IETF Logo Mail Archive

Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility-02.txt

"Manger, James H" <James.H.Manger@team.telstra.com> Mon, 24 August 2009 01:40 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D85433A6AAA for <pkix@core3.amsl.com>; Sun, 23 Aug 2009 18:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.223
X-Spam-Level:
X-Spam-Status: No, score=-3.223 tagged_above=-999 required=5 tests=[AWL=-1.328, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBi+5OuGqXbE for <pkix@core3.amsl.com>; Sun, 23 Aug 2009 18:40:50 -0700 (PDT)
Received: from mailipao.ntcif.telstra.com.au (mailipao.ntcif.telstra.com.au [202.12.233.27]) by core3.amsl.com (Postfix) with ESMTP id DCC303A6814 for <pkix@ietf.org>; Sun, 23 Aug 2009 18:40:49 -0700 (PDT)
Received: from unknown (HELO mailbi.ntcif.telstra.com.au) ([202.12.162.19]) by mailipai.ntcif.telstra.com.au with ESMTP; 24 Aug 2009 11:40:54 +1000
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.ntcif.telstra.com.au (Postfix) with ESMTP id 1AF96FF83; Mon, 24 Aug 2009 11:40:54 +1000 (EST)
Received: from wsmsg3757.srv.dir.telstra.com (wsmsg3757.in.telstra.com.au [172.49.40.85]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id LAA15286; Mon, 24 Aug 2009 11:40:53 +1000 (EST)
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Mon, 24 Aug 2009 11:40:53 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Jim Schaad <ietf@augustcellars.com>, "pkix@ietf.org" <pkix@ietf.org>
Date: Mon, 24 Aug 2009 11:40:51 +1000
Thread-Topic: [pkix] I-D Action:draft-ietf-pkix-ocspagility-02.txt
Thread-Index: AcogABSHyGBQtUfKS9eyjozpDf56swEQ6y0gAAKawLA=
Message-ID: <255B9BB34FB7D647A506DC292726F6E1122AF8ADC2@WSMSG3153V.srv.dir.telstra.com>
References: <C6AF9540.3EF9%stefan@aaa-sec.com> <4A8A9E26.50601@ieca.com> <02f901ca2444$764415b0$62cc4110$@com>
In-Reply-To: <02f901ca2444$764415b0$62cc4110$@com>
Accept-Language: en-US, en-AU
Content-Language: en-US
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility-02.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2009 01:40:51 -0000

> I am afraid that James is wrong when saying there is only one structure that
> can be associated with an OID, the correct statement should be that for any
> given location, only one structure can be associated with an OID.

At least SMIMECapability is not defined to be an AlgorithmIdentifier -- it is a separate type, with different field names, and different related CLASSs (SMIME-CAPS vs ALGORITHM). Consequently, using the same OID in these two types with different parameter structures is not as bad as using the same OID with different parameter structures in different instances of AlgorithmIdentifier (which is what I objected to).

Curiously, in RFC 3851 "S/MIME 3.1" section 2.5.2.1 (where the one SMIMECapability in the document is defined for RC2) much of the text is solely to remind the reader not to confuse the two parameter structures. A new OID for the new parameter structure may have been a less confusing solution.


draft-ietf-smime-new-asn1 defines lots of SMIMECapability values collated from various specs. I can only see two parameter structures: INTEGER holding a key length for RC2; and KeyWrapAlgorithm. KeyWrapAlgorithm is itself a SMIMECapability (or Alg.Id elsewhere in the same draft!!!). Effectively, it seems to be more OIDs with no other structures. SMIMECapabilities already combines different types of algorithms (signature algs, symmetric algs, key encipherment algs...) in a single list. It might have been more in keeping with this usage to include key wrap algs in this list directly, instead of as parameters of another algorithms.

James Manger

v2.23.0 | Report a Bug | By Email