IETF Logo Mail Archive

RE: X.509 Extensions Enhancements

"David A. Cooper" <david.cooper@nist.gov> Thu, 28 June 2001 22:44 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA16648 for <pkix-archive@odin.ietf.org>; Thu, 28 Jun 2001 18:44:02 -0400 (EDT)
Received: by above.proper.com (8.11.3/8.11.3) id f5SLo4l27577 for ietf-pkix-bks; Thu, 28 Jun 2001 14:50:04 -0700 (PDT)
Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5SLo3m27573 for <ietf-pkix@imc.org>; Thu, 28 Jun 2001 14:50:03 -0700 (PDT)
Received: from krdp2 (krdp2.ncsl.nist.gov [129.6.54.107]) by email.nist.gov (8.9.3/8.9.3) with ESMTP id RAA12691 for <ietf-pkix@imc.org>; Thu, 28 Jun 2001 17:50:05 -0400 (EDT)
Message-Id: <4.2.2.20010628173438.00a232d0@email.nist.gov>
X-Sender: cooper@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Thu, 28 Jun 2001 17:49:15 -0400
To: ietf-pkix@imc.org
From: "David A. Cooper" <david.cooper@nist.gov>
Subject: RE: X.509 Extensions Enhancements
In-Reply-To: <KHEDLMGGCCGHDAAKNAFOOEONCAAA.ccovey@cylink.com>
References: <200106281758.NAA21300@stingray.missi.ncsc.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

At 01:22 PM 6/28/01 -0700, Carlin Covey wrote:

>David,
>
>I am persuaded that X.680 & X.690 do intend the "delete all
>trailing zeros" interpretation, despite the ambiguities in
>crucial sentences.
>
>I appreciate your taking the time to respond to my posting.
>You have stated your position well, and I think you have probably
>captured the essence of David's logic.

Yes. The way that I read X.680, when dealing with a NamedBitList, all of the following bit strings must have the same meaning:

10110000
1011
10110
101100000000000000000000000000000000000000000000000
1011000000000

Since they all have the same meaning, we must select one as the "distinguished" encoding for all of them.

>However, it seems to me that any agreed-upon number of trailing
>zeros would have served the purposes of DER.  I agree
>that the shortest such bit string is more rational than longer
>encodings.

I suppose the rule could be "include the minimum number of trailing zeros necessary to make the length of the bit string a multiple of 8", but the simplest rule is just to require that all trailing zeros be removed.

>By the way, Bodo and Tom have both pointed out that the
>last bit must be a 1, so the final bit (and indeed any string of 1's
>at the end) is redundant if you know the number of bits that are
>represented in the encoding.  It may have been possible to create
>a shorter encoding that was incrementally more rational.  ;>)

Perhaps, but X.509 requires a distinguished encoding that is also a BER encoding. I suppose we could define a set of distinguished packed encoding rules and then specify an X.509 version 4 that used those rules, but doing so wouldn't be very rationale. :-)


Dave

v2.23.0 | Report a Bug | By Email