Re: [pkix] Signature Verification and DER requirements
"Erik Andersen" <era@x500.eu> Fri, 15 May 2015 14:12 UTC
Return-Path: <era@x500.eu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA5181A8711 for <pkix@ietfa.amsl.com>; Fri, 15 May 2015 07:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.579
X-Spam-Level: **
X-Spam-Status: No, score=2.579 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DK=1.009, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMT705ntyk7k for <pkix@ietfa.amsl.com>; Fri, 15 May 2015 07:12:46 -0700 (PDT)
Received: from mail04.dandomain.dk (mail04.dandomain.dk [194.150.112.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAAE11A9027 for <pkix@ietf.org>; Fri, 15 May 2015 07:12:39 -0700 (PDT)
Received: from Morten ([62.44.135.25]) by mail04.dandomain.dk (DanDomain Mailserver) with ASMTP id 4201505151612365525 for <pkix@ietf.org>; Fri, 15 May 2015 16:12:36 +0200
From: Erik Andersen <era@x500.eu>
To: 'IETF PKIX' <pkix@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AB020EBB@uxcn10-tdc05.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB020EBB@uxcn10-tdc05.UoA.auckland.ac.nz>
Date: Fri, 15 May 2015 16:12:32 +0200
Message-ID: <000001d08f19$3210caa0$96325fe0$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJTWJbGz2/yhOHJtiOftGAx2g1knJx3JK1w
Content-Language: en-gb
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/jEXmtT__M6Wkq1s0L5XqMxf2gfQ>
Subject: Re: [pkix] Signature Verification and DER requirements
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 14:12:48 -0000
As Peter states. It is confusing, and I am not sure how to get it right. RFC 5280 in 4.1 say: For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER). This sentence could be read that the certificate when transmitted does not have to be DER encoded. Both RFC 5280 and X.509 requires an extension, which is encapsulated in an octet string, to be DER encoded. We tried to make the DER encoding mandatory in a technical corrigendum, but we got a ballot comment from Japan saying: "The proposed change will break the backward compatibility. In the current (from the first to the seventh) edition, the TBSCertificate data type may be encoded using the BER, if it is temporally encoded using the DER during the HASH and the ENCRYPTED-HASH calculation. The mandate of DER encoding will exclude such certificates." The Japene comment suggested the following text: "It shall be encoded using the BER or the DER, though the DER encoding is required when the validation of SIGNED type is performed. It is (strongly) recommended to use the DER at all times, if no attention to the backward compatibility with the earlier editions of this specification is necessary." Since 1997 the following has been included in X.509. "Generating distinguished encoding requires the abstract syntax of the data to be encoded to be fully understood. An entity may be required to sign data or check the signature of data that is already signed or contains unknown protocol extensions or unknown attribute syntaxes. The entity shall follow these rules: It shall preserve the encoding of received information whose abstract syntax it does not fully know and which it expects to subsequently sign. When signing data for sending, it shall send data whose syntax it fully knows with a distinguished encoding and any other data with its preserved encoding, and shall sign the actual encoding it sends. When checking signatures in received data, it shall check the signature against the actual data received rather than its conversion of the received data to a distinguished encoding." This text seems to assume that a certificate shall always be DER encoded I am interested in comments. Kind regards, Erik -----Oprindelig meddelelse----- Fra: pkix [mailto:pkix-bounces@ietf.org] På vegne af Peter Gutmann Sendt: 14 May 2015 19:58 Til: IETF PKIX Emne: Re: [pkix] Signature Verification and DER requirements Jeffrey Walton <noloader@gmail.com> writes: >What is the expected behavior when complying software that expects DER >consumes a non-DER encoded certificate during signature verification? The expected behaviour is random, some will accept it, some will reject it. When I say "random" I mean it really is a coin-toss, you should be OK with not sorting the attributes in a SET OF, but there are implementations out there that check for it and will complain about it. My code sorts (in order to deal with said implementations), but doesn't check for sortedness when processing things. Peter. _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- [pkix] Signature Verification and DER requirements Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Martin Rex
- Re: [pkix] Signature Verification and DER require… Erwann Abalea
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Anders Rundgren
- Re: [pkix] Signature Verification and DER require… Bruce Stephens
- Re: [pkix] Signature Verification and DER require… Peter Gutmann
- Re: [pkix] Signature Verification and DER require… Stephen Farrell
- Re: [pkix] Signature Verification and DER require… Erik Andersen
- Re: [pkix] Signature Verification and DER require… Martin Rex
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Santosh Chokhani
- Re: [pkix] Signature Verification and DER require… Erik Andersen
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton