IETF Logo Mail Archive

re:ASN.1 ambiguity

"danielle (d.m.) mortimer" <mortimer@bnr.ca> Fri, 13 October 1995 04:56 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05837; 13 Oct 95 0:56 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa05833; 13 Oct 95 0:56 EDT
Received: from pad-thai.cam.ov.com by CNRI.Reston.VA.US id aa02148; 13 Oct 95 0:56 EDT
Received: from MIT.EDU by pad-thai.cam.ov.com (8.6.12/) with SMTP id <AAA12544@pad-thai.cam.ov.com>; Fri, 13 Oct 1995 00:10:52 -0400
Received: from x400gate.bnr.ca by MIT.EDU with SMTP id AA14788; Fri, 13 Oct 95 00:07:58 EDT
X400-Received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Fri, 13 Oct 1995 00:06:36 -0400
X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Thu, 12 Oct 1995 23:28:37 -0400
X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Thu, 12 Oct 1995 16:33:00 -0400
Date: Thu, 12 Oct 1995 16:33:00 -0400
X400-Originator: /dd.id=1609094/g=danielle/i=dm/s=mortimer/@bnr.ca
X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; bcars735.b.533:13.09.95.03.28.37]
X400-Content-Type: P2-1984 (2)
Content-Identifier: re:ASN.1 ambi...
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "danielle (d.m.) mortimer" <mortimer@bnr.ca>
X-Orig-Sender: "danielle (d.m.) mortimer" <mortimer@bnr.ca>
Message-Id: <"23561 Thu Oct 12 23:29:01 1995"@bnr.ca>
To: luehe@mtv4s1.eng.sun.com
Cc: "dragan (d.) grebovich" <dragan@bnr.ca>, "carlisle (c.m.) adams" <cadams@bnr.ca>, "alex (a.d.) brown" <alex@bnr.ca>, cat-ietf@mit.edu
Subject: re:ASN.1 ambiguity 

In message "ASN.1 ambiguity", luehe@mtv4s1.Eng.Sun.com writes:

> I have a problem with the ASN.1 defintion of InitialContextToken as found
> in draft-ietf-cat-spkmgss-04.txt (May 25, 1995):
> 
>    InitialContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE {
>            thisMech        MechType,
>                    -- MechType is OBJECT IDENTIFIER
>                    -- representing "SPKM-1" or "SPKM-2"
>            innerContextToken ANY DEFINED BY thisMech
>                    -- contents mechanism-specific
>            }
> 
> Since the "thisMech" component may only assume one of the values
> SPKM-1 or SPKM-2, it does not unambiguously determine the actual type 
> governing the value in the "innerContextToken", which may be 
> SPKM_REQ, SPKM_REP_TI, SPKM_REP_IT, or SPKM_ERROR. I understand that the
> various context establishment tokens are distinguished by their
> tok_id fields; however, the distinction should be accomplished at an earlier
> stage during decoding, i.e. through the value of "thisMech".
>
> Has anybody come across this problem, or am I wrong?

I'll answer on behalf of Carlisle who is on vacation at the moment.

This is not a problem at all.  The mechanism type is intended to
indicate the mechanism, e.g. SPKM-1, SPKM-2, Kerberos V5, etc.  The
decoder must read the mechanism type before it can interpret the
mechanism-specific contents of the innerContextToken.  In the case of
SPKM-1 and SPKM-2, the innerContextToken is ASN.1-encoded, and the token 
type is indicated by the tok_id field as you pointed out.  The decoder 
then has to "peek" at the tok_id before it can interpret the contents as 
SPKM_REQ, SPKM_REP_TI, SPKM_REP_IT or SPKM_ERROR.

-------------------------------------------------------------
D.M. Mortimer                   Nortel Secure Networks
email: mortimer@bnr.ca          2 Constellation Crescent
voice: (613) 763-7498           Nepean, Ontario K2G 5J9
  fax: (613) 765-3764           http://www.entrust.com

v2.23.0 | Report a Bug | By Email