Re: draft-ietf-pkix-rfc3770bis-01: OID Import
Peter Sylvester <Peter.Sylvester@edelweb.fr> Fri, 15 April 2005 09:01 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA09210 for <pkix-archive@lists.ietf.org>; Fri, 15 Apr 2005 05:01:31 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3F8PKp1083822; Fri, 15 Apr 2005 01:25:20 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j3F8PKqo083821; Fri, 15 Apr 2005 01:25:20 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3F8PIMf083805 for <ietf-pkix@imc.org>; Fri, 15 Apr 2005 01:25:18 -0700 (PDT) (envelope-from Peter.Sylvester@edelweb.fr)
Received: from chandon.edelweb.fr (localhost [127.0.0.1]) by edelweb.fr (8.11.7p1+Sun/8.11.7) with ESMTP id j3F8PHn07998; Fri, 15 Apr 2005 10:25:17 +0200 (MEST)
Received: from chandon.edelweb.fr (chandon.edelweb.fr [193.51.14.162]) by edelweb.fr (nospam/2.0); Fri, 15 Apr 2005 10:25:17 +0200 (MET DST)
Received: (from peter@localhost) by chandon.edelweb.fr (8.11.7p1+Sun/8.11.7) id j3F8PGB03451; Fri, 15 Apr 2005 10:25:16 +0200 (MEST)
Date: Fri, 15 Apr 2005 10:25:16 +0200
From: Peter Sylvester <Peter.Sylvester@edelweb.fr>
Message-Id: <200504150825.j3F8PGB03451@chandon.edelweb.fr>
To: Peter.Sylvester@edelweb.fr, housley@vigilsec.com
Subject: Re: draft-ietf-pkix-rfc3770bis-01: OID Import
Cc: ietf-pkix@imc.org
X-Sun-Charset: US-ASCII
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
> >
> >Now you say that it is not a matter of taste.
>
> No. I shared the reason that I prefer to include the OIDs rather than
> IMPORTing them. They both work.
I say that what you give as a reason is not a matter of taste.
And your reasoning tries to just justify technical hack.
What you are technically doing is to define a new element in the
pkix kp arc in this module. I have not see that you have obtained
authorisation to do this from the owner of the pkix kp arc.
> >By the way, further down the example is an import of something that is NOT
> >SIMPLE.
> >
> >Using this technique requires to keep track of all copies, and IF a
> >copied definitions changes slightly in the main definition module
> >THEN you get inconsistencies.
>
> True. Neither of the alternatives is perfect. They have different kinds
> of pain.
There is nothing wrong in IMPORT in this particular case.
IMO it is PERFECTLY in line with all (what I know) of ASN1 etc.
We are not etalking about pains created by difficulties of correct
organisation of ASN.1 modules or using current and non-obsolete syntax
versions.
> > > I have had to make edits to old ASN.1 modules to avoid errors that are
> > > introduced when one modules imports stuff from another that imports stuff
> > > from another that imports stuff from another. The changes are almost
> > > always in parts that are not needed for the part that is needed. I'll
> > give
> > > a recent example.
> > >
> > > RFC 2634 imports from CMS. The ASN.1 module says:
> > >
> > > -- RFC 2630: Cryptographic Message Syntax (CMS)
> > > ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier
> > > FROM CryptographicMessageSyntax
> > > { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
> > > pkcs-9(9) smime(16) modules(0) cms(1) }
> > >
> > > I needed to change this to:
> > >
> > > -- RFC 3852: Cryptographic Message Syntax (CMS)
> > > ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier
> > > FROM CryptographicMessageSyntax2004
> > > { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
> > > pkcs-9(9) smime(16) modules(0) cms-2004(24) }
> > >
> > > Why? It did not have anything to do with ContentType,
> > > IssuerAndSerialNumber, or SubjectKeyIdentifier. It had to do with
> > > something else in the RFC 2630 module.
> >
> >Do you mean the usage of 'Name' which is used in IssuerAndSerialNumber?
> >You don't change the definition of a module. You make a new one.
> >I don't see the point.
>
> This module also had in import from RFC 3280, and the RFC 2634 imported
> from RFC 2630, which had an import from RFC 2459, there was some
> conflict. I do not recall more detail than that. By shifting the import
> to RFC 3852, the subordinate import shifted to RFC 3280, resolving the
> conflict.
Sorry, arguments that are not explained have no meaning to me.
Anyway, if there was a problem and a REAL conflict, i.e. a different
definition, then duplication of the elements using same name
would have created more problems because you don't keep track.
if in your case the definitions do not change, I don't see why
you need to import then from a different place.
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Russ Housley
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import David P. Kemp
- Re: draft-ietf-pkix-rfc3770bis-01: OID Import Peter Sylvester