RE: X.509 Extensions Enhancements
"Carlin Covey" <ccovey@cylink.com> Thu, 28 June 2001 01:52 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA18353 for <pkix-archive@odin.ietf.org>; Wed, 27 Jun 2001 21:52:45 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5S0vCQ04380 for ietf-pkix-bks; Wed, 27 Jun 2001 17:57:12 -0700 (PDT)
Received: from exchange.cylink.com (exchange.cylink.com [192.43.161.25]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5S0vBm04376 for <ietf-pkix@imc.org>; Wed, 27 Jun 2001 17:57:11 -0700 (PDT)
Received: from COVEY (cpe-24-221-22-222.az.sprintbbd.net [24.221.22.222]) by exchange.cylink.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id M4HJBT90; Wed, 27 Jun 2001 17:55:57 -0700
From: Carlin Covey <ccovey@cylink.com>
To: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
Cc: ietf-pkix@imc.org
Subject: RE: X.509 Extensions Enhancements
Date: Wed, 27 Jun 2001 17:57:58 -0700
Message-ID: <KHEDLMGGCCGHDAAKNAFOAEOFCAAA.ccovey@cylink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <20010613100813.B12609@cdc.informatik.tu-darmstadt.de>
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
X-MIME-Autoconverted: from 8bit to quoted-printable by above.proper.com id f5S0vCQ04380
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id VAA18353
Bodo, Sorry to be so late in responding, but I've been on vacation. My rationale for my trailing zeros interpretation is this: (1) X.680 and X.690 are ambiguously worded. (2) The deletion of trailing 0 bits is associated with "unused bits." (3) The "delete all trailing zeros" interpretation inhibits extensibility. Re (1): Here's why X.680 is ambiguously worded: X.680 could have said "... encoding rules are free to concatenate arbitrarily many trailing 0 bits to the NamedBitList, and are free to truncate any trailing zeros following the NamedBitList" or X.680 could have said "... encoding rules are free to concatenate arbitrarily many trailing 0 bits to the NamedBitList, and are free to truncate any trailing zeros within or following the NamedBitList" Instead X.680 says "... encoding rules are free to add (or remove) arbitrarily many trailing 0 bits to (or from) values that are being encoded or decoded." The current wording is briefer, but allows for either interpretation (since the "values that are being encoded" is a bit string that may contain 0 bits at the trailing end). X.690 is similarly ambiguous: It says "the bitstring shall have all trailing 0 bits removed before it is encoded." but doesn't specify whether the trailing 0 bits to be removed include those within the bitstring, or only those that follow the bitstring (i.e. the 0 bits that X.680 said could be added arbitrarily). Re (2): Note that the "delete all trailing 0's" interpretation doesn't explain why X.690 section 11.2.2 should be included within section 11.2, which is entitled "Unused Bits." My interpretation does explain this. Deleting trailing 0 bits applies only to the "unused bits" that follow the NamedBitList. Re (3): I won't repeat the extensibility argument that appeared in my email of June 12. Regards, Carlin ____________________________ - Carlin Covey Cylink Corporation -----Original Message----- From: Bodo Moeller [mailto:moeller@cdc.informatik.tu-darmstadt.de] Sent: Wednesday, June 13, 2001 1:08 AM To: Carlin Covey Cc: Housley, Russ; ietf-pkix@imc.org Subject: Re: X.509 Extensions Enhancements On Tue, Jun 12, 2001 at 10:43:50AM -0700, Carlin Covey wrote: > Some people interpret X.680/690 as requiring that the DER encoding > omit trailing zeros from such a named bit string. I (with some concurrence > from the X.509 folks) believe that this is an error. X.680/690 say that > trailing UNUSED bits are to be omitted. Bits (7) and (8) WERE unused, > and certificates issued in ignorance of the newly defined bits should > omit them. But certificates issued in cognizance of the newly defined bits > should include these bits as either 1 or 0, as appropriate. I have no idea how one could read this out of X.680 and X.690. X.680 (12/97), section 21.7, says When a "NamedBitList" is used in defining a bitstring type ASN.1 encoding rules are free to add (or remove) arbitrarily many trailing 0 bits to (or from) values that are being encoded or decoded. Application designers should therefore ensure that different semantics are not associated with such values which differ only in the number of trailing 0 bits. X.690 (12/97), section 11.2.2, says Where ITU-T Rec. X.680 | ISO/IEC 8824-1, 21.7, applies, the bitstring shall have all trailing 0 bits removed before it is encoded. (Section 11 is entitled "Restrictions on BER employed by both CER and DER", section 11.2 is entitled "Unused bits".) This looks pretty clear to me: Trailing zeros in named bit strings are forbidden in DER, period. -- Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
- X.509 Extensions Enhancements Housley, Russ
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Charles W. Gardiner
- Re: X.509 Extensions Enhancements Dean Povey
- Re: X.509 Extensions Enhancements Hoyt L. Kesterson II
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements David A. Cooper
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- Re: X.509 Extensions Enhancements Bodo Moeller
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements David P. Kemp
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements David A. Cooper