Re: X.509 Extensions Enhancements
Dean Povey <povey@dstc.qut.edu.au> Wed, 13 June 2001 01:19 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA27702 for <pkix-archive@odin.ietf.org>; Tue, 12 Jun 2001 21:19:14 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5D0WWJ21248 for ietf-pkix-bks; Tue, 12 Jun 2001 17:32:32 -0700 (PDT)
Received: from thunder.dstc.qut.edu.au (thunder.dstc.qut.edu.au [131.181.71.1]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5D0WTJ21243 for <ietf-pkix@imc.org>; Tue, 12 Jun 2001 17:32:30 -0700 (PDT)
Received: from dstc.qut.edu.au (garnet.dstc.qut.edu.au [131.181.71.36]) by thunder.dstc.qut.edu.au (8.10.1/8.10.1) with ESMTP id f5D0Vfm23958; Wed, 13 Jun 2001 10:31:41 +1000 (EST)
Message-Id: <200106130031.f5D0Vfm23958@thunder.dstc.qut.edu.au>
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
To: Carlin Covey <ccovey@cylink.com>
cc: "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org
Subject: Re: X.509 Extensions Enhancements
In-Reply-To: Message from "Carlin Covey" <ccovey@cylink.com> of "Tue, 12 Jun 2001 10:43:50 MST." <KHEDLMGGCCGHDAAKNAFOCEKDCAAA.ccovey@cylink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 13 Jun 2001 10:31:41 +1000
From: Dean Povey <povey@dstc.qut.edu.au>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
> >Russ, > >Thank you for pointing this out. I had seen the flags in X.509 but >didn't realize that they had not been incorporated into "son". > >But I have a comment concerning the DER encoding of the named bit string. >Some people interpret X.680/690 as requiring that the DER encoding >omit trailing zeros from such a named bit string. I (with some concurrence >from the X.509 folks) believe that this is an error. X.680/690 say that >trailing UNUSED bits are to be omitted. I am pretty sure it says to omit trailing zeros in bit fields, this means that the DER in old implementations and new implementations will be the same as it should be (although there are a very large number of vendors who get this wrong and include trailing zeros (particularly in the KeyUsage extension. If you are being strict about DER then you probably can't interoperate with anyone anyway :-). But I'll restrain myself from grumbling about changing an extension syntax and not changing the OID. This will break so many old implementations unecessarily because while they could safely ignore non-critical extensions that they don't understand, they are probably going to complain if they parse extensions they recognise and find they contain data they don't expect. Oops, that wasn't showing much restraint was it :-). -- Dean Povey, | e-m: povey@dstc.edu.au | JCSI: Java Crypto Toolkit Research Scientist | ph: +61 7 3864 5120 | uPKI: C PKI toolkit for embedded Security Unit, DSTC | fax: +61 7 3864 1282 | systems Brisbane, Australia | www: security.dstc.com |
- X.509 Extensions Enhancements Housley, Russ
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Charles W. Gardiner
- Re: X.509 Extensions Enhancements Dean Povey
- Re: X.509 Extensions Enhancements Hoyt L. Kesterson II
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements David A. Cooper
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- Re: X.509 Extensions Enhancements Bodo Moeller
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements David P. Kemp
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements David A. Cooper