Re: [pkix] Interoparability problem between RFC 5280 and EDIFACT
koichi sugimoto <koichi.sugimoto@globalsign.co.jp> Tue, 13 December 2011 09:23 UTC
Return-Path: <koichi.sugimoto@globalsign.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D07F721F847D for <pkix@ietfa.amsl.com>; Tue, 13 Dec 2011 01:23:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.77
X-Spam-Level:
X-Spam-Status: No, score=-1.77 tagged_above=-999 required=5 tests=[AWL=1.207, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFKETqA9g3tw for <pkix@ietfa.amsl.com>; Tue, 13 Dec 2011 01:23:26 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 031A821F8440 for <pkix@ietf.org>; Tue, 13 Dec 2011 01:23:25 -0800 (PST)
Received: by qadz3 with SMTP id z3so4352448qad.10 for <pkix@ietf.org>; Tue, 13 Dec 2011 01:23:25 -0800 (PST)
Received: by 10.224.1.136 with SMTP id 8mr1648852qaf.54.1323768205201; Tue, 13 Dec 2011 01:23:25 -0800 (PST)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by mx.google.com with ESMTPS id gg6sm42432927qab.3.2011.12.13.01.23.24 (version=SSLv3 cipher=OTHER); Tue, 13 Dec 2011 01:23:25 -0800 (PST)
Received: by vcbfy13 with SMTP id fy13so4923117vcb.31 for <pkix@ietf.org>; Tue, 13 Dec 2011 01:23:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.106.207 with SMTP id y15mr915179vco.69.1323768203967; Tue, 13 Dec 2011 01:23:23 -0800 (PST)
Received: by 10.52.115.70 with HTTP; Tue, 13 Dec 2011 01:23:23 -0800 (PST)
In-Reply-To: <E1RaMyB-0004Dr-9i@login01.fos.auckland.ac.nz>
References: <E1RaMyB-0004Dr-9i@login01.fos.auckland.ac.nz>
Date: Tue, 13 Dec 2011 18:23:23 +0900
Message-ID: <CAMAj_wGXGeZRgUAQHiJM3DdOBSaZxPzYK8zWMPHXkcmer4G+kg@mail.gmail.com>
From: koichi sugimoto <koichi.sugimoto@globalsign.co.jp>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: pkix@ietf.org
Subject: Re: [pkix] Interoparability problem between RFC 5280 and EDIFACT
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 09:23:27 -0000
Hello Peter, You mean the application has a bug? If the application is compliant to RFC 5280, then, the application must be able to handle 20 octets. Therefore, the encoding function that generates the 'CERTIFICATE REFERENCE' should convert 5 octets to less than 9 charcters. For example, base64 is one of the most familiar encoding, that converts 3 octets to 4 characters. It meets the requirement? Regards, Koichi Sugimoto. 2011/12/13 Peter Gutmann <pgut001@cs.auckland.ac.nz>: > koichi sugimoto <koichi.sugimoto@globalsign.co.jp> writes: > >>On the other hand, EDIFACT specifies the length of the 'CERTIFICATE REFERENCE' >>must be less than or equal to 35 characters. >>In this case, >>'11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 00 11 22' >>cannot be accptable to EDIFACT. > > That spec was written with EDIFACT certificates in mind; the only thing they > have in common with X.509 is that both use the word "certificates". So you > will run into problems because you're using the fields to convey information > that they were never designed to convey. The solution is to apply whatever > kludge works: > > - Convince the CA to user shorter serial numbers (given your email address, > I'm assuming your organisation is the CA, so you'd just have to change your > software to use shorter serial numbers). > - Have your app recognise truncated forms of the reference string. > - Stuff additional bits of the value into other, optional fields. > - Change the encoding to allow a higher encoding density. > - ... > > Peter.
- [pkix] Interoparability problem between RFC 5280 … koichi sugimoto
- Re: [pkix] Interoparability problem between RFC 5… Peter Gutmann
- Re: [pkix] Interoparability problem between RFC 5… koichi sugimoto
- Re: [pkix] Interoparability problem between RFC 5… Peter Gutmann
- Re: [pkix] Interoparability problem between RFC 5… koichi sugimoto
- Re: [pkix] Interoparability problem between RFC 5… Peter Gutmann