Re: Distinguished names and X509v3 extension OIDs (fwd)
dpkemp@missi.ncsc.mil (David P. Kemp) Tue, 01 April 1997 14:13 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id GAA10519; Tue, 1 Apr 1997 06:13:42 -0800
Received: from guardian.guard.ncsc.mil by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id GAA10510; Tue, 1 Apr 1997 06:13:39 -0800
Received: (from uucp@localhost) by guardian.guard.ncsc.mil (8.6.12/8.6.9) id JAA29210; Tue, 1 Apr 1997 09:13:19 -0500
Received: from depot(144.51.53.1) by guardian via smap (V1.3) id sma029208; Tue Apr 1 09:13:09 1997
Received: from argon.ncsc.mil (argon.missi.ncsc.mil [144.51.56.1]) by depot.missi.ncsc.mil (8.6.12/8.6.9) with ESMTP id JAA28082; Tue, 1 Apr 1997 09:10:15 -0500
Received: by argon.ncsc.mil (SMI-8.6/SMI-SVR4) id JAA05691; Tue, 1 Apr 1997 09:12:42 -0500
Date: Tue, 01 Apr 1997 09:12:42 -0500
From: dpkemp@missi.ncsc.mil
Message-Id: <199704011412.JAA05691@argon.ncsc.mil>
To: ietf-pkix@tandem.com
Subject: Re: Distinguished names and X509v3 extension OIDs (fwd)
Cc: ssl-users@mincom.oz.au
X-Sun-Charset: US-ASCII
> From wford@verisign.com Mon Mar 31 16:45:05 1997 > > We certainly looked first at the more obvious options such as ANY DEFINED > BY and EXTERNAL but were forced to reject them. I think what you are > saying you would prefer is essentially the ANY DEFINED BY option, i.e., (in > shorthand) SEQUENCE { oid, boolean, ANY DEFINED BY oid }. Yes. > > >From recollection, the problem with the ANY DEFINED BY approach is as > follows. Recall that a certificate is not necessarily transmitted > everywhere encoded in DER. Some certificate-carrying protocols use > BER-encoding. This is why a cert using system may need to regenerate the > DER encoding of the cert when verifying the signature. Recall also that > intermediate systems through which a cert traverses may decode and recode > certs differently (e.g., if BER is in use, a system may re-encode a cert > with a different BER encoding than that in which it was received). In the > case of an extension, such a change of encoding might occur in any system > that recognizes the extension OID and the corresponding ASN.1 type for the > extension value. > > Now, when it comes to validating a cert, note that certs that contain > unrecognized extensions may still be perfectly valid and usable (provided > every unrecognized extension is flagged noncritical). But, if it is > possible for the bit-representation of an unrecognized extension to have > changed in transit, how can the cert-using system generate the required > canonical encoding to verify the cert's signature? > > The level of indirection gained through the OCTET STRING overcomes this > problem. Intermediate systems are not permitted to change the encoding of > an extension at the inner level, since it is mandated to always be DER. > And changing the encoding of the octet string itself is not a problem as > you can always regenerate the DER encoding of an OCTET STRING. > > Hope this helps, > Warwick (Ford) Warwick, Thanks for the cogent explanation - it helps to understand the rationale. I'll have to think some more about the conclusion though. I believe that it is always possible for BER/CER/DER software, having no knowledge of specific extensions, or even of the X.509 certificate structure itself, to take an arbitrarily-coded BER structure and recode it in DER. It certainly seems to be true for the elements commonly found in certificates (UNIVERSAL and CONTEXT elements). It should also be true for APPLICATION and PRIVATE elements, because the DER restriction rules are not specified for them: if an APPLICATION element has two different BER encodings (not counting differences in UNIVERSAL subelements) then it also has two different DER encodings, therefore that particular APPLICATION element cannot be used in the signed portion of a certificate. If anyone has a counterexample - a BER transfer string that cannot be converted to DER without knowledge of the ASN.1 definition, I'd like to see it. Thanks, Dave Kemp
- Re: Distinguished names and X509v3 extension OIDs… Eric Young
- Re: Distinguished names and X509v3 extension OIDs… Warwick Ford
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- RE: Distinguished names and X509v3 extension OIDs… Andrew Probert
- Re: Distinguished names and X509v3 extension OIDs… Charles W. Gardiner
- Re: Distinguished names and X509v3 extension OIDs… Warwick Heath
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- Re: Distinguished names and X509v3 extension OIDs… Ben Laurie
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp