Re: Distinguished names and X509v3 extension OIDs (fwd)
Warwick Ford <wford@verisign.com> Mon, 31 March 1997 21:48 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id NAA04253; Mon, 31 Mar 1997 13:48:51 -0800
Received: from mailgate22 by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id NAA04250; Mon, 31 Mar 1997 13:48:49 -0800
Received: by mailgate22 (SMI-8.6/SMI-SVR4) id NAA02339; Mon, 31 Mar 1997 13:48:14 -0800
Received: from sdn-ts-001casfrap07.dialsprint.net(206.133.192.26) by mailfep1-hme1 via smap (KC5.24) id Q_10.1.1.4/Q_12801_1_334030fe; Mon Mar 31 13:47:44 1997
Message-Id: <3.0.32.19970331164633.0074767c@pop.a001.sprintmail.com>
X-Sender: wford@pop.a001.sprintmail.com
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Mon, 31 Mar 1997 16:50:51 -0800
To: dpkemp@missi.ncsc.mil, warwick@rcc-irc.si, ietf-pkix@tandem.com
From: Warwick Ford <wford@verisign.com>
Subject: Re: Distinguished names and X509v3 extension OIDs (fwd)
Cc: ssl-users@mincom.oz.au
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
We certainly looked first at the more obvious options such as ANY DEFINED BY and EXTERNAL but were forced to reject them. I think what you are saying you would prefer is essentially the ANY DEFINED BY option, i.e., (in shorthand) SEQUENCE { oid, boolean, ANY DEFINED BY oid }. (Actually this would be done using table notation, but most readers probably are more familiar with ANY DEFINED BY.) >From recollection, the problem with the ANY DEFINED BY approach is as follows. Recall that a certificate is not necessarily transmitted everywhere encoded in DER. Some certificate-carrying protocols use BER-encoding. This is why a cert using system may need to regenerate the DER encoding of the cert when verifying the signature. Recall also that intermediate systems through which a cert traverses may decode and recode certs differently (e.g., if BER is in use, a system may re-encode a cert with a different BER encoding than that in which it was received). In the case of an extension, such a change of encoding might occur in any system that recognizes the extension OID and the corresponding ASN.1 type for the extension value. Now, when it comes to validating a cert, note that certs that contain unrecognized extensions may still be perfectly valid and usable (provided every unrecognized extension is flagged noncritical). But, if it is possible for the bit-representation of an unrecognized extension to have changed in transit, how can the cert-using system generate the required canonical encoding to verify the cert's signature? The level of indirection gained through the OCTET STRING overcomes this problem. Intermediate systems are not permitted to change the encoding of an extension at the inner level, since it is mandated to always be DER. And changing the encoding of the octet string itself is not a problem as you can always regenerate the DER encoding of an OCTET STRING. Hope this helps, Warwick (Ford) At 09:53 AM 3/31/97 -0500, David P. Kemp wrote: >The fact that extensions are octet strings is not SSLeay's fault. It >was, IMHO, a faulty decision by the designers of X.509 v3. It's >probably too late to correct this decision now - lots of people >have already written code to handle v3 certs with octet string extensions. >But it would have been smarter for the extension contents to be the >DER data directly, not an octet string containing DER data. (Octet >string would be a legitimate content type for some extensions, such >as keys, hash values, or opaque non-ASN.1 objects such as Microsoft >Word documents :-). > >John Larmouth (http://www.salford.ac.uk/iti/books/osi/chap8.html) >has this to say about the "OCTETSTRING hole": > > "... the application designer specifies a field as an ASN.1 octet > string for the purposes of defining his/her own abstract syntax, > then proceeds to populate the field with the encoding of an ASN.1 > type ... Use of this mechanism cannot be prevented by the Presentation > Layer or by ASN.1 (although text in the 1992 DIS deprecates this use of > OCTETSTRING), but clearly does not fit in any way with the spirit > of the presentation layer. ... The reader is ... asked to > avoid introducing such holes in any designs he/she becomes responsible > for!" > > >X.509 designers, is there any chance of fixing the certificateExtension >definition in the 1997 spec? --------------------------------------------------------------------- Warwick Ford, VeriSign, Inc., One Alewife Center, Cambridge, MA 02140 wford@verisign.com; Tel: (617)492 2816 x225; Fax: (617)661 0716 ---------------------------------------------------------------------
- Re: Distinguished names and X509v3 extension OIDs… Eric Young
- Re: Distinguished names and X509v3 extension OIDs… Warwick Ford
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- RE: Distinguished names and X509v3 extension OIDs… Andrew Probert
- Re: Distinguished names and X509v3 extension OIDs… Charles W. Gardiner
- Re: Distinguished names and X509v3 extension OIDs… Warwick Heath
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- Re: Distinguished names and X509v3 extension OIDs… Ben Laurie
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp