Re: [certid] Comments on draft-saintandre-tls-server-id-check-03

Peter Saint-Andre <stpeter@stpeter.im> Wed, 12 May 2010 15:45 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13CFA3A6CD2 for <certid@core3.amsl.com>; Wed, 12 May 2010 08:45:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.155
X-Spam-Level:
X-Spam-Status: No, score=-1.155 tagged_above=-999 required=5 tests=[AWL=-0.415, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n09BkVmveb0o for <certid@core3.amsl.com>; Wed, 12 May 2010 08:45:28 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 024A73A6DB4 for <certid@ietf.org>; Wed, 12 May 2010 08:35:13 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 2FCD540D06; Wed, 12 May 2010 09:35:02 -0600 (MDT)
Message-ID: <4BEACAA4.1080402@stpeter.im>
Date: Wed, 12 May 2010 09:35:00 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4BE9EC9F.9030903@KingsMountain.com>
In-Reply-To: <4BE9EC9F.9030903@KingsMountain.com>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms000209050203020200090208"
Cc: IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] Comments on draft-saintandre-tls-server-id-check-03
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2010 15:45:30 -0000

On 5/11/10 5:47 PM, =JeffH wrote:
>> Jeff Hodges wrote:
>>>
>>> > The various standards for translating a DER encoded Name into
>>> > a string call for the RDNs to be ordered, left to right, from
>>> > most specific to most general, the reverse of the order in which
>>> > they appear in the DER encoded certificate.
>>>
>>> AFAICT, there is only one clear non-implementation-specific
>>> specification for a X.500/LDAP DN string representation,
>>> and that's (now) RFC4514 (obsoletes 2253, which obsoleted 1779,
>>> which obsoleted 1485). Is there a DN string rep specified
>>> anywhere in the ISO specs (I can't find one)?
>>
>> The description above oversimplifies the process.
>>
>> In ASN.1 a distinguished name is a sequence of RDNames, which are
>> sets of attribute-value pairs.  Often these sets only contain a
>> single attribute value pair, but they _can_ contain several
>> attribute value pairs, and some CA software seems to stuff
>> serialNumber and CN into a single RDName set.
> 
> Thanks very much for this detailed heads-up.
> 
> 
>> The result is a little weird.  Multiple attribute-value pairs
>> in a set are glued together with a plus (+) sign instead of a
>> comma (,) and the original ordering of the set is retained!
> 
> Ah, this (i.e. "the result") would be the resultant DN string
> representation as spec'd by RFC4514 section 2.2.
> 
> 
>> Further complicating the issue: While DER encoding leaves the ordering
>> of the contents of an ASN.1 SEQUENCE as is, the ordering of the contents
>> of an ASN.1 SET is "canonicalized" by DER encoding (based on the
>> numeric ordering of the final binary encoding of each element).
>> So the shorter elements will always end up first in RDNames
>> containing multiple attribute-value pairs in a SET.
>>
>> i.e.
>>
>>      CN=Foo+2.5.4.5=123ABC,O=bar,C=ZZ
>>      2.5.4.5=227DEF+CN=LongName,O=bar,C=ZZ
> 
> Ok, thx, good catch.
> 
> AFAICT, this revelation means we have some re-working to do to
> -tls-server-id-check in sections 2.1 and 3.1.3 in order to denote that
> RDNs can  contain a set of AVAs.

Is this text more accurate?

   The subject field of a PKIX certificate is defined as a X.501 type
   Name and known as a Distinguished Name (DN) -- see [X.501] and
   [PKIX].  A DN is an ordered sequence of Relative Distinguished Name
   (RDNs), where an RDN is a set (i.e., an unordered group) of type-and-
   value pairs [LDAP-DN], each of which asserts some attribute about the
   subject of the certificate.

Where [LDAP-DN] = RFC 4514 and [PKIX] = RFC 5280.

BTW I don't see any evidence for the following claim in RFC 4514:

   The RDNs are ordered in the DN sequence from
   most general to most specific.

Corrections welcome.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/