CMC Design

Design

For 10.4, the CMC certificate request mechanism has been updated to conform to RFC 5272 with update from RFC 6402. It does so by adding the following CMC features.

Proof of Origin, Proof of Possession, and Id-POP linking for non-agent users

See PKI 10.4 CMC Proof of Possession.

New (CMC UserSigned / SelfSigned) Authentication Plugin

See PKI 10.4 CMC Authentication Plugin.

New Enrollment/Renewal Profiles and corresponding URIs

10.5 update

See PKI 10.5 CMC Profiles.

10.4

See PKI 10.4 CMC Profiles.

Configuration

See PKI 10.4 CMC Configuration.

Client changes

See PKI 10.4 CMC Tools.

Revocation

See PKI 10.4 CMC Revocation.

Shared Secret

See PKI 10.4 CMC Shared Token.

Notes

A couple notes:

Auditing have been added (not finalized - TBD)
CMC controls not mentioned should continue to function as was before

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

CMC Design

Design

Proof of Origin, Proof of Possession, and Id-POP linking for non-agent users

New (CMC UserSigned / SelfSigned) Authentication Plugin

New Enrollment/Renewal Profiles and corresponding URIs

10.5 update

10.4

Configuration

Client changes

Revocation

Shared Secret

Notes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!