IETF Logo Mail Archive

Re: [pkix] [Technical Errata Reported] RFC5272 (4186)

"Manger, James" <James.H.Manger@team.telstra.com> Tue, 18 November 2014 23:07 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8CF1ACC91 for <pkix@ietfa.amsl.com>; Tue, 18 Nov 2014 15:07:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.902
X-Spam-Level:
X-Spam-Status: No, score=-0.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_LOW=-0.7, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fF6G2XH5aEED for <pkix@ietfa.amsl.com>; Tue, 18 Nov 2014 15:07:55 -0800 (PST)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id EB46F1A1AA4 for <pkix@ietf.org>; Tue, 18 Nov 2014 15:07:18 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.07,412,1413205200"; d="scan'208";a="53201326"
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipocvi.tcif.telstra.com.au with ESMTP; 19 Nov 2014 09:47:25 +1100
X-IronPort-AV: E=McAfee;i="5600,1067,7626"; a="263593476"
Received: from wsmsg3754.srv.dir.telstra.com ([172.49.40.198]) by ipcbvi.tcif.telstra.com.au with ESMTP; 19 Nov 2014 10:07:17 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3754.srv.dir.telstra.com ([172.49.40.198]) with mapi; Wed, 19 Nov 2014 10:07:16 +1100
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "jimsch@nwlink.com" <jimsch@nwlink.com>, "mmyers@fastq.com" <mmyers@fastq.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>, "kent@bbn.com" <kent@bbn.com>, "stefan@aaa-sec.com" <stefan@aaa-sec.com>
Date: Wed, 19 Nov 2014 10:07:15 +1100
Thread-Topic: [pkix] [Technical Errata Reported] RFC5272 (4186)
Thread-Index: AdADPECEM95021StQzOMxM6v2MS1RQARI6jw
Message-ID: <255B9BB34FB7D647A506DC292726F6E127D2A37BFE@WSMSG3153V.srv.dir.telstra.com>
References: <20141118142938.E243E181C67@rfc-editor.org>
In-Reply-To: <20141118142938.E243E181C67@rfc-editor.org>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/2I1RaeL0EJZYkMqWMIC4uE-7Iac
Cc: "pkix@ietf.org" <pkix@ietf.org>, "pierce.leonberger@baesystems.com" <pierce.leonberger@baesystems.com>
Subject: Re: [pkix] [Technical Errata Reported] RFC5272 (4186)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2014 23:07:58 -0000

This errata should be rejected.
When eContentType (or contentType) is id-data, eContent (or content) is an (explicitly [0] tagged) OCTET STRING. The content of the OCTET STRING is the "unstructured data".

The text in the original PKCS#7 spec (eg RFC 2315 section 8 "Data content type") was quite clear:

   8. Data content type

      The data content type is just an octet string. It shall have ASN.1
      type Data:

      Data ::= OCTET STRING

      The data content type is intended to refer to arbitrary octet
      strings, such as ASCII text files; the interpretation is left to the
      application. Such strings need not have any internal structure
      (although they may; they could even be DER encodings).


The subsequent text in CMC [RFC5272] and CMS [RFC3852, RFC5652] is less clear because it does not mention OCTET STRING when defining id-data. Sections 5.2 "EncapsulatedContentInfo" and 5.2.1 "Compatibility with PKCS#7" go to some effort to explain this.

--
James Manger


-----Original Message-----
From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of RFC Errata System
Sent: Wednesday, 19 November 2014 1:30 AM
To: jimsch@nwlink.com; mmyers@fastq.com; stephen.farrell@cs.tcd.ie; Kathleen.Moriarty.ietf@gmail.com; kent@bbn.com; stefan@aaa-sec.com
Cc: pkix@ietf.org; pierce.leonberger@baesystems.com; rfc-editor@rfc-editor.org
Subject: [pkix] [Technical Errata Reported] RFC5272 (4186)

The following errata report has been submitted for RFC5272, "Certificate Management over CMS (CMC)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5272&eid=4186

--------------------------------------
Type: Technical
Reported by: Pierce Leonberger <pierce.leonberger@baesystems.com>

Section: 3.2.1.3.2

Original Text
-------------
The Data content type allows for general transport of unstructured
   data.

   The Data content type is used by this document for:

      Holding the encrypted random value y for POP proof in the
      encrypted POP control (see Section 6.7).

Corrected Text
--------------
See Notes

Notes
-----
It's invalid for the encoding of an ANY or OpenType to have "unstructured" data.  See X.690 section 8.15:

8.15 Encoding of an open type
The value of an open type is also a value of some (other) ASN.1 type. The encoding of such a value shall be the complete encoding herein specified for the value considered as being of that other type.

Note there's similar wording in X.209 section 21 for ANY:

21 Encoding of a value of the ANY type
The encoding of an ANY type shall be the complete encoding specified in this Recommendation for the type of the value of the ANY type.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC5272 (draft-ietf-pkix-2797-bis-07)
--------------------------------------
Title               : Certificate Management over CMS (CMC)
Publication Date    : June 2008
Author(s)           : J. Schaad, M. Myers
Category            : PROPOSED STANDARD
Source              : Public-Key Infrastructure (X.509)
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email