[openssl-project] Fwd: Request for comments on 'Certificate Management Protocol (CMP, RFC 4210) extension #681'"

Matt Caswell matt at openssl.org
Tue Aug 14 19:20:55 UTC 2018

I went to approve this post, but I don't see it in the pending queue.
Not sure why not - so forwarding this anyway. Please see below.


-------- Forwarded Message --------
Subject: Request for comments on 'Certificate Management Protocol (CMP,
RFC 4210) extension #681'"
Date: Tue, 14 Aug 2018 17:27:33 +0000
From: Brockhaus, Hendrik <hendrik.brockhaus at siemens.com>
To: openssl-project at openssl.org <openssl-project at openssl.org>
CC: matt at openssl.org <matt at openssl.org>, levitte at openssl.org
<levitte at openssl.org>, rsalz at openssl.org <rsalz at openssl.org>, Peylo,
Martin (Nokia - FI/Espoo) <martin.peylo at nokia.com>, von Oheimb, David
<david.von.oheimb at siemens.com>


Back in 2007 Nokia started developing a CMP client based on OpenSSL that
is currently in use in LTE infrastructure components. Siemens joined in
the project some years ago to extend and utilize the code for further
industrial use cases. We are aware that a lot of other users of this

Right from the beginning it was the goal of the project to contribute
the code upstream OpenSSL some time, see RT item #3101, GitHub issue
#5926 and pull request #6811.
Integrating CMPforOpenSSL would make things much easier for all people
using it already and also for those who use OpenSSL to automate their
certificate management based on CMP.

The footprint of the code is about 17.000 lines of code plus test and
configuration data.
There are unit tests and a large amount of interoperability test (with
EJBCA and Insta CA). These tests can provide initial confidence in the
functionality and quality of the implementation.

In the past months we already got some feedback supporting the
contribution. To get the contribution reviewed and merged by the project
we know that there will be considerable effort needed on both sides.
Therefore we'd like to understand the opinion of the group of committers
and OMC members if this contribution should be integrated with OpenSSL.

Martin, David, and Hendrik

Ps.: I will be out of the office the next weeks; Martin and David are
available to follow up on this discussion.

With best regards,
Hendrik Brockhaus

Siemens AG
Corporate Technology
Research and Development for Digitalization and Automation
Security Architecture
Otto-Hahn-Ring 6
81739 Muenchen, Germany Tel.: +49 89 636-633672
Mobile: +49 174 1517765
mailto:hendrik.brockhaus at siemens.com


Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and
Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich,
Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered
offices: Berlin and Munich, Germany; Commercial registries: Berlin
Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

More information about the openssl-project mailing list