONTENT-TYPE  ::= TYPE-IDENTIFIER
        
   TAMPContentTypes CONTENT-TYPE  ::= {
     tamp-status-query |
     tamp-status-response |
     tamp-update |
     tamp-update-confirm |
     tamp-apex-update |
     tamp-apex-update-confirm |
     tamp-community-update |
     tamp-community-update-confirm |
     tamp-sequence-number-adjust |
     tamp-sequence-number-adjust-confirm |
     tamp-error,
     ... -- Expect additional content types --
     }
        
   TAMPContentTypes CONTENT-TYPE  ::= {
     tamp-status-query |
     tamp-status-response |
     tamp-update |
     tamp-update-confirm |
     tamp-apex-update |
     tamp-apex-update-confirm |
     tamp-community-update |
     tamp-community-update-confirm |
     tamp-sequence-number-adjust |
     tamp-sequence-number-adjust-confirm |
     tamp-error,
     ... -- Expect additional content types --
     }
        
   -- TAMP Status Query Message
   tamp-status-query CONTENT-TYPE  ::=
     { TAMPStatusQuery IDENTIFIED BY id-ct-TAMP-statusQuery }
        
   -- TAMP Status Query Message
   tamp-status-query CONTENT-TYPE  ::=
     { TAMPStatusQuery IDENTIFIED BY id-ct-TAMP-statusQuery }
        
   id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
   id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
   TAMPStatusQuery ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     query           TAMPMsgRef }
        
   TAMPStatusQuery ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     query           TAMPMsgRef }
        
   TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
   TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
   TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
   TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
   SeqNumber ::= INTEGER (0..9223372036854775807)
        
   SeqNumber ::= INTEGER (0..9223372036854775807)
        
   TAMPMsgRef ::= SEQUENCE {
     target          TargetIdentifier,
     seqNum          SeqNumber }
        
   TAMPMsgRef ::= SEQUENCE {
     target          TargetIdentifier,
     seqNum          SeqNumber }
        
   TargetIdentifier ::= CHOICE {
     hwModules    [1] HardwareModuleIdentifierList,
     communities  [2] CommunityIdentifierList,
     allModules   [3] NULL,
     uri          [4] IA5String,
     otherName    [5] INSTANCE OF OTHER-NAME }
        
   TargetIdentifier ::= CHOICE {
     hwModules    [1] HardwareModuleIdentifierList,
     communities  [2] CommunityIdentifierList,
     allModules   [3] NULL,
     uri          [4] IA5String,
     otherName    [5] INSTANCE OF OTHER-NAME }
        
   HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
   HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
   HardwareModules ::= SEQUENCE {
     hwType          OBJECT IDENTIFIER,
     hwSerialEntries SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
   HardwareModules ::= SEQUENCE {
     hwType          OBJECT IDENTIFIER,
     hwSerialEntries SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
   HardwareSerialEntry ::= CHOICE {
     all             NULL,
     single          OCTET STRING,
     block           SEQUENCE {
       low             OCTET STRING,
       high            OCTET STRING } }
        
   HardwareSerialEntry ::= CHOICE {
     all             NULL,
     single          OCTET STRING,
     block           SEQUENCE {
       low             OCTET STRING,
       high            OCTET STRING } }
        
   CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
   CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
   Community ::= OBJECT IDENTIFIER
        
   Community ::= OBJECT IDENTIFIER
        

-- TAMP Status Response Message

--TAMP状态响应消息

   tamp-status-response CONTENT-TYPE  ::=
     { TAMPStatusResponse IDENTIFIED BY id-ct-TAMP-statusResponse }
        
   tamp-status-response CONTENT-TYPE  ::=
     { TAMPStatusResponse IDENTIFIED BY id-ct-TAMP-statusResponse }
        
   id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
   id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
   TAMPStatusResponse ::= SEQUENCE {
     version   [0] TAMPVersion DEFAULT v2,
     query     TAMPMsgRef,
     response  StatusResponse,
     usesApex  BOOLEAN DEFAULT TRUE }
        
   TAMPStatusResponse ::= SEQUENCE {
     version   [0] TAMPVersion DEFAULT v2,
     query     TAMPMsgRef,
     response  StatusResponse,
     usesApex  BOOLEAN DEFAULT TRUE }
        
   StatusResponse ::= CHOICE {
     terseResponse         [0] TerseStatusResponse,
     verboseResponse       [1] VerboseStatusResponse }
        
   StatusResponse ::= CHOICE {
     terseResponse         [0] TerseStatusResponse,
     verboseResponse       [1] VerboseStatusResponse }
        
   TerseStatusResponse ::= SEQUENCE {
     taKeyIds              KeyIdentifiers,
     communities           CommunityIdentifierList OPTIONAL }
        
   TerseStatusResponse ::= SEQUENCE {
     taKeyIds              KeyIdentifiers,
     communities           CommunityIdentifierList OPTIONAL }
        
   KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
   KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
   VerboseStatusResponse ::= SEQUENCE {
     taInfo                 TrustAnchorChoiceList,
     continPubKeyDecryptAlg [0] AlgorithmIdentifier
                   {KEY-WRAP, {SupportedWrapAlgorithms}} OPTIONAL,
     communities            [1] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
   VerboseStatusResponse ::= SEQUENCE {
     taInfo                 TrustAnchorChoiceList,
     continPubKeyDecryptAlg [0] AlgorithmIdentifier
                   {KEY-WRAP, {SupportedWrapAlgorithms}} OPTIONAL,
     communities            [1] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
   TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
   TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
   TAMPSequenceNumber ::= SEQUENCE {
     keyId       KeyIdentifier,
     seqNumber   SeqNumber }
        
   TAMPSequenceNumber ::= SEQUENCE {
     keyId       KeyIdentifier,
     seqNumber   SeqNumber }
        
   TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF TAMPSequenceNumber
        
   TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF TAMPSequenceNumber
        

-- Trust Anchor Update Message

--信任锚更新消息

   tamp-update CONTENT-TYPE  ::=
     { TAMPUpdate IDENTIFIED BY id-ct-TAMP-update }
        
   tamp-update CONTENT-TYPE  ::=
     { TAMPUpdate IDENTIFIED BY id-ct-TAMP-update }
        
   id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
   id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
   TAMPUpdate ::= SEQUENCE {
     version  [0] TAMPVersion DEFAULT v2,
     terse    [1] TerseOrVerbose DEFAULT verbose,
     msgRef   TAMPMsgRef,
     updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
     tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
   TAMPUpdate ::= SEQUENCE {
     version  [0] TAMPVersion DEFAULT v2,
     terse    [1] TerseOrVerbose DEFAULT verbose,
     msgRef   TAMPMsgRef,
     updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
     tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
   TrustAnchorUpdate ::= CHOICE {
     add             [1] TrustAnchorChoice,
     remove          [2] SubjectPublicKeyInfo,
     change          [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
   TrustAnchorUpdate ::= CHOICE {
     add             [1] TrustAnchorChoice,
     remove          [2] SubjectPublicKeyInfo,
     change          [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
   TrustAnchorChangeInfoChoice ::= CHOICE {
     tbsCertChange  [0] TBSCertificateChangeInfo,
     taChange       [1] TrustAnchorChangeInfo }
        
   TrustAnchorChangeInfoChoice ::= CHOICE {
     tbsCertChange  [0] TBSCertificateChangeInfo,
     taChange       [1] TrustAnchorChangeInfo }
        
   TBSCertificateChangeInfo  ::=  SEQUENCE  {
     serialNumber         CertificateSerialNumber OPTIONAL,
     signature            [0] AlgorithmIdentifier
             {SIGNATURE-ALGORITHM, {SupportedSigAlgorithms}} OPTIONAL,
     issuer               [1] Name OPTIONAL,
     validity             [2] Validity OPTIONAL,
     subject              [3] Name OPTIONAL,
     subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
     exts                 [5] EXPLICIT Extensions{{...}} OPTIONAL }
        
   TBSCertificateChangeInfo  ::=  SEQUENCE  {
     serialNumber         CertificateSerialNumber OPTIONAL,
     signature            [0] AlgorithmIdentifier
             {SIGNATURE-ALGORITHM, {SupportedSigAlgorithms}} OPTIONAL,
     issuer               [1] Name OPTIONAL,
     validity             [2] Validity OPTIONAL,
     subject              [3] Name OPTIONAL,
     subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
     exts                 [5] EXPLICIT Extensions{{...}} OPTIONAL }
        
   TrustAnchorChangeInfo ::= SEQUENCE {
     pubKey          SubjectPublicKeyInfo,
     keyId           KeyIdentifier OPTIONAL,
     taTitle         TrustAnchorTitle OPTIONAL,
     certPath        CertPathControls OPTIONAL,
     exts            [1] Extensions{{...}} OPTIONAL }
        
   TrustAnchorChangeInfo ::= SEQUENCE {
     pubKey          SubjectPublicKeyInfo,
     keyId           KeyIdentifier OPTIONAL,
     taTitle         TrustAnchorTitle OPTIONAL,
     certPath        CertPathControls OPTIONAL,
     exts            [1] Extensions{{...}} OPTIONAL }
        

-- Trust Anchor Update Confirm Message

--信任锚更新确认消息

   tamp-update-confirm CONTENT-TYPE  ::=
     { TAMPUpdateConfirm IDENTIFIED BY id-ct-TAMP-updateConfirm }
        
   tamp-update-confirm CONTENT-TYPE  ::=
     { TAMPUpdateConfirm IDENTIFIED BY id-ct-TAMP-updateConfirm }
        
   id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
   id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
   TAMPUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     update                TAMPMsgRef,
     confirm               UpdateConfirm }
        
   TAMPUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     update                TAMPMsgRef,
     confirm               UpdateConfirm }
        
   UpdateConfirm ::= CHOICE {
     terseConfirm          [0] TerseUpdateConfirm,
     verboseConfirm        [1] VerboseUpdateConfirm }
        
   UpdateConfirm ::= CHOICE {
     terseConfirm          [0] TerseUpdateConfirm,
     verboseConfirm        [1] VerboseUpdateConfirm }
        
   TerseUpdateConfirm ::= StatusCodeList
        
   TerseUpdateConfirm ::= StatusCodeList
        
   StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
   StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
   VerboseUpdateConfirm ::= SEQUENCE {
     status          StatusCodeList,
     taInfo          TrustAnchorChoiceList,
     tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
     usesApex        BOOLEAN DEFAULT TRUE }
        
   VerboseUpdateConfirm ::= SEQUENCE {
     status          StatusCodeList,
     taInfo          TrustAnchorChoiceList,
     tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
     usesApex        BOOLEAN DEFAULT TRUE }
        

-- Apex Trust Anchor Update Message

--Apex信任锚更新消息

   tamp-apex-update CONTENT-TYPE  ::=
       { TAMPApexUpdate IDENTIFIED BY id-ct-TAMP-apexUpdate }
        
   tamp-apex-update CONTENT-TYPE  ::=
       { TAMPApexUpdate IDENTIFIED BY id-ct-TAMP-apexUpdate }
        
   id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
   id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
   TAMPApexUpdate ::= SEQUENCE {
     version            [0] TAMPVersion DEFAULT v2,
     terse              [1] TerseOrVerbose DEFAULT verbose,
     msgRef             TAMPMsgRef,
     clearTrustAnchors  BOOLEAN,
     clearCommunities   BOOLEAN,
     seqNumber          SeqNumber OPTIONAL,
     apexTA             TrustAnchorChoice }
        
   TAMPApexUpdate ::= SEQUENCE {
     version            [0] TAMPVersion DEFAULT v2,
     terse              [1] TerseOrVerbose DEFAULT verbose,
     msgRef             TAMPMsgRef,
     clearTrustAnchors  BOOLEAN,
     clearCommunities   BOOLEAN,
     seqNumber          SeqNumber OPTIONAL,
     apexTA             TrustAnchorChoice }
        

-- Apex Trust Anchor Update Confirm Message

--Apex信任锚更新确认消息

   tamp-apex-update-confirm CONTENT-TYPE  ::=
     { TAMPApexUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-apexUpdateConfirm }
        
   tamp-apex-update-confirm CONTENT-TYPE  ::=
     { TAMPApexUpdateConfirm IDENTIFIED BY
         id-ct-TAMP-apexUpdateConfirm }
        
   id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
   id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
   TAMPApexUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     apexReplace           TAMPMsgRef,
     apexConfirm           ApexUpdateConfirm }
        
   TAMPApexUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     apexReplace           TAMPMsgRef,
     apexConfirm           ApexUpdateConfirm }
        
   ApexUpdateConfirm ::= CHOICE {
     terseApexConfirm      [0] TerseApexUpdateConfirm,
     verboseApexConfirm    [1] VerboseApexUpdateConfirm }
        
   ApexUpdateConfirm ::= CHOICE {
     terseApexConfirm      [0] TerseApexUpdateConfirm,
     verboseApexConfirm    [1] VerboseApexUpdateConfirm }
        
   TerseApexUpdateConfirm ::= StatusCode
        
   TerseApexUpdateConfirm ::= StatusCode
        
   VerboseApexUpdateConfirm ::= SEQUENCE {
     status                  StatusCode,
     taInfo                  TrustAnchorChoiceList,
     communities            [0] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        
   VerboseApexUpdateConfirm ::= SEQUENCE {
     status                  StatusCode,
     taInfo                  TrustAnchorChoiceList,
     communities            [0] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        

-- Community Update Message

--社区更新信息

   tamp-community-update CONTENT-TYPE  ::=
     { TAMPCommunityUpdate IDENTIFIED BY id-ct-TAMP-communityUpdate }
        
   tamp-community-update CONTENT-TYPE  ::=
     { TAMPCommunityUpdate IDENTIFIED BY id-ct-TAMP-communityUpdate }
        
   id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
   id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
   TAMPCommunityUpdate ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     msgRef          TAMPMsgRef,
     updates         CommunityUpdates }
        
   TAMPCommunityUpdate ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     msgRef          TAMPMsgRef,
     updates         CommunityUpdates }
        
   CommunityUpdates ::= SEQUENCE {
     remove       [1] CommunityIdentifierList OPTIONAL,
     add          [2] CommunityIdentifierList OPTIONAL }
     -- At least one must be present
        
   CommunityUpdates ::= SEQUENCE {
     remove       [1] CommunityIdentifierList OPTIONAL,
     add          [2] CommunityIdentifierList OPTIONAL }
     -- At least one must be present
        

-- Community Update Confirm Message

--社区更新确认消息

   tamp-community-update-confirm CONTENT-TYPE  ::=
     { TAMPCommunityUpdateConfirm IDENTIFIED BY
       id-ct-TAMP-communityUpdateConfirm }
        
   tamp-community-update-confirm CONTENT-TYPE  ::=
     { TAMPCommunityUpdateConfirm IDENTIFIED BY
       id-ct-TAMP-communityUpdateConfirm }
        
   id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::=
     { id-tamp 8 }
        
   id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::=
     { id-tamp 8 }
        
   TAMPCommunityUpdateConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     update          TAMPMsgRef,
     commConfirm     CommunityConfirm }
        
   TAMPCommunityUpdateConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     update          TAMPMsgRef,
     commConfirm     CommunityConfirm }
        
   CommunityConfirm ::= CHOICE {
     terseCommConfirm      [0] TerseCommunityConfirm,
     verboseCommConfirm    [1] VerboseCommunityConfirm }
        
   CommunityConfirm ::= CHOICE {
     terseCommConfirm      [0] TerseCommunityConfirm,
     verboseCommConfirm    [1] VerboseCommunityConfirm }
        
   TerseCommunityConfirm ::= StatusCode
        
   TerseCommunityConfirm ::= StatusCode
        
   VerboseCommunityConfirm ::= SEQUENCE {
     status          StatusCode,
     communities     CommunityIdentifierList OPTIONAL }
        
   VerboseCommunityConfirm ::= SEQUENCE {
     status          StatusCode,
     communities     CommunityIdentifierList OPTIONAL }
        

-- Sequence Number Adjust Message

--序列号调整消息

   tamp-sequence-number-adjust CONTENT-TYPE  ::=
     { SequenceNumberAdjust IDENTIFIED BY id-ct-TAMP-seqNumAdjust }
        
   tamp-sequence-number-adjust CONTENT-TYPE  ::=
     { SequenceNumberAdjust IDENTIFIED BY id-ct-TAMP-seqNumAdjust }
        
   id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
   id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
   SequenceNumberAdjust ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
        
   SequenceNumberAdjust ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
        

msgRef TAMPMsgRef }

msgRef TAMPMsgRef}

-- Sequence Number Adjust Confirm Message

--序列号调整确认消息

   tamp-sequence-number-adjust-confirm CONTENT-TYPE  ::=
     { SequenceNumberAdjustConfirm IDENTIFIED BY
       id-ct-TAMP-seqNumAdjustConfirm }
        
   tamp-sequence-number-adjust-confirm CONTENT-TYPE  ::=
     { SequenceNumberAdjustConfirm IDENTIFIED BY
       id-ct-TAMP-seqNumAdjustConfirm }
        
   id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::= { id-tamp 11 }
        
   id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::= { id-tamp 11 }
        
   SequenceNumberAdjustConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     adjust          TAMPMsgRef,
     status          StatusCode }
        
   SequenceNumberAdjustConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     adjust          TAMPMsgRef,
     status          StatusCode }
        

-- TAMP Error Message

--TAMP错误消息

   tamp-error CONTENT-TYPE  ::=
     { TAMPError IDENTIFIED BY id-ct-TAMP-error }
        
   tamp-error CONTENT-TYPE  ::=
     { TAMPError IDENTIFIED BY id-ct-TAMP-error }
        
   id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
   id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
   TAMPError ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgType         OBJECT IDENTIFIER,
     status          StatusCode,
     msgRef          TAMPMsgRef OPTIONAL }
        
   TAMPError ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgType         OBJECT IDENTIFIER,
     status          StatusCode,
     msgRef          TAMPMsgRef OPTIONAL }
        

-- Status Codes

--状态代码

   StatusCode ::= ENUMERATED {
     success                            (0),
     decodeFailure                      (1),
     badContentInfo                     (2),
     badSignedData                      (3),
     badEncapContent                    (4),
     badCertificate                     (5),
     badSignerInfo                      (6),
     badSignedAttrs                     (7),
     badUnsignedAttrs                   (8),
     missingContent                     (9),
     noTrustAnchor                     (10),
     notAuthorized                     (11),
     badDigestAlgorithm                (12),
     badSignatureAlgorithm             (13),
        
   StatusCode ::= ENUMERATED {
     success                            (0),
     decodeFailure                      (1),
     badContentInfo                     (2),
     badSignedData                      (3),
     badEncapContent                    (4),
     badCertificate                     (5),
     badSignerInfo                      (6),
     badSignedAttrs                     (7),
     badUnsignedAttrs                   (8),
     missingContent                     (9),
     noTrustAnchor                     (10),
     notAuthorized                     (11),
     badDigestAlgorithm                (12),
     badSignatureAlgorithm             (13),
        

unsupportedKeySize (14), unsupportedParameters (15), signatureFailure (16), insufficientMemory (17), unsupportedTAMPMsgType (18), apexTAMPAnchor (19), improperTAAddition (20), seqNumFailure (21), contingencyPublicKeyDecrypt (22), incorrectTarget (23), communityUpdateFailed (24), trustAnchorNotFound (25), unsupportedTAAlgorithm (26), unsupportedTAKeySize (27), unsupportedContinPubKeyDecryptAlg (28), missingSignature (29), resourcesBusy (30), versionNumberMismatch (31), missingPolicySet (32), revokedCertificate (33), unsupportedTrustAnchorFormat (34), improperTAChange (35), malformed (36), cmsError (37), unsupportedTargetIdentifier (38), other (127) }

不受支持的密钥大小(14)、不受支持的参数(15)、签名文件(16)、内存不足(17)、不受支持的AmpMsgType(18)、apexTAMPAnchor(19)、不正确的添加(20)、seqNumFailure(21)、意外发布密码(22)、不正确的目标(23)、社区更新文件(24)、trustAnchorNotFound(25)、不受支持的算法(26),未经支持的密钥解密(27)、未经支持的持续发布密钥解密(28)、缺少签名(29)、资源库(30)、版本号匹配(31)、缺少策略集(32)、撤销证书(33)、未经支持的密钥解密格式(34)、不正确的更改(35)、格式错误(36)、cmsError(37)、未经支持的目标标识符(38)、其他(127)}

-- Object Identifier Arc for Attributes

--属性的对象标识符弧

   id-attributes OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
     us(840) organization(1) gov(101) dod(2) infosec(1) 5 }
        
   id-attributes OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
     us(840) organization(1) gov(101) dod(2) infosec(1) 5 }
        
   -- TAMP Unsigned Attributes
   -- These attributes are unsigned attributes and go into the
   --    UnsignedAttributes set in [RFC5652]
        
   -- TAMP Unsigned Attributes
   -- These attributes are unsigned attributes and go into the
   --    UnsignedAttributes set in [RFC5652]
        
   TAMPUnsignedAttributes ATTRIBUTE ::= {
     contingency-public-key-decrypt-key,
     ... -- Expect additional attributes --
     }
        
   TAMPUnsignedAttributes ATTRIBUTE ::= {
     contingency-public-key-decrypt-key,
     ... -- Expect additional attributes --
     }
        

-- contingency-public-key-decrypt-key unsigned attribute

--应急公钥解密密钥未签名属性

   contingency-public-key-decrypt-key ATTRIBUTE ::= {
     TYPE PlaintextSymmetricKey IDENTIFIED BY
     id-aa-TAMP-contingencyPublicKeyDecryptKey }
        
   contingency-public-key-decrypt-key ATTRIBUTE ::= {
     TYPE PlaintextSymmetricKey IDENTIFIED BY
     id-aa-TAMP-contingencyPublicKeyDecryptKey }
        
   id-aa-TAMP-contingencyPublicKeyDecryptKey OBJECT IDENTIFIER ::= {
     id-attributes 63 }
        
   id-aa-TAMP-contingencyPublicKeyDecryptKey OBJECT IDENTIFIER ::= {
     id-attributes 63 }
        
   PlaintextSymmetricKey ::= OCTET STRING
        
   PlaintextSymmetricKey ::= OCTET STRING
        

-- id-pe-wrappedApexContinKey extension

--id pe WrappedAppExcontinkey扩展

   wrappedApexContinKey EXTENSION ::= {
        SYNTAX         ApexContingencyKey
        IDENTIFIED BY  id-pe-wrappedApexContinKey }
        
   wrappedApexContinKey EXTENSION ::= {
        SYNTAX         ApexContingencyKey
        IDENTIFIED BY  id-pe-wrappedApexContinKey }
        
   id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
   id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
   ApexContingencyKey ::= SEQUENCE {
     wrapAlgorithm
         AlgorithmIdentifier{KEY-WRAP, {SupportedWrapAlgorithms}},
     wrappedContinPubKey  OCTET STRING }
        
   ApexContingencyKey ::= SEQUENCE {
     wrapAlgorithm
         AlgorithmIdentifier{KEY-WRAP, {SupportedWrapAlgorithms}},
     wrappedContinPubKey  OCTET STRING }
        

END

终止

A.2. ASN.1 Module Using 1988 Syntax
A.2. 使用1988语法的ASN.1模块
   TAMP-Protocol-v2-88
      { joint-iso-ccitt(2) country(16) us(840) organization(1)
        gov(101) dod(2) infosec(1) modules(0) 31 }
        
   TAMP-Protocol-v2-88
      { joint-iso-ccitt(2) country(16) us(840) organization(1)
        gov(101) dod(2) infosec(1) modules(0) 31 }
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   IMPORTS
     TrustAnchorChoice, TrustAnchorTitle, CertPathControls
     FROM TrustAnchorInfoModule-88 -- from [RFC5914]
          { joint-iso-ccitt(2) country(16) us(840) organization(1)
            gov(101) dod(2) infosec(1) modules(0) 37 }
     AlgorithmIdentifier, Certificate, Name, Attribute, TBSCertificate,
     SubjectPublicKeyInfo, CertificateSerialNumber, Validity, Extensions
       FROM PKIX1Explicit88 -- from [RFC5280]
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-pkix1-explicit(18) }
     KeyIdentifier, AnotherName
       FROM PKIX1Implicit88 -- from [RFC5280]
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-pkix1-implicit(19) } ;
        
   IMPORTS
     TrustAnchorChoice, TrustAnchorTitle, CertPathControls
     FROM TrustAnchorInfoModule-88 -- from [RFC5914]
          { joint-iso-ccitt(2) country(16) us(840) organization(1)
            gov(101) dod(2) infosec(1) modules(0) 37 }
     AlgorithmIdentifier, Certificate, Name, Attribute, TBSCertificate,
     SubjectPublicKeyInfo, CertificateSerialNumber, Validity, Extensions
       FROM PKIX1Explicit88 -- from [RFC5280]
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-pkix1-explicit(18) }
     KeyIdentifier, AnotherName
       FROM PKIX1Implicit88 -- from [RFC5280]
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-pkix1-implicit(19) } ;
        

-- Object Identifier Arc for TAMP Message Content Types

--TAMP消息内容类型的对象标识符弧

   id-tamp OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
   us(840) organization(1) gov(101) dod(2) infosec(1) formats(2) 77 }
        
   id-tamp OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
   us(840) organization(1) gov(101) dod(2) infosec(1) formats(2) 77 }
        

-- CMS Content Types

--内容类型

-- TAMP Status Query Message

--TAMP状态查询消息

   id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
   id-ct-TAMP-statusQuery OBJECT IDENTIFIER ::= { id-tamp 1 }
        
   TAMPStatusQuery ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     query           TAMPMsgRef }
        
   TAMPStatusQuery ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     query           TAMPMsgRef }
        
   TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
   TAMPVersion ::= INTEGER { v1(1), v2(2) }
        
   TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
   TerseOrVerbose ::= ENUMERATED { terse(1), verbose(2) }
        
   SeqNumber ::= INTEGER (0..9223372036854775807)
        
   SeqNumber ::= INTEGER (0..9223372036854775807)
        
   TAMPMsgRef ::= SEQUENCE {
     target          TargetIdentifier,
     seqNum          SeqNumber }
        
   TAMPMsgRef ::= SEQUENCE {
     target          TargetIdentifier,
     seqNum          SeqNumber }
        
   TargetIdentifier ::= CHOICE {
     hwModules    [1] HardwareModuleIdentifierList,
     communities  [2] CommunityIdentifierList,
     allModules   [3] NULL,
     uri          [4] IA5String,
     otherName    [5] AnotherName }
        
   TargetIdentifier ::= CHOICE {
     hwModules    [1] HardwareModuleIdentifierList,
     communities  [2] CommunityIdentifierList,
     allModules   [3] NULL,
     uri          [4] IA5String,
     otherName    [5] AnotherName }
        
   HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
   HardwareModuleIdentifierList ::= SEQUENCE SIZE (1..MAX) OF
                                     HardwareModules
        
   HardwareModules ::= SEQUENCE {
     hwType          OBJECT IDENTIFIER,
     hwSerialEntries SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
   HardwareModules ::= SEQUENCE {
     hwType          OBJECT IDENTIFIER,
     hwSerialEntries SEQUENCE SIZE (1..MAX) OF HardwareSerialEntry }
        
   HardwareSerialEntry ::= CHOICE {
     all             NULL,
     single          OCTET STRING,
     block           SEQUENCE {
       low             OCTET STRING,
       high            OCTET STRING } }
        
   HardwareSerialEntry ::= CHOICE {
     all             NULL,
     single          OCTET STRING,
     block           SEQUENCE {
       low             OCTET STRING,
       high            OCTET STRING } }
        
   CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
   CommunityIdentifierList ::= SEQUENCE SIZE (0..MAX) OF Community
        
   Community ::= OBJECT IDENTIFIER
        
   Community ::= OBJECT IDENTIFIER
        

-- TAMP Status Response Message

--TAMP状态响应消息

   id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
   id-ct-TAMP-statusResponse OBJECT IDENTIFIER ::= { id-tamp 2 }
        
   TAMPStatusResponse ::= SEQUENCE {
     version   [0] TAMPVersion DEFAULT v2,
     query     TAMPMsgRef,
     response  StatusResponse,
     usesApex  BOOLEAN DEFAULT TRUE }
        
   TAMPStatusResponse ::= SEQUENCE {
     version   [0] TAMPVersion DEFAULT v2,
     query     TAMPMsgRef,
     response  StatusResponse,
     usesApex  BOOLEAN DEFAULT TRUE }
        
   StatusResponse ::= CHOICE {
     terseResponse         [0] TerseStatusResponse,
     verboseResponse       [1] VerboseStatusResponse }
        
   StatusResponse ::= CHOICE {
     terseResponse         [0] TerseStatusResponse,
     verboseResponse       [1] VerboseStatusResponse }
        
   TerseStatusResponse ::= SEQUENCE {
     taKeyIds              KeyIdentifiers,
     communities           CommunityIdentifierList OPTIONAL }
        
   TerseStatusResponse ::= SEQUENCE {
     taKeyIds              KeyIdentifiers,
     communities           CommunityIdentifierList OPTIONAL }
        
   KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
   KeyIdentifiers ::= SEQUENCE SIZE (1..MAX) OF KeyIdentifier
        
   VerboseStatusResponse ::= SEQUENCE {
     taInfo                 TrustAnchorChoiceList,
     continPubKeyDecryptAlg [0] AlgorithmIdentifier OPTIONAL,
     communities            [1] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
   VerboseStatusResponse ::= SEQUENCE {
     taInfo                 TrustAnchorChoiceList,
     continPubKeyDecryptAlg [0] AlgorithmIdentifier OPTIONAL,
     communities            [1] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [2] TAMPSequenceNumbers OPTIONAL }
        
   TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
   TrustAnchorChoiceList ::= SEQUENCE SIZE (1..MAX) OF
        TrustAnchorChoice
        
   TAMPSequenceNumber ::= SEQUENCE {
     keyId       KeyIdentifier,
     seqNumber   SeqNumber }
        
   TAMPSequenceNumber ::= SEQUENCE {
     keyId       KeyIdentifier,
     seqNumber   SeqNumber }
        
   TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF
        TAMPSequenceNumber
        
   TAMPSequenceNumbers ::= SEQUENCE SIZE (1..MAX) OF
        TAMPSequenceNumber
        

-- Trust Anchor Update Message

--信任锚更新消息

   id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
   id-ct-TAMP-update OBJECT IDENTIFIER ::= { id-tamp 3 }
        
   TAMPUpdate ::= SEQUENCE {
     version  [0] TAMPVersion DEFAULT v2,
     terse    [1] TerseOrVerbose DEFAULT verbose,
     msgRef   TAMPMsgRef,
     updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
     tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
   TAMPUpdate ::= SEQUENCE {
     version  [0] TAMPVersion DEFAULT v2,
     terse    [1] TerseOrVerbose DEFAULT verbose,
     msgRef   TAMPMsgRef,
     updates  SEQUENCE SIZE (1..MAX) OF TrustAnchorUpdate,
     tampSeqNumbers [2]TAMPSequenceNumbers OPTIONAL }
        
   TrustAnchorUpdate ::= CHOICE {
     add             [1] TrustAnchorChoice,
     remove          [2] SubjectPublicKeyInfo,
     change          [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
   TrustAnchorUpdate ::= CHOICE {
     add             [1] TrustAnchorChoice,
     remove          [2] SubjectPublicKeyInfo,
     change          [3] EXPLICIT TrustAnchorChangeInfoChoice }
        
   TrustAnchorChangeInfoChoice ::= CHOICE {
     tbsCertChange [0] TBSCertificateChangeInfo,
     taChange      [1] TrustAnchorChangeInfo }
        
   TrustAnchorChangeInfoChoice ::= CHOICE {
     tbsCertChange [0] TBSCertificateChangeInfo,
     taChange      [1] TrustAnchorChangeInfo }
        
   TBSCertificateChangeInfo  ::=  SEQUENCE  {
     serialNumber         CertificateSerialNumber OPTIONAL,
     signature            [0] AlgorithmIdentifier OPTIONAL,
     issuer               [1] Name OPTIONAL,
     validity             [2] Validity OPTIONAL,
     subject              [3] Name OPTIONAL,
     subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
     exts                 [5] EXPLICIT Extensions OPTIONAL }
        
   TBSCertificateChangeInfo  ::=  SEQUENCE  {
     serialNumber         CertificateSerialNumber OPTIONAL,
     signature            [0] AlgorithmIdentifier OPTIONAL,
     issuer               [1] Name OPTIONAL,
     validity             [2] Validity OPTIONAL,
     subject              [3] Name OPTIONAL,
     subjectPublicKeyInfo [4] SubjectPublicKeyInfo,
     exts                 [5] EXPLICIT Extensions OPTIONAL }
        
   TrustAnchorChangeInfo ::= SEQUENCE {
     pubKey          SubjectPublicKeyInfo,
     keyId           KeyIdentifier OPTIONAL,
     taTitle         TrustAnchorTitle OPTIONAL,
     certPath        CertPathControls OPTIONAL,
     exts            [1] Extensions OPTIONAL }
        
   TrustAnchorChangeInfo ::= SEQUENCE {
     pubKey          SubjectPublicKeyInfo,
     keyId           KeyIdentifier OPTIONAL,
     taTitle         TrustAnchorTitle OPTIONAL,
     certPath        CertPathControls OPTIONAL,
     exts            [1] Extensions OPTIONAL }
        

-- Trust Anchor Update Confirm Message

--信任锚更新确认消息

   id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
   id-ct-TAMP-updateConfirm OBJECT IDENTIFIER ::= { id-tamp 4 }
        
   TAMPUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     update                TAMPMsgRef,
     confirm               UpdateConfirm }
        
   TAMPUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     update                TAMPMsgRef,
     confirm               UpdateConfirm }
        
   UpdateConfirm ::= CHOICE {
     terseConfirm          [0] TerseUpdateConfirm,
     verboseConfirm        [1] VerboseUpdateConfirm }
        
   UpdateConfirm ::= CHOICE {
     terseConfirm          [0] TerseUpdateConfirm,
     verboseConfirm        [1] VerboseUpdateConfirm }
        
   TerseUpdateConfirm ::= StatusCodeList
        
   TerseUpdateConfirm ::= StatusCodeList
        
   StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
   StatusCodeList ::= SEQUENCE SIZE (1..MAX) OF StatusCode
        
   VerboseUpdateConfirm ::= SEQUENCE {
     status          StatusCodeList,
     taInfo          TrustAnchorChoiceList,
     tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
     usesApex        BOOLEAN DEFAULT TRUE }
        
   VerboseUpdateConfirm ::= SEQUENCE {
     status          StatusCodeList,
     taInfo          TrustAnchorChoiceList,
     tampSeqNumbers  TAMPSequenceNumbers OPTIONAL,
     usesApex        BOOLEAN DEFAULT TRUE }
        

-- Apex Trust Anchor Update Message

--Apex信任锚更新消息

   id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
   id-ct-TAMP-apexUpdate OBJECT IDENTIFIER ::= { id-tamp 5 }
        
   TAMPApexUpdate ::= SEQUENCE {
     version            [0] TAMPVersion DEFAULT v2,
     terse              [1] TerseOrVerbose DEFAULT verbose,
     msgRef             TAMPMsgRef,
     clearTrustAnchors  BOOLEAN,
     clearCommunities   BOOLEAN,
     seqNumber          SeqNumber OPTIONAL,
     apexTA             TrustAnchorChoice }
        
   TAMPApexUpdate ::= SEQUENCE {
     version            [0] TAMPVersion DEFAULT v2,
     terse              [1] TerseOrVerbose DEFAULT verbose,
     msgRef             TAMPMsgRef,
     clearTrustAnchors  BOOLEAN,
     clearCommunities   BOOLEAN,
     seqNumber          SeqNumber OPTIONAL,
     apexTA             TrustAnchorChoice }
        

-- Apex Trust Anchor Update Confirm Message

--Apex信任锚更新确认消息

   id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
   id-ct-TAMP-apexUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 6 }
        
   TAMPApexUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     apexReplace           TAMPMsgRef,
     apexConfirm           ApexUpdateConfirm }
        
   TAMPApexUpdateConfirm ::= SEQUENCE {
     version               [0] TAMPVersion DEFAULT v2,
     apexReplace           TAMPMsgRef,
     apexConfirm           ApexUpdateConfirm }
        
   ApexUpdateConfirm ::= CHOICE {
     terseApexConfirm      [0] TerseApexUpdateConfirm,
     verboseApexConfirm    [1] VerboseApexUpdateConfirm }
        
   ApexUpdateConfirm ::= CHOICE {
     terseApexConfirm      [0] TerseApexUpdateConfirm,
     verboseApexConfirm    [1] VerboseApexUpdateConfirm }
        
   TerseApexUpdateConfirm ::= StatusCode
        
   TerseApexUpdateConfirm ::= StatusCode
        
   VerboseApexUpdateConfirm ::= SEQUENCE {
     status                  StatusCode,
     taInfo                  TrustAnchorChoiceList,
     communities            [0] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        
   VerboseApexUpdateConfirm ::= SEQUENCE {
     status                  StatusCode,
     taInfo                  TrustAnchorChoiceList,
     communities            [0] CommunityIdentifierList OPTIONAL,
     tampSeqNumbers         [1] TAMPSequenceNumbers OPTIONAL }
        

-- Community Update Message

--社区更新信息

   id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
   id-ct-TAMP-communityUpdate OBJECT IDENTIFIER ::= { id-tamp 7 }
        
   TAMPCommunityUpdate ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     msgRef          TAMPMsgRef,
     updates         CommunityUpdates }
        
   TAMPCommunityUpdate ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     terse           [1] TerseOrVerbose DEFAULT verbose,
     msgRef          TAMPMsgRef,
     updates         CommunityUpdates }
        
   CommunityUpdates ::= SEQUENCE {
     remove          [1] CommunityIdentifierList OPTIONAL,
     add             [2] CommunityIdentifierList OPTIONAL }
     -- At least one must be present
        
   CommunityUpdates ::= SEQUENCE {
     remove          [1] CommunityIdentifierList OPTIONAL,
     add             [2] CommunityIdentifierList OPTIONAL }
     -- At least one must be present
        

-- Community Update Confirm Message

--社区更新确认消息

   id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 8 }
        
   id-ct-TAMP-communityUpdateConfirm OBJECT IDENTIFIER ::= { id-tamp 8 }
        
   TAMPCommunityUpdateConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     update          TAMPMsgRef,
     commConfirm     CommunityConfirm }
        
   TAMPCommunityUpdateConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     update          TAMPMsgRef,
     commConfirm     CommunityConfirm }
        
   CommunityConfirm ::= CHOICE {
     terseCommConfirm      [0] TerseCommunityConfirm,
     verboseCommConfirm    [1] VerboseCommunityConfirm }
        
   CommunityConfirm ::= CHOICE {
     terseCommConfirm      [0] TerseCommunityConfirm,
     verboseCommConfirm    [1] VerboseCommunityConfirm }
        
   TerseCommunityConfirm ::= StatusCode
        
   TerseCommunityConfirm ::= StatusCode
        
   VerboseCommunityConfirm ::= SEQUENCE {
     status          StatusCode,
     communities     CommunityIdentifierList OPTIONAL }
        
   VerboseCommunityConfirm ::= SEQUENCE {
     status          StatusCode,
     communities     CommunityIdentifierList OPTIONAL }
        

-- Sequence Number Adjust Message

--序列号调整消息

   id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
   id-ct-TAMP-seqNumAdjust OBJECT IDENTIFIER ::= { id-tamp 10 }
        
   SequenceNumberAdjust ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgRef          TAMPMsgRef }
        
   SequenceNumberAdjust ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgRef          TAMPMsgRef }
        

-- Sequence Number Adjust Confirm Message

--序列号调整确认消息

   id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::= { id-tamp 11 }
        
   id-ct-TAMP-seqNumAdjustConfirm OBJECT IDENTIFIER ::= { id-tamp 11 }
        
   SequenceNumberAdjustConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     adjust          TAMPMsgRef,
     status          StatusCode }
        
   SequenceNumberAdjustConfirm ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     adjust          TAMPMsgRef,
     status          StatusCode }
        

-- TAMP Error Message

--TAMP错误消息

   id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
   id-ct-TAMP-error OBJECT IDENTIFIER ::= { id-tamp 9 }
        
   TAMPError ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgType         OBJECT IDENTIFIER,
     status          StatusCode,
     msgRef          TAMPMsgRef OPTIONAL }
        
   TAMPError ::= SEQUENCE {
     version         [0] TAMPVersion DEFAULT v2,
     msgType         OBJECT IDENTIFIER,
     status          StatusCode,
     msgRef          TAMPMsgRef OPTIONAL }
        

-- Status Codes

--状态代码

   StatusCode ::= ENUMERATED {
     success                            (0),
     decodeFailure                      (1),
     badContentInfo                     (2),
     badSignedData                      (3),
     badEncapContent                    (4),
     badCertificate                     (5),
     badSignerInfo                      (6),
     badSignedAttrs                     (7),
     badUnsignedAttrs                   (8),
     missingContent                     (9),
     noTrustAnchor                     (10),
     notAuthorized                     (11),
     badDigestAlgorithm                (12),
     badSignatureAlgorithm             (13),
     unsupportedKeySize                (14),
     unsupportedParameters             (15),
     signatureFailure                  (16),
     insufficientMemory                (17),
     unsupportedTAMPMsgType            (18),
     apexTAMPAnchor                    (19),
     improperTAAddition                (20),
     seqNumFailure                     (21),
     contingencyPublicKeyDecrypt       (22),
     incorrectTarget                   (23),
     communityUpdateFailed             (24),
     trustAnchorNotFound               (25),
     unsupportedTAAlgorithm            (26),
     unsupportedTAKeySize              (27),
     unsupportedContinPubKeyDecryptAlg (28),
     missingSignature                  (29),
     resourcesBusy                     (30),
     versionNumberMismatch             (31),
     missingPolicySet                  (32),
     revokedCertificate                (33),
     unsupportedTrustAnchorFormat      (34),
        
   StatusCode ::= ENUMERATED {
     success                            (0),
     decodeFailure                      (1),
     badContentInfo                     (2),
     badSignedData                      (3),
     badEncapContent                    (4),
     badCertificate                     (5),
     badSignerInfo                      (6),
     badSignedAttrs                     (7),
     badUnsignedAttrs                   (8),
     missingContent                     (9),
     noTrustAnchor                     (10),
     notAuthorized                     (11),
     badDigestAlgorithm                (12),
     badSignatureAlgorithm             (13),
     unsupportedKeySize                (14),
     unsupportedParameters             (15),
     signatureFailure                  (16),
     insufficientMemory                (17),
     unsupportedTAMPMsgType            (18),
     apexTAMPAnchor                    (19),
     improperTAAddition                (20),
     seqNumFailure                     (21),
     contingencyPublicKeyDecrypt       (22),
     incorrectTarget                   (23),
     communityUpdateFailed             (24),
     trustAnchorNotFound               (25),
     unsupportedTAAlgorithm            (26),
     unsupportedTAKeySize              (27),
     unsupportedContinPubKeyDecryptAlg (28),
     missingSignature                  (29),
     resourcesBusy                     (30),
     versionNumberMismatch             (31),
     missingPolicySet                  (32),
     revokedCertificate                (33),
     unsupportedTrustAnchorFormat      (34),
        

improperTAChange (35), malformed (36), cmsError (37), unsupportedTargetIdentifier (38), other (127) }

不正确的更改(35)、格式错误(36)、cmsError(37)、不支持的目标标识符(38)、其他(127)}

-- Object Identifier Arc for Attributes

--属性的对象标识符弧

   id-attributes OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
       us(840) organization(1) gov(101) dod(2) infosec(1) 5 }
        
   id-attributes OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16)
       us(840) organization(1) gov(101) dod(2) infosec(1) 5 }
        
   -- id-aa-TAMP-contingencyPublicKeyDecryptKey uses
   -- PlaintextSymmetricKey syntax
   id-aa-TAMP-contingencyPublicKeyDecryptKey OBJECT IDENTIFIER ::= {
     id-attributes 63 }
        
   -- id-aa-TAMP-contingencyPublicKeyDecryptKey uses
   -- PlaintextSymmetricKey syntax
   id-aa-TAMP-contingencyPublicKeyDecryptKey OBJECT IDENTIFIER ::= {
     id-attributes 63 }
        
   PlaintextSymmetricKey ::= OCTET STRING
        
   PlaintextSymmetricKey ::= OCTET STRING
        

-- id-pe-wrappedApexContinKey extension

--id pe WrappedAppExcontinkey扩展

   id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
   id-pe-wrappedApexContinKey OBJECT IDENTIFIER ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) pe(1) 20 }
        
   ApexContingencyKey ::= SEQUENCE {
     wrapAlgorithm        AlgorithmIdentifier,
     wrappedContinPubKey  OCTET STRING }
        
   ApexContingencyKey ::= SEQUENCE {
     wrapAlgorithm        AlgorithmIdentifier,
     wrappedContinPubKey  OCTET STRING }
        

END

终止

Appendix B. Media Type Registrations
附录B.媒体类型注册

Eleven media type registrations are provided in this appendix, one for each content type defined in this specification. As noted in Section 2, in all cases TAMP messages are encapsulated within ContentInfo structures. Signed messages are additionally encapsulated within a SignedData structure.

本附录中提供了十一种媒体类型注册,本规范中定义的每种内容类型各一种。如第2节所述,在所有情况下,TAMP消息都封装在ContentInfo结构中。签名消息还封装在SignedData结构中。

B.1. application/tamp-status-query
B.1. 应用程序/tamp状态查询

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-status-query

子类型名称:夯实状态查询

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries a signed request for status information. Integrity protection is discussed in Section 4.1. Replay detection is discussed in Section 6.

安全注意事项:携带已签名的状态信息请求。完整性保护在第4.1节中讨论。重播检测在第6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests for status information.

使用此媒体类型的应用程序:TAMP客户端响应状态信息请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tsq

文件扩展名:.tsq

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.2. application/tamp-status-response
B.2. 应用程序/tamp状态响应

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-status-response

子类型名称:tamp状态响应

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries optionally signed status information. Integrity protection is discussed in Section 4.2.

安全注意事项:携带可选的已签名状态信息。完整性保护在第4.2节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests for status information.

使用此媒体类型的应用程序:TAMP客户端响应状态信息请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tsr

文件扩展名:.tsr

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.3. application/tamp-update
B.3. 应用程序/tamp更新

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-update

子类型名称:tamp更新

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries a signed trust anchor update message. Integrity protection is discussed in Section 4.3. Replay detection is discussed in Section 6.

安全注意事项:携带已签名的信任锚更新消息。完整性保护在第4.3节中讨论。重播检测在第6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update trust anchor information.

使用此媒体类型的应用程序:TAMP客户端响应更新信任锚信息的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tur

文件扩展名:.tur

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.4. application/tamp-update-confirm
B.4. 申请/tamp更新确认

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-update-confirm

子类型名称:夯实更新确认

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries an optionally signed TAMP update response. Integrity protection is discussed in Section 4.4.

安全注意事项:携带可选签名的TAMP更新响应。完整性保护在第4.4节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update trust anchor information.

使用此媒体类型的应用程序:TAMP客户端响应更新信任锚信息的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tuc

文件扩展名:.tuc

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.5. application/tamp-apex-update
B.5. 应用程序/夯实顶点更新

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-apex-update

子类型名称:夯实顶点更新

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries a signed request to update an apex trust anchor information. Integrity protection is discussed in Section 4.5. Replay detection is discussed in Section 6.

安全注意事项:携带已签名的请求以更新apex信任锚信息。完整性保护在第4.5节中讨论。重播检测在第6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update an apex trust anchor.

使用此媒体类型的应用程序:TAMP客户端响应更新apex信任锚的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tau

文件扩展名:.tau

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.6. application/tamp-apex-update-confirm
B.6. 申请/夯实顶点更新确认

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-apex-update-confirm

子类型名称:夯实顶点更新确认

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries an optionally signed response to an apex update request. Integrity protection is discussed in Section 4.6.

安全注意事项:携带对apex更新请求的可选签名响应。完整性保护在第4.6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update an apex trust anchor.

使用此媒体类型的应用程序:TAMP客户端响应更新apex信任锚的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .auc

文件扩展名:.auc

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.7. application/tamp-community-update
B.7. 应用程序/tamp社区更新

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-community-update

子类型名称:tamp社区更新

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries a signed request to update community membership information. Integrity protection is discussed in Section 4.7. Replay detection is discussed in Section 6.

安全注意事项:携带更新社区成员信息的签名请求。完整性保护在第4.7节中讨论。重播检测在第6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update community membership.

使用此媒体类型的应用程序:TAMP客户端响应更新社区成员资格的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tcu

文件扩展名:.tcu

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.8. application/tamp-community-update-confirm
B.8. 应用程序/tamp社区更新确认

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-community-update-confirm

子类型名称:tamp社区更新确认

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries an optionally signed response to a community update request. Integrity protection is discussed in Section 4.8.

安全注意事项:携带对社区更新请求的可选签名响应。完整性保护在第4.8节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update community membership.

使用此媒体类型的应用程序:TAMP客户端响应更新社区成员资格的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .cuc

文件扩展名:.cuc

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.9. application/tamp-sequence-adjust
B.9. 应用/夯实顺序调整

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-sequence-adjust

子类型名称:夯实顺序调整

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries a signed request to update sequence number information. Integrity protection is discussed in Section 4.9. Replay detection is discussed in Section 6.

安全注意事项:携带用于更新序列号信息的已签名请求。完整性保护在第4.9节中讨论。重播检测在第6节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update sequence number information.

使用此媒体类型的应用程序:TAMP客户端响应更新序列号信息的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .tsa

文件扩展名:.tsa

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.10. application/tamp-sequence-adjust-confirm
B.10. 应用/夯实顺序调整确认

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-sequence-adjust-confirm

子类型名称:夯实顺序调整确认

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries an optionally signed sequence number adjust confirmation message. Integrity protection is discussed in Section 4.10.

安全注意事项:携带可选签名的序列号调整确认消息。完整性保护在第4.10节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients responding to requests to update sequence number information.

使用此媒体类型的应用程序:TAMP客户端响应更新序列号信息的请求。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .sac

文件扩展名:.sac

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

B.11. application/tamp-error
B.11. 应用程序/夯实错误

Media type name: application

媒体类型名称:应用程序

Subtype name: tamp-error

子类型名称:tamp错误

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: Carries optionally signed error information collecting during TAMP processing. Integrity protection is discussed in Section 4.11.

安全注意事项:在TAMP处理期间进行选择性签名错误信息收集。完整性保护在第4.11节中讨论。

Interoperability considerations: None

互操作性注意事项:无

Published specification: RFC 5934

已发布规范:RFC 5934

Applications that use this media type: TAMP clients processing TAMP messages.

使用此媒体类型的应用程序:处理TAMP消息的TAMP客户端。

Additional information:

其他信息:

Magic number(s): None

幻数:无

File extension(s): .ter

文件扩展名:.ter

Macintosh File Type Code(s):

Macintosh文件类型代码:

Person & email address to contact for further information:

联系人和电子邮件地址,以获取更多信息:

Sam Ashmore - srashmo@radium.ncsc.mil

山姆·阿什莫尔-srashmo@radium.ncsc.mil

Intended usage: LIMITED USE

预期用途:有限用途

Restrictions on usage: None

使用限制:无

   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        
   Author: Sam Ashmore - srashmo@radium.ncsc.mil
        

Change controller: IESG

更改控制器:IESG

Appendix C. TAMP over HTTP
附录C.HTTP上的TAMP

This appendix describes the formatting and transportation conventions for the TAMP messages when carried by HTTP [RFC2616]. Each TAMP message type is covered by a subsection below. Each TAMP request message sent via HTTP is responded to either with an HTTP response containing a TAMP response or error or, if failure occurs prior to invoking TAMP, an HTTP error. TAMP response, confirmation, and error messages are not suitable for caching. In order for TAMP clients and servers using HTTP to interoperate, the following rules apply.

本附录描述了由HTTP[RFC2616]承载的TAMP消息的格式和传输约定。下面的小节介绍了每种TAMP消息类型。通过HTTP发送的每个TAMP请求消息都会得到包含TAMP响应或错误的HTTP响应,或者,如果在调用TAMP之前发生故障,则会得到HTTP错误的响应。TAMP响应、确认和错误消息不适合缓存。为了使使用HTTP的TAMP客户端和服务器能够互操作,以下规则适用。

o Clients MUST use the POST method to submit their requests.

o 客户端必须使用POST方法提交其请求。

o Servers MUST use the 200 response code for successful responses.

o 服务器必须使用200响应代码才能成功响应。

o Clients MAY attempt to send HTTPS requests using Transport Layer Security (TLS) 1.0 or later, although servers are not required to support TLS.

o 客户端可能会尝试使用传输层安全性(TLS)1.0或更高版本发送HTTPS请求,但不要求服务器支持TLS。

o Servers MUST NOT assume client support for any type of HTTP authentication such as cookies, Basic authentication, or Digest authentication.

o 服务器不得假定客户端支持任何类型的HTTP身份验证,如cookie、基本身份验证或摘要身份验证。

o Clients and servers are expected to follow the other rules and restrictions in [RFC2616]. Note that some of those rules are for HTTP methods other than POST; clearly, only the rules that apply to POST are relevant for this specification.

o 客户机和服务器应遵守[RFC2616]中的其他规则和限制。注意,其中一些规则是针对HTTP方法而不是POST;显然,只有适用于POST的规则与本规范相关。

C.1. TAMP Status Query Message
C.1. TAMP状态查询消息

A TAMP Status Query Message using the POST method is constructed as follows: The Content-Type header MUST have the value "application/ tamp-status-query".

使用POST方法的TAMP状态查询消息构造如下:内容类型头必须具有值“application/TAMP Status Query”。

The body of the message is the binary value of the DER encoding of the TAMPStatusQuery, wrapped in a CMS body as described in Section 2.

消息体是TAMPStatusQuery的DER编码的二进制值,如第2节所述封装在CMS体中。

C.2. TAMP Status Response Message
C.2. TAMP状态响应消息

An HTTP-based TAMP Status Response message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the TAMPStatusResponse, wrapped in a CMS body as described in Section 2.

基于HTTP的TAMP状态响应消息由适当的HTTP头组成,后跟TAMP状态响应的DER编码的二进制值,如第2节所述封装在CMS正文中。

The Content-Type header MUST have the value "application/ tamp-status-response."

内容类型标题必须具有值“应用程序/夯实状态响应”

C.3. Trust Anchor Update Message
C.3. 信任锚更新消息

A Trust Anchor Update Message using the POST method is constructed as follows: The Content-Type header MUST have the value "application/ tamp-update".

使用POST方法的信任锚更新消息的构造如下:内容类型头必须具有值“application/tamp Update”。

The body of the message is the binary value of the DER encoding of the TAMPUpdate, wrapped in a CMS body as described in Section 2.

消息体是TAMPUpdate的DER编码的二进制值,如第2节所述封装在CMS体中。

C.4. Trust Anchor Update Confirm Message
C.4. 信任锚更新确认消息

An HTTP-based Trust Anchor Update Confirm message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the TAMPUpdateConfirm, wrapped in a CMS body as described in Section 2.

基于HTTP的信任锚更新确认消息由适当的HTTP头组成,后面是TAMPUpdateConfirm的DER编码的二进制值,如第2节所述封装在CMS正文中。

The Content-Type header MUST have the value "application/ tamp-update-confirm".

内容类型标题必须具有值“application/tamp update confirm”。

C.5. Apex Trust Anchor Update Message
C.5. Apex信任锚更新消息

An Apex Trust Anchor Update Message using the POST method is constructed as follows: The Content-Type header MUST have the value "application/tamp-apex-update".

使用POST方法的Apex信任锚更新消息构造如下:内容类型头必须具有值“application/tamp Apex Update”。

The body of the message is the binary value of the DER encoding of the TAMPApexUpdate, wrapped in a CMS body as described in Section 2.

消息体是TAMPApexUpdate的DER编码的二进制值,如第2节所述封装在CMS体中。

C.6. Apex Trust Anchor Update Confirm Message
C.6. Apex信任锚更新确认消息

An HTTP-based Apex Trust Anchor Update Confirm message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the TAMPApexUpdateConfirm, wrapped in a CMS body as described in Section 2.

基于HTTP的Apex Trust Anchor更新确认消息由适当的HTTP头组成,后面是TAMPApexUpdateConfirm的DER编码的二进制值,如第2节所述封装在CMS正文中。

The Content-Type header MUST have the value "application/ tamp-apex-update-confirm".

内容类型标题必须具有值“application/tamp apex update confirm”。

C.7. Community Update Message
C.7. 社区更新信息

A Community Update Message using the POST method is constructed as follows: The Content-Type header MUST have the value "application/ tamp-community-update".

使用POST方法的社区更新消息的构造如下:内容类型头必须具有值“application/tamp Community Update”。

The body of the message is the binary value of the DER encoding of the TAMPCommunityUpdate, wrapped in a CMS body as described in Section 2.

消息体是TAMPCommunityUpdate的DER编码的二进制值,如第2节所述,封装在CMS体中。

C.8. Community Update Confirm Message
C.8. 社区更新确认消息

An HTTP-based Community Update Confirm message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the TAMPCommunityUpdateConfirm, wrapped in a CMS body as described in Section 2.

基于HTTP的社区更新确认消息由适当的HTTP头组成,后面是TAMPCommunityUpdateConfirm的DER编码的二进制值,如第2节所述封装在CMS正文中。

The Content-Type header MUST have the value "application/ tamp-community-update-confirm".

内容类型标题必须具有值“application/tamp community update confirm”。

C.9. Sequence Number Adjust Message
C.9. 序列号调整消息

A Sequence Number Adjust Message using the POST method is constructed as follows: The Content-Type header MUST have the value "application/ tamp-sequence-adjust".

使用POST方法的序列号调整消息构造如下:内容类型头必须具有值“application/tamp Sequence Adjust”。

The body of the message is the binary value of the DER encoding of the SequenceNumberAdjust, wrapped in a CMS body as described in Section 2.

消息体是SequenceNumberJust的DER编码的二进制值,如第2节所述,包装在CMS体中。

C.10. Sequence Number Adjust Confirm Message
C.10. 序列号调整确认消息

An HTTP-based Sequence Number Adjust Confirm message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the SequenceNumberAdjustConfirm, wrapped in a CMS body as described in Section 2.

基于HTTP的序列号调整确认消息由适当的HTTP头组成,后跟SequenceNumberJustConfirm的DER编码的二进制值,如第2节所述包装在CMS正文中。

The Content-Type header MUST have the value "application/ tamp-sequence-adjust-confirm".

内容类型标题必须具有值“应用/夯实顺序调整确认”。

C.11. TAMP Error Message
C.11. TAMP错误消息

An HTTP-based TAMP Error message is composed of the appropriate HTTP headers, followed by the binary value of the DER encoding of the TAMPError, wrapped in a CMS body as described in Section 2.

基于HTTP的TAMP错误消息由适当的HTTP头组成,后跟TAMPEROR的DER编码的二进制值,如第2节所述封装在CMS正文中。

The Content-Type header MUST have the value "application/tamp-error".

内容类型标题必须具有值“application/tamp error”。

Authors' Addresses

作者地址

Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA

Russ Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,邮编20170

   EMail: housley@vigilsec.com
        
   EMail: housley@vigilsec.com
        

Sam Ashmore National Security Agency Suite 6751 9800 Savage Road Fort Meade, MD 20755 USA

美国马里兰州米德堡萨维奇路6751 9800号Sam Ashmore国家安全局套房20755

   EMail: srashmo@radium.ncsc.mil
        
   EMail: srashmo@radium.ncsc.mil
        

Carl Wallace Cygnacom Solutions Suite 5400 7925 Jones Branch Drive McLean, VA 22102 USA

Carl Wallace Cygnacom解决方案套件5400 7925美国弗吉尼亚州麦克莱恩琼斯分店路22102号

   EMail: cwallace@cygnacom.com
        
   EMail: cwallace@cygnacom.com