This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 10 and 12 (spanning 2 versions)
Revision 10 as of 2008-02-22 19:28:45
Size: 2578
Editor: GuyHarris
Comment: Fix typo.
Revision 12 as of 2008-04-14 12:02:50
Size: 2961
Editor: proxy2-nsn
Comment: Added link to CMP trace file with content-type "pkixcmp-poll"
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 * ["TCP"]: CMP can use ["TCP"] or ["HTTP"] as its transport protocol. The well known TCP port for CMP traffic is 829.
 * While there is no implementation known supporting it, transporting CMP over email (["SMTP"], ["POP"] etc.) or file transfer (["FTP") is also mentioned in CMPtrans (see below).
 * [[TCP]]: CMP can use [[TCP]] or [[HTTP]] as its transport protocol. The well known TCP port for CMP traffic is 829.
 * While there is no implementation known supporting it, transporting CMP over email ([[SMTP]], [[POP]] etc.) or file transfer (["FTP") is also mentioned in CMPtrans (see below).
Line 21: Line 22:
 * attachment:SampleCaptures/cmp-trace.pcap.gz CMP certificate requests
 * attachment:SampleCaptures/cmp-in-http-with-errors-in-cmp-protocol.pcap.gz CMP version 2 encapsulated in HTTP on port 4711. Full "Initialization Request" and rejected "Key Update Request". There are some errors in the CMP packages.
 * [[attachment:SampleCaptures/cmp-trace.pcap.gz]] CMP certificate requests
 * [[attachment:SampleCaptures/cmp-in-http-with-errors-in-cmp-protocol.pcap.gz]] CMP version 2 encapsulated in HTTP on port 4711. Full "Initialization Request" and rejected "Key Update Request". There are some errors in the CMP packages.
 * [[attachment:SampleCaptures/cmp_in_http_with_pkixcmp-poll_content_type.pcap.gz]] CMP version 2 encapsulated in HTTP. The CMP messages are of the deprecated but used content-type "pkixcmp-poll", so they are using the TCP transport style. In two of the four CMP messages, the content type is not explicitly set, thus they cannot be dissected correctly.
Line 24: Line 27:
A complete list of CMP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/c/cmp.html display filter reference] A complete list of CMP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/c/cmp.html|display filter reference]]
Line 29: Line 32:
Line 30: Line 34:
You cannot directly filter CMP while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter CMP while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 35: Line 39:
Line 36: Line 41:
 * [http://www.ietf.org/rfc/rfc4210.txt RFC 4210] ''Internet X.509 Public Key Infrastructure Certificate Management Protocols''. This version obsoletes [http://www.ietf.org/rfc/rfc2510.txt RFC 2510]. According to the new RFC, the CMP transport protocol issues are handled in the separate CMPtrans document.
 * [http://tools.ietf.org/html/draft-ietf-pkix-cmp-transport-protocols-05 Last IETF CMPtrans draft] This draft for ''CMPtrans'' is expired, hence there is '''no obligatory transport protocols spec available'''. There are obvious mistakes in it which may cause confusion. Implementations more or less adhere to it.
 * [http://www.ietf.org/rfc/rfc4211.txt RFC 4211] ''Certificate Request Message Format'' is more or less bound to CMP. This Version obsoletes [http://www.ietf.org/rfc/rfc2511.txt RFC 2511] and is used by RFC 4210
 * [[http://www.ietf.org/rfc/rfc4210.txt|RFC 4210]] ''Internet X.509 Public Key Infrastructure Certificate Management Protocols''. This version obsoletes [[http://www.ietf.org/rfc/rfc2510.txt|RFC 2510]]. According to the new RFC, the CMP transport protocol issues are handled in the separate CMPtrans document.
 * [[http://tools.ietf.org/html/draft-ietf-pkix-cmp-transport-protocols-05|Last IETF CMPtrans draft]] This draft for ''CMPtrans'' is expired, hence there is '''no obligatory transport protocols spec available'''. There are obvious mistakes in it which may cause confusion. Implementations more or less adhere to it.
 * [[http://www.ietf.org/rfc/rfc4211.txt|RFC 4211]] ''Certificate Request Message Format'' is more or less bound to CMP. This Version obsoletes [[http://www.ietf.org/rfc/rfc2511.txt|RFC 2511]] and is used by RFC 4210

Certificate Management Protocol (CMP)

CMP is a protocol for managing Public Key Infrastructures (PKI) based on X.509v3 certificates. Protocol messages are defined for certificate creation and management. It is used by commercial PKI products as Entrust Security Manager, Unicert, Insta Certifier and Cryptlib. An OpenSSL client side implementation is work in progess.

History

TODO:

Protocol dependencies

  • TCP: CMP can use TCP or HTTP as its transport protocol. The well known TCP port for CMP traffic is 829.

  • While there is no implementation known supporting it, transporting CMP over email (SMTP, POP etc.) or file transfer (["FTP") is also mentioned in CMPtrans (see below).

Example traffic

TODO: Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

TODO:

Preference Settings

TODO:.

Example capture file

Display Filter

A complete list of CMP display filter fields can be found in the display filter reference

  • Show only the CMP based traffic:
     cmp 

Capture Filter

You cannot directly filter CMP while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture only the CMP traffic over the default port (829):
     tcp port 829 

  • RFC 4210 Internet X.509 Public Key Infrastructure Certificate Management Protocols. This version obsoletes RFC 2510. According to the new RFC, the CMP transport protocol issues are handled in the separate CMPtrans document.

  • Last IETF CMPtrans draft This draft for CMPtrans is expired, hence there is no obligatory transport protocols spec available. There are obvious mistakes in it which may cause confusion. Implementations more or less adhere to it.

  • RFC 4211 Certificate Request Message Format is more or less bound to CMP. This Version obsoletes RFC 2511 and is used by RFC 4210

CMP (last edited 2013-02-16 10:47:51 by LTejas)