Re: [pkix] a question of cert (and OCSP) extension syntax
"Peter Yee" <peter@akayla.com> Tue, 31 March 2015 04:09 UTC
Return-Path: <peter@akayla.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011711B2A6A for <pkix@ietfa.amsl.com>; Mon, 30 Mar 2015 21:09:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbHk6mEyijVd for <pkix@ietfa.amsl.com>; Mon, 30 Mar 2015 21:09:19 -0700 (PDT)
Received: from p3plsmtpa08-03.prod.phx3.secureserver.net (p3plsmtpa08-03.prod.phx3.secureserver.net [173.201.193.104]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C929A1B2A78 for <pkix@ietf.org>; Mon, 30 Mar 2015 21:09:19 -0700 (PDT)
Received: from spectre ([173.8.184.78]) by p3plsmtpa08-03.prod.phx3.secureserver.net with id A49J1q00W1huGat0149J0E; Mon, 30 Mar 2015 21:09:19 -0700
From: Peter Yee <peter@akayla.com>
To: pkix@ietf.org
Date: Mon, 30 Mar 2015 21:09:21 -0700
Message-ID: <00d201d06b68$779e2c90$66da85b0$@akayla.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdBrZsHatLuXTU+gQku24nGhjBIbDg==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/IuKxUr0bdzkc1ZyKDfiUt8dt4GA>
Subject: Re: [pkix] a question of cert (and OCSP) extension syntax
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 04:09:23 -0000
We've been doing ASN.1 for more than 20 years. Is it really that hard to encode things as ASN.1? I understand that text encoding is readable and even fashionable, but it's not like ASN.1 is the bugbear it's made out to be. -Peter > From: Russ Housley <housley@vigilsec.com> > Date: March 30, 2015 11:21:37 AM EDT > To: Rob Stradling <rob.stradling@comodo.com> > Cc: IETF PKIX <pkix@ietf.org> > Subject: Re: [pkix] a question of cert (and OCSP) extension syntax > > Rob: > >> I think it's only "wrong" and "weird" if you take the view that "if it could conceivably be constructed in ASN.1, then it MUST be constructed in ASN.1". I don't take that view. > > Certificates are ASN.1, and RFC 5280 (and its predecessors) say that extensions are OCTET STRING wrapped ASN.1 structures. From section 4.2 of RFC 2459: > > Each extension includes an OID and an ASN.1 structure. > > Russ
- [pkix] a question of cert (and OCSP) extension sy… Stephen Kent
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Gutmann
- Re: [pkix] a question of cert (and OCSP) extensio… Manger, James
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Gutmann
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Denis
- Re: [pkix] a question of cert (and OCSP) extensio… Stephen Kent
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- [pkix] update on ITU-T Public-key infrastructure:… Tony Rutkowski
- Re: [pkix] update on ITU-T Public-key infrastruct… Erik Andersen
- Re: [pkix] update on ITU-T Public-key infrastruct… George Michaelson
- Re: [pkix] a question of cert (and OCSP) extensio… Massimiliano Pala
- Re: [pkix] a question of cert (and OCSP) extensio… Massimiliano Pala
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- [pkix] Cryptographic Message Syntax Tony Rutkowski
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] Cryptographic Message Syntax Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Yoav Nir
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Yee
- Re: [pkix] a question of cert (and OCSP) extensio… Stephen Farrell
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Santosh Chokhani
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Yee
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Eric Rescorla