ASN.1 module Ieee1609Dot2Dot1EcaEeInterface

OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) eca-ee(9) major-version-3(3) minor-version-2(2)}

Imports:

Data Elements:

EcaEeInterfacePdu

This is the parent structure for all structures exchanged between the ECA and the EE. An overview of this structure is as follows:

EcaEeInterfacePdu::= CHOICE { eeEcaCertRequest EeEcaCertRequest, ecaEeCertResponse EcaEeCertResponse, ... }

EeEcaCertRequest

This structure contains parameters needed to request an enrollment certificate from the ECA. The ECA may, subject to policy, issue an enrollment certificate with different contents than the contents requested. An overview of this structure is as follows:

NOTE:

  1. The tbsCert.cracaId and tbsCert.crlSeries are set to the indicated values in the corresponding EeEcaCertRequest. In the issued enrollment certificate, they may have different values, set by the ECA.
  2. The EE uses the type field to indicate whether it is requesting an explicit or an implicit enrollment certificate. A policy is anticipated that determines what type of certificate is appropriate for a given set of circumstances (such as PSIDs, other end entity information, and locality) and that if the EE has requested a kind of certificate that is not allowed by policy, the ECA returns an error to the EE.
EeEcaCertRequest ::= SEQUENCE { version Uint8 (2), generationTime Time32, type CertificateType, tbsCert ToBeSignedCertificate (WITH COMPONENTS { ..., id (WITH COMPONENTS { ..., linkageData ABSENT }), cracaId ('000000'H), crlSeries (0), appPermissions ABSENT, certIssuePermissions ABSENT, certRequestPermissions PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey }) }), canonicalId IA5String OPTIONAL, ... }

EcaEeCertResponse

This structure is used by the ECA to respond to an EE's enrollment certificate request. Additional bootstrapping information including the RA's certificate are provided by the DCM. The specification of the DCM is outside the scope of this document. An overview of this structure is as follows:

The definition of validity for a certificate request, including constraints on the fields in this structure, is specified in 10.1.

EcaEeCertResponse ::= SEQUENCE { version Uint8 (2), generationTime Time32, requestHash HashedId8, ecaCertChain SequenceOfCertificate, certificate Certificate, privateKeyInfo OCTET STRING (SIZE(32)) OPTIONAL, ... }