Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

Carl Wallace <> Tue, 02 March 2021 00:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A65F93A25FD for <>; Mon, 1 Mar 2021 16:40:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ArF-eyq2uBS3 for <>; Mon, 1 Mar 2021 16:40:19 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D57E43A25FF for <>; Mon, 1 Mar 2021 16:40:18 -0800 (PST)
Received: by with SMTP id x13so3193658qvj.7 for <>; Mon, 01 Mar 2021 16:40:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=qzIVQ4aqXE1j/xamCOE28U1TeW7l21i6phiF/XZajtw=; b=J3J49FZ5lJTNEDWdxUVZXsNlKxtGLdN9GhRkamudiONUjNAefGx/Iz3UoKuDTCXYlU xFHwFwcH6AaIRZEFyJyWFXi7Cj/XPbhB4LUTTnzKlkT6Ssc9qfa+juNkXRykW7EbEId1 JGN73vZw0bylBWuHMQUYQ8Q3T9/hENjcNbfjA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=qzIVQ4aqXE1j/xamCOE28U1TeW7l21i6phiF/XZajtw=; b=M3x70xPH2l0xKX4ov6zEqWGa2D3V7ahuBXkTnwJi893cJE5Tx6ZB73BWPfBtapFkyj 1CEzEsRjOOyBrMrqW7sR2x9/FDKA9LHlyDXeSllJeFTIW+shAqC+fgkh/isAFnJ+xSe3 NPK4S3cPIhTgUVnnnT9iipLBeVnxTt9GKRjSo8UaDnw1OEDM0mqDT6IzRJRRVLQQDKg/ QZymVIUvAXEBF7EtSSkLuVLCFAmOjo32S9v+/NVDXLI+K5gIUqXoBbWmM2gVohYEFkr5 9h7pLvB8kBlVjE3T3MGnV5L92kU/6ibqIf9gjlqtoQhrTUvgGtMKsgrfSyQd4egrSC3h 1NYg==
X-Gm-Message-State: AOAM531l+T4j8mYejNtw3oNPxLSUOf6FOWTvZzg6KNxqC6/AyJQRCjPD L3U60qMSPRR4QDUPKWKDRXX/19vBVhX9B0e1
X-Google-Smtp-Source: ABdhPJxhYap9djHBNAaEAYEBlmu5tjcmyp6gJD3lEpIYiCIlTh+8oRrlXbyXRdSpF1pniCrXubcBuw==
X-Received: by 2002:a05:6214:80d:: with SMTP id df13mr1370956qvb.55.1614645617021; Mon, 01 Mar 2021 16:40:17 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id f8sm8212569qkk.23.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Mar 2021 16:40:16 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.46.21021202
Date: Mon, 01 Mar 2021 19:40:15 -0500
From: Carl Wallace <>
To: Stefan Santesson <>, Carlisle Adams <>, Russ Housley <>, Erwann Abalea <>
CC: "Roman D. Danyliw" <>, IETF PKIX <>, Ben Kaduk <>
Message-ID: <>
Thread-Topic: [pkix] [Technical Errata Reported] RFC3029 (6444)
References: <> <> <> <> <YTXPR0101MB110157FF4F373702155B2361A29A9@YTXPR0101MB1101.CANPRD01.PROD.OUTLOOK.COM> <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3697472415_1475778308"
Archived-At: <>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Mar 2021 00:40:22 -0000

The IMPLICIT default for the module containing the DistributionPointName definition does not apply to these CHOICE types. See this snip from X.680:


“30.6 The tagging construction specifies explicit tagging if any of the following holds:

a) the "Tag EXPLICIT Type" alternative is used;

b) the "Tag Type" alternative is used and the value of "TagDefault" for the module is either EXPLICIT

TAGS or is empty;

c) the "Tag Type" alternative is used and the value of "TagDefault" for the module is IMPLICIT TAGS or

AUTOMATIC TAGS, but the type defined by "Type" is an untagged choice type, an untagged open type, or

an untagged "DummyReference" (see ITU-T Rec. X.683 | ISO/IEC 8824-4, 8.3).”


Option c) is in effect. The “untagged choice type” lingo is confusing on first read and the term is not defined but “tagged type” is defined:


“30.1 The notation for a tagged type shall be "TaggedType":

TaggedType ::=

                Tag Type

                                | Tag IMPLICIT Type 

                                | Tag EXPLICIT Type”


Since the CHOICE definitions here are not TaggedTypes, EXPLICIT is in effect.


The DVCS module also uses an IMPLICIT default and is not using TaggedTypes, so same would apply there too. 


From: pkix <> on behalf of Stefan Santesson <>
Date: Monday, March 1, 2021 at 4:54 PM
To: Carlisle Adams <>ca>, Russ Housley <>om>, Erwann Abalea <>
Cc: "Roman D. Danyliw" <>rg>, IETF PKIX <>rg>, Ben Kaduk <>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)


I think there is a need for clarification and to correct the “Integer -> INTEGER” issue.

But I don’t think it is appropriate to change any ASN.1 to attempt to fix neither the implicit tagging or the ambiguity of the “Data” type.


Here is my motivation.

On the nested implicit tagged object we have a similar issue with Distribution Point in RFC 5280:


   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint


   DistributionPoint ::= SEQUENCE {

        distributionPoint       [0]     DistributionPointName OPTIONAL,

        reasons                 [1]     ReasonFlags OPTIONAL,

        cRLIssuer               [2]     GeneralNames OPTIONAL }


   DistributionPointName ::= CHOICE {

        fullName                [0]     GeneralNames,

        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }


Here we have the Implicitly tagged DistributionPointName containing the implicitly tagged choice of GeneralNames or RelativeDistinguishedName.

I’m not an ASN.1 expert, but this is solved by implementations by converting the outer tag to an explicit tag.

E.g. when GeneralNames is used it is represented by [0][0]{GeneralNames length and value}


I assume that the same principle must apply to CertEtcToken.


On the “Data” structure it turns out that there are 4 different service types:


   - Certification of Possession of Data (cpd),

   - Certification of Claim of Possession of Data (ccpd),

   - Validation of Digitally Signed Document (vsd), and

   - Validation of Public Key Certificates (vpkc).

Where cpd and vsd always use message, ccpd always use messageImprint and vpkc always use sequence of TargetEtcChain


So, even if this is not great, it is still possible to implement the protocol, given that you know what service that use the “Data” type.

This is in fact how the implementation pointed out by Russ implements this:

Se the ”getInstance()” function at line 90:


My conclusion is that the protocol has design flaws, but it is not the task of an errata to fix design flaws.

Fixing design flaws is the task of a protocol update. But I don’t think there is a good motivation to put the efforts into releasing a new version of this protocol.

As it is, the protocol is at least implementable, demonstrated by the linked code.



Stefan Santesson 


From: Carlisle Adams <>
Date: Monday, 1 March 2021 at 17:23
To: Russ Housley <>om>, Erwann Abalea <>
Cc: "Roman D. Danyliw" <>rg>, Ben Kaduk <>du>, Stefan Santesson <>om>, IETF PKIX <>
Subject: RE: [pkix] [Technical Errata Reported] RFC3029 (6444)


Hi Russ, all,


I agree that these errors need fixing because there doesn’t seem to be an easy way to get around them otherwise.  I also agree with Stefan that this is probably an indication that DVCS was never widely implemented…  L





From: Russ Housley <> 
Sent: February-28-21 5:26 PM
To: Erwann Abalea <>
Cc: Roman D. Danyliw <>rg>; Ben Kaduk <>du>; Stefan Santesson <>om>; IETF PKIX <>rg>; Carlisle Adams <>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)


Attention : courriel externe | external email



Le sam. 27 févr. 2021 à 08:45, Russ Housley <> a écrit :

I guess I should have held off on reporting this ASN.1 error.  Once I corrected it, I discovered two errors that I do not know how to fix.

There is an implementation somewhere because Appendix F contains examples.  I do not know how the implementer got around these two problems.


CertEtcToken ::= CHOICE {
     certificate                  [0] IMPLICIT Certificate ,
     esscertid                    [1] ESSCertId ,
     pkistatus                    [2] IMPLICIT PKIStatusInfo ,
     assertion                    [3] ContentInfo ,
     crl                          [4] IMPLICIT CertificateList,
     ocspcertstatus               [5] IMPLICIT CertStatus,
     oscpcertid                   [6] IMPLICIT CertId ,
     oscpresponse                 [7] IMPLICIT OCSPResponse,
     capabilities                 [8] SMIMECapabilities,
     extension                    Extension{{ExtensionSet}}

CertEtcToken is a CHOICE with tags 0 through 8, but CertStatus CHOICE with tags 0 through 2.  You cannot nest a CHOICE in another CHOICE is the IMPLICIT tags overlap.

The use of EXPLICIT tagging would have solved the problem, but the authors clearly preferred IMPLICIT tags.


Here, it's easy. The outermost IMPLICIT tag is transformed into an EXPLICIT one by the ASN.1 compiler (it will probably emit a warning, though).


Yes, I am aware of that possibility of fixing the specification, but it is unclear what an implementer would do with a ASN.1 module with compilation errors, or a warning that inserts a EXPLICIT.



DigestInfo ::= SEQUENCE {
    digestAlgorithm   DigestAlgorithmIdentifier,
    digest            Digest

Data ::= CHOICE {
      message           OCTET STRING ,
      messageImprint    DigestInfo,
      certs             SEQUENCE SIZE (1..MAX) OF

DigestInfo is a SEQUENCE, and certs is a SEQUENCE, so the two have the same tag.  A recipient cannot tell which one the sender intended.


For this one, there's clearly no solution. Tagging would have solved it (any kind of tagging mode), but it's missing.


Indeed, at lease one of the SEQUENCE needs a tag.




_______________________________________________ pkix mailing list