Re: draft-ietf-pkix-rfc3770bis-01: OID Import
Peter Sylvester <Peter.Sylvester@edelweb.fr> Thu, 14 April 2005 17:51 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06198 for <pkix-archive@lists.ietf.org>; Thu, 14 Apr 2005 13:51:47 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3EH7Yr5041191; Thu, 14 Apr 2005 10:07:34 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j3EH7YvM041190; Thu, 14 Apr 2005 10:07:34 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3EH7WP0041182 for <ietf-pkix@imc.org>; Thu, 14 Apr 2005 10:07:33 -0700 (PDT) (envelope-from Peter.Sylvester@edelweb.fr)
Received: from chandon.edelweb.fr (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id j3EH7Un26281; Thu, 14 Apr 2005 19:07:30 +0200 (MEST)
Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/2.0); Thu, 14 Apr 2005 19:07:30 +0200 (MET DST)
Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id j3EH7Uj02411; Thu, 14 Apr 2005 19:07:30 +0200 (MEST)
Date: Thu, 14 Apr 2005 19:07:30 +0200
From: Peter Sylvester <Peter.Sylvester@edelweb.fr>
Message-Id: <200504141707.j3EH7Uj02411@chandon.edelweb.fr>
To: Peter.Sylvester@edelweb.fr, housley@vigilsec.com
Subject: Re: draft-ietf-pkix-rfc3770bis-01: OID Import
Cc: ietf-pkix@imc.org
X-Sun-Charset: US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
>
> Note: I am starting a separate thread for each of the unresolved
> issues. I hope this draws more people into the discussion.
>
> Peter:
>
> > > >4 *** The OID arcs should be imported from
> > > >
> > > >
> > > >IMPORTS
> > > >
> > > > id-pe, id-kp
> > > > FROM PKIX1Explicit88 { iso(1) identified-organization(3)
> > > > dod(6) internet(1) security(5) mechanisms(5) pkix(7)
> > > > id-mod(0) id-pkix1-explicit(18) }
> > > >
> > > > id-aca FROM
> > > > PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
> > > > internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
> > > > id-mod-attribute-cert(12)}
> > >
> > > This is a matter of taste. Neither approach leads to implementation
> > issues.
> >
> >Since, as you say, there are no implmentation issues. but this is not
> >a matter of taste. Importing the correct definition is something else
> >that making the 'hopefully' identical one.
> >
> >There is ONE authoritive place to have 'this' id-aca defined.
> >(and another id-aca elsewhere)
>
> I do not know about other people, but would rather avoid IMPORT statements
> for simple things. IMPORT is a great tool for complex structures, but for
> a simple constant, it is not worth the effort.
Now you say that it is not a matter of taste.
By the way, further down the example is an import of something that is NOT SIMPLE.
Using this technique requires to keep track of all copies, and IF a
copied definitions changes slightly in the main definition module
THEN you get inconsistencies.
> I have had to make edits to old ASN.1 modules to avoid errors that are
> introduced when one modules imports stuff from another that imports stuff
> from another that imports stuff from another. The changes are almost
> always in parts that are not needed for the part that is needed. I'll give
> a recent example.
>
> RFC 2634 imports from CMS. The ASN.1 module says:
>
> -- RFC 2630: Cryptographic Message Syntax (CMS)
> ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier
> FROM CryptographicMessageSyntax
> { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
> pkcs-9(9) smime(16) modules(0) cms(1) }
>
> I needed to change this to:
>
> -- RFC 3852: Cryptographic Message Syntax (CMS)
> ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier
> FROM CryptographicMessageSyntax2004
> { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
> pkcs-9(9) smime(16) modules(0) cms-2004(24) }
>
> Why? It did not have anything to do with ContentType,
> IssuerAndSerialNumber, or SubjectKeyIdentifier. It had to do with
> something else in the RFC 2630 module.
Do you mean the usage of 'Name' which is used in IssuerAndSerialNumber?
You don't change the definition of a module. You make a new one.
I don't see the point.
> I would rather not have to make these kinds of edits, so I prefer to
> duplicate simple constants like OID arcs.
And what has this to do with an import of a constant?
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Russ Housley
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import David P. Kemp
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester