OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) cert-management(7) major-version-3(3) minor-version-2(2)}
This is the parent structure for all SCMS component certificate management structures. An overview of this structure is as follows:
compositeCrl of type CompositeCrl
contains zero or more SecuredCrl as defined in IEEE
Std 1609.2, and the CTL.
certificateChain of type CertificateChain
contains a collection of certificates and the CTL.
multiSignedCtl of type MultiSignedCtl
contains the CTL signed by multiple
signers, the electors.
tbsCtlSignature of type ToBeSignedCtlSignature
contains the CTL-instance-specific information used
to generate a signature on the CTL.
infoStatus of type CertificateManagementInfoStatus
CertManagementPdu ::= CHOICE {
compositeCrl CompositeCrl,
certificateChain CertificateChain,
multiSignedCtl MultiSignedCtl,
tbsCtlSignature ToBeSignedCtlSignature,
infoStatus CertificateManagementInfoStatus,
...
}
This structure is used to encapsulate CRLs and a CTL. An overview of this structure is as follows:
crl of type SEQUENCE SIZE(0..MAX) OF SecuredCrl
contains a list of signed CRLs for different (CRACA ID, CRL
series) pairs. The CRLs are signed individually, and this document does not
specify the order in which they should appear.
homeCtl of type MultiSignedCtlSpdu
contains a CTL. If the composite CRL was requested via the
mechanisms given in 6.3.5.8, the CtlSeriesId in this CTL is the same as
the CtlSeriesId provided in the request. The intent is that this is the
"home" CTL of the requester, but this field can in practice be used to
provide any CTL with any CtlSeriesId value.
CompositeCrl ::= SEQUENCE {
crl SEQUENCE SIZE(0..MAX) OF SecuredCrl,
homeCtl MultiSignedCtlSpdu,
...
}
This structure is used to encapsulate certificates and a CTL. An overview of this structure is as follows:
homeCtl of type MultiSignedCtlSpdu
contains a CTL. If the certificate chain was requested via
the mechanisms given in 6.3.5.7, the CtlSeriesId in this CTL is the
same as the CtlSeriesId provided in the request. The intent is that
this is the "home" CTL of the requester, but this field can in practice be
used to provide any CTL.
others of type SEQUENCE SIZE(0..MAX) OF Certificate
contains additional valid certificates of the CAs and the
MAs chosen by means outside the scope of this document.
CertificateChain ::= SEQUENCE {
homeCtl MultiSignedCtlSpdu,
others SEQUENCE SIZE(0..MAX) OF Certificate,
...
}
This structure a certificate trust list (CTL) signed by multiple signers, the electors. An overview of this structure is as follows:
type of type IEEE-1609-2-1-MSCTL .&type({
Ieee1609dot2dot1Ctls
})
contains the type of the multi-signed CTL. Only one type of
multi-signed CTL is supported in this version of this document.
tbsCtl of type IEEE-1609-2-1-MSCTL .&TbsCtl({
Ieee1609dot2dot1Ctls
}{@.type})
contains the CTL contents.
unsigned of type IEEE-1609-2-1-MSCTL .&UnsignedCtlMaterial({
Ieee1609dot2dot1Ctls
}{@.type})
contains data that are associated with the CTL and that
are not included directly in tbsCtl. For example, if the type is
fullIeeeCtl, the FullIeeeTbsCtl contains the hashes of the certificates,
and the certificates themselves are contained in unsigned.
signatures of type SEQUENCE (SIZE(1..MAX)) OF CtlSignatureSpdu
contains the signatures. How the signatures are
calculated is specified in the definition of ToBeSignedCtlSignature. The
number of signatures shall be no more than the number of electors. Each
signature shall have been generated by a distinct elector.
MultiSignedCtl ::= SEQUENCE {
type IEEE-1609-2-1-MSCTL.&type({
Ieee1609dot2dot1Ctls
}),
tbsCtl IEEE-1609-2-1-MSCTL.&TbsCtl({
Ieee1609dot2dot1Ctls
}{@.type}),
unsigned IEEE-1609-2-1-MSCTL.&UnsignedCtlMaterial({
Ieee1609dot2dot1Ctls
}{@.type}),
signatures SEQUENCE (SIZE(1..MAX)) OF CtlSignatureSpdu
}
This is the ASN.1 Information Object Class used to associate multisigned CTL type identifiers, CTL contents, and unsigned material. In this structure:
type of type Ieee1609dot2dot1MsctlType
contains the type, an Ieee1609dot2dot1MsctlType.
TbsCtl
contains the CTL contents.
UnsignedCtlMaterial
contains unsigned material associated with the
CTL, as specified in 7.3.11.
IEEE-1609-2-1-MSCTL ::= CLASS {
&type Ieee1609dot2dot1MsctlType,
&TbsCtl,
&UnsignedCtlMaterial
} WITH SYNTAX {&TbsCtl IDENTIFIED BY &type USING &UnsignedCtlMaterial}
This is the Information Object Set containing the instances of the IEEE-1609-2-1-MSCTL class that are specified for use. Only one instance is specified for use in this version of this document.
Ieee1609dot2dot1Ctls IEEE-1609-2-1-MSCTL ::= {
{FullIeeeTbsCtl IDENTIFIED BY
fullIeeeCtl USING SequenceOfCertificate},
...
}
This is the integer used to identify the type of the CTL.
Ieee1609dot2dot1MsctlType ::= INTEGER (0..255)
fullIeeeCtl Ieee1609dot2dot1MsctlType ::= 1
This structure specifies a CTL that contains information about the complete set of certificates trusted by the electors that sign the CTL. An overview of this structure is as follows:
type of type Ieee1609dot2dot1MsctlType (fullIeeeCtl)
contains the type of the CTL. It is identical to the type
field that appears in the enclosing MultiSignedCtl. The field is included
here as well to provide the simplest mechanism to help ensure that the
type is included in the calculated CTL hash.
ctlSeriesId of type CtlSeriesId
sequenceNumber of type CtlSequenceNumber
contains the sequence number of the CTL. This is
incremented by 1 every time a new FullIeeeTbsCtl is issued.
effectiveDate of type Time32
contains the time when the CTL is to take effect.
This is to be greater than or equal to the effectiveDate field in the CTL
with the same CtlSeriesId and the previous sequence number.
electorApprove of type SEQUENCE OF CtlElectorEntry
contains the list of hashes of the elector
certificates that are approved as of the effective date. The hash is
calculated with the same hash algorithm that is used to hash the elector
certificate for signing.
electorRemove of type SEQUENCE OF CtlElectorEntry
contains the list of hashes of the elector
certificates that are valid (that is, not expired) on the effective date and
are not approved, as of the effective date, to sign a CTL. The hash is
calculated with the same hash algorithm that is used to hash the elector
certificate for signing. This field is to be considered informational as a
certificate that is not included in electorApprove is not valid even if it
does not appear in electorRemove.
rootCaApprove of type SEQUENCE OF CtlRootCaEntry
contains the list of root CA certificates that are
approved as of the effective date. The hash is calculated with the same
hash algorithm that is used to hash the root certificate for signing. If
the root certificate is signed with a hash function with a 48 octet
output, this is truncated to the low-order 32 bytes for inclusion in the
CTL.
rootCaRemove of type SEQUENCE OF CtlRootCaEntry
contains the list of root CA certificates that are
valid (that is, not expired) on the effective date and are not approved, as
of the effective date, to issue certificates or carry out other
activities. If the root certificate is signed with a hash function
with a 48 octet output, this is truncated to the low-order 32 bytes for
inclusion in the CTL. This field is to be considered informational as a
certificate that is not included in rootCaApprove is not valid even if it
does not appear in rootCaRemove.
quorum of type INTEGER
contains the quorum, that is, the number of the electors
required to sign the next CTL with the same CtlSeriesId value for that
CTL to be trusted. If this field is absent (because the CTL generator is
using a previous version of the FullIeeeTbsCtl structure that didn't have
this field), the quorum for the next CTL shall be the quorum for the
current CTL.
...,
CtlSeriesId
contains the group of electors that have signed the
CTL. It plays a role similar to CrlSeries in a CRL. This field is intended
to be globally unique in the universe of all systems that use the
MultiSignedCtl. See the specification of CtlSeriesId for discussion of
a convention that can be followed to enable uniqueness.
For validity conditions on a signed FullIeeeTbsCtl, see 10.2.
NOTE:
FullIeeeTbsCtl ::= SEQUENCE {
type Ieee1609dot2dot1MsctlType(fullIeeeCtl),
ctlSeriesId CtlSeriesId,
sequenceNumber CtlSequenceNumber,
effectiveDate Time32,
electorApprove SEQUENCE OF CtlElectorEntry,
electorRemove SEQUENCE OF CtlElectorEntry,
rootCaApprove SEQUENCE OF CtlRootCaEntry,
rootCaRemove SEQUENCE OF CtlRootCaEntry,
...,
quorum INTEGER
}
This structure identifies a group of electors that sign a series of CTLs for a specific purpose. Registration of CtlSeriesId values is managed by the IEEE RA; see http://standards.ieee.org/regauth. A list of assigned CtlSeriesId values is provided in K.1.
CtlSeriesId ::= OCTET STRING (SIZE(8))
This structure is used to encode the CTL sequence number. This document does not specify semantics of this type once it reaches its maximum value.
CtlSequenceNumber ::= INTEGER(0..65535)
This structure contains the hash of an elector certificate.
CtlElectorEntry ::= HashedId48
This structure contains the hash of a root CA certificate.
CtlRootCaEntry ::= HashedId32
This structure contains the CTL-instance-specific information used to generate a signature on the CTL. An overview of this structure is as follows:
ctlSeriesId of type CtlSeriesId
contains the CtlSeriesId that appears in the CTL.
ctlType of type Ieee1609dot2dot1MsctlType
identifies the type of the CTL.
sequenceNumber of type CtlSequenceNumber
contains the sequence number of the CTL being signed.
tbsCtlHash of type HashedId48
contains the hash of the C-OER encoded tbsCtl field
in the MultiSignedCtl. The hash is calculated using the same hash
algorithm that is used to generate the signature on this structure when it
is contained in a CtlSignatureSpdu. This algorithm can be determined from
the headers of the CtlSignatureSpdu.
ToBeSignedCtlSignature ::= SEQUENCE {
ctlSeriesId CtlSeriesId,
ctlType Ieee1609dot2dot1MsctlType,
sequenceNumber CtlSequenceNumber,
tbsCtlHash HashedId48
}
This structure contains the status of different certificate management information, including CRLs, CTLs, and individual certificates of CAs, MAs, and the RA.
crl of type SequenceOfCrlInfoStatus
contains the status information for CRLs.
ctl of type SequenceOfCtlInfoStatus
contains the status information for CTLs.
caCcf of type Time32
contains the time of the last update of any of the CA
certificates in the CCF.
ma of type SequenceOfMaInfoStatus
contains the status information for MA certificates.
ra of type Time32 OPTIONAL
shall be present and contain the time of last update of the RA's
certificate, if this structure is sent by an RA.
CertificateManagementInfoStatus ::= SEQUENCE {
crl SequenceOfCrlInfoStatus,
ctl SequenceOfCtlInfoStatus,
caCcf Time32,
ma SequenceOfMaInfoStatus,
ra Time32 OPTIONAL,
...
}
This type is used for clarity of definitions.
SequenceOfCtlInfoStatus ::= SEQUENCE OF CtlInfoStatus
This structure contains the status information for a CTL.
ctlSeriesId of type CtlSeriesId
contains the elector group ID of the CTL.
sequenceNumber of type CtlSequenceNumber
contains the sequence number of the CTL.
lastUpdate of type Time32
contains the time of the last update of the CTL.
CtlInfoStatus ::= SEQUENCE {
ctlSeriesId CtlSeriesId,
sequenceNumber CtlSequenceNumber,
lastUpdate Time32,
...
}
This type is used for clarity of definitions.
SequenceOfCrlInfoStatus ::= SEQUENCE OF CrlInfoStatus
This structure contains the status information for a CRL.
cracaId of type HashedId8
contains the CRACA ID of the CRL.
series of type CrlSeries
contains the CRL series of the CRL.
issueDate of type Time32
contains the time of the last update of the CRL.
CrlInfoStatus ::= SEQUENCE {
cracaId HashedId8,
series CrlSeries,
issueDate Time32,
...
}
This type is used for clarity of definitions.
SequenceOfMaInfoStatus ::= SEQUENCE OF MaInfoStatus
This structure contains the status information for an MA's certificate.
psids of type SequenceOfPsid
contains the PSIDs associated with the misbehavior that is to
be reported to that MA.
updated of type Time32
contains the time of the last update of the MA's certificate.
MaInfoStatus ::= SEQUENCE {
psids SequenceOfPsid,
updated Time32,
...
}