3.3. Replace Section 3.6 - HTTP Request-URI

3.3. Replace Section 3.6 - HTTP Request-URI

Section 3.6 of [RFC6712] specifies the used HTTP URIs. This document introduces the HTTP path '/.well-known/cmp' and extends the URIs.

Replace the text of the section with the following text:

3.6. HTTP Request-URI

Each CMP server on a PKI management entity supporting HTTP or HTTPS transfer MUST support the use of the path prefix '/.well-known/' as defined in [RFC8615] and the registered name 'cmp' to ease interworking in a multi-vendor environment.

The CMP client needs to be configured with sufficient information to form the CMP server URI. This is at least the authority portion of the URI, e.g., 'www.example.com:80', or the full operation path segment of the PKI management entity. Additionally, OPTIONAL path segments MAY be added after the registered application name as part of the full operation path to provide further distinction. The path segment 'p' followed by an arbitraryLabel <name> could, for example, support the differentiation of specific CAs or certificate profiles. Further path segments, e.g., as specified in the Lightweight CMP Profile [RFC9483], could indicate PKI management operations using an operationLabel <operation>. A valid, full CMP URI can look like this:

http://www.example.com/.well-known/cmp
http://www.example.com/.well-known/cmp/<operation>
http://www.example.com/.well-known/cmp/p/<name>
http://www.example.com/.well-known/cmp/p/<name>/<operation>