Fixing ASN.1 module error in PKIX-new-part1-12
"Housley, Russ" <rhousley@rsasecurity.com> Wed, 17 April 2002 16:14 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24968 for <pkix-archive@odin.ietf.org>; Wed, 17 Apr 2002 12:14:02 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g3HFMZc11461 for ietf-pkix-bks; Wed, 17 Apr 2002 08:22:35 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3HFMXm11457 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:22:33 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 17 Apr 2002 15:21:24 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA07744 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:21:12 -0400 (EDT)
Received: from exno02.dynas.se (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3HFMXG28399 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:22:34 -0400 (EDT)
Received: by exno02.eu.rsa.net with Internet Mail Service (5.5.2653.19) id <JB1WNQ2F>; Wed, 17 Apr 2002 17:22:25 +0200
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.83]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1TRSK; Wed, 17 Apr 2002 11:19:57 -0400
Message-Id: <5.1.0.14.2.20020417104539.03224148@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 17 Apr 2002 11:14:15 -0400
To: ietf-pkix@imc.org
From: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Fixing ASN.1 module error in PKIX-new-part1-12
In-Reply-To: <0B95FB5619B3D411817E006008A59259C050BD@wfhqex06.gfgsi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Many thanks to Rich Nicholas for detecting a mistake in the ASN.1 modules before Son-of-2459 was published as an RFC. The problem is described in the attached message, and only impacts certificates that include the X.400 ORAddress as an alterative name. I have been working with the RFC Editor to correct this before publication. I am not moving the definition. If I did, then each module would have IMPORTs from the other, and I am not sure that all of the tools could handle this circular situation. At this late date, I did not want to create a third module, so the solution is to insert "IMPLICIT" in each of the tagged definitions associated with the ORAddress. The resulting ASN.1 has been compiled with two different compilers, so I am quite confident that additional errors have not been introduced. One of the compilers reports no errors. The compiler complains about the specification of UNIVERSAL tags. This is not unexpected, as discussed in the introduction to Appendix A. I have submitted a new Internet-Draft (draft-ietf-pkix-new-part1-asn1-00.txt) that contains the updated ASN.1 modules in order to distribute the corrections widely and quickly. Russ At 12:34 PM 2/28/2002 -0500, Nicholas, Richard wrote: >Russ & Tim, > >The ORAddress syntax (and the syntax for its members) included in Appendix A >should have been included in the PKIXImplicit88 module (A.2), rather than >the PKIXExplicit88 module (A.1). > >ORAddress is defined in the MTSAbstractService module from X.411, which uses >IMPLICIT tagging. > >- Rich
- Fixing ASN.1 module error in PKIX-new-part1-12 Housley, Russ