Re: [kitten] [abfab] An oops: we stomped on reserved RFC 4121 token types
Tom Yu <tlyu@MIT.EDU> Mon, 18 November 2013 21:44 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CE091AE598; Mon, 18 Nov 2013 13:44:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.126
X-Spam-Level:
X-Spam-Status: No, score=-3.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xeDcjUT15jj; Mon, 18 Nov 2013 13:44:04 -0800 (PST)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) by ietfa.amsl.com (Postfix) with ESMTP id EA6251AE597; Mon, 18 Nov 2013 13:44:03 -0800 (PST)
X-AuditID: 12074424-b7fa56d000000be4-5c-528a8a1dc2f7
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 86.D8.03044.D1A8A825; Mon, 18 Nov 2013 16:43:57 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id rAILhu0o008061; Mon, 18 Nov 2013 16:43:56 -0500
Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id rAILhsNg020852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 18 Nov 2013 16:43:55 -0500
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id rAILhsx5006729; Mon, 18 Nov 2013 16:43:54 -0500 (EST)
To: Sam Hartman <hartmans@painless-security.com>
References: <tsltxf9ddpw.fsf@mit.edu>
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 18 Nov 2013 16:43:54 -0500
In-Reply-To: <tsltxf9ddpw.fsf@mit.edu> (Sam Hartman's message of "Mon, 18 Nov 2013 08:46:51 -0500")
Message-ID: <ldv4n79idwl.fsf@cathode-dark-space.mit.edu>
Lines: 12
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPIsWRmVeSWpSXmKPExsUixCmqrCvb1RVk0LRE0OLj9TeMFjM9LY5u XsXiwOyxZMlPJo/Z31oZA5iiuGxSUnMyy1KL9O0SuDJu3L7JVtDMUvH85Bb2BsYFzF2MnBwS AiYS50+eYISwxSQu3FvP1sXIxSEkMJtJ4vSLq1DORkaJD3svglUJCZxjkjhySBMi0cUoMeHK DrBRIgIGEvNeHWMDsZkFlCUm/XrOAmILC3hK9B79zgLRrCqxdcJvpi5GDg42AWmJo4vLQMIs QOH/S86CtXIKJEt8WL4KzOYVsJCY8bYbbC+PAKfE7klb2SHighInZz5hgVilJXHj30umCYyC s5CkZiFJLWBkWsUom5JbpZubmJlTnJqsW5ycmJeXWqRrrpebWaKXmlK6iREUruwuKjsYmw8p HWIU4GBU4uGd4N4VJMSaWFZcmXuIUZKDSUmUV7IVKMSXlJ9SmZFYnBFfVJqTWnyIUYKDWUmE 93cpUI43JbGyKrUoHyYlzcGiJM57i8M+SEggPbEkNTs1tSC1CCYrw8GhJMG7oQOoUbAoNT21 Ii0zpwQhzcTBCTKcB2j4CZAa3uKCxNzizHSI/ClGRSlx3oMgCQGQREZpHlwvLJ28YhQHekWY 9zxIFQ8wFcF1vwIazAQ0+PjzNpDBJYkIKakGxvBpIax1KXOeRC5devN7spX+VaWPKxTCePM+ 1roqXXYTFiy3e2hz31XKuzaq6OMa9gA2yxvPFlb4nryeZvxCvfX2PYUj6/9w3uJ3WrhM7t+1 s6WaNuseieVr5xe9c6tj5cydonPmj038A4MTW5zWPG22WvXxwMdd/xYXW4pemFLHn6Cz5cRj DSWW4oxEQy3mouJEAHzszdQCAwAA
Cc: kitten@ietf.org, abfab@ietf.org
Subject: Re: [kitten] [abfab] An oops: we stomped on reserved RFC 4121 token types
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 21:44:05 -0000
Sam Hartman <hartmans@painless-security.com> writes: > We use token types 06 01 and 06 02 for initial context tokens. > > However, RFC 4121 section 4.4 reserves token ID 06 01 through 06 ff in > order that you can unambiguously distinguish ASN.1 wrapped framing from > other framing. RFC 4121 Section 4.4 reserves 60 00 through 60 FF. The BER identifier octet for "Application tag 0 (constructed)" is 0x60, not 0x06. (0x06 would be "Universal tag 6 (primitive)", also known as "OBJECT IDENTIFIER".)