Re: X.509 Extensions Enhancements
Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Wed, 13 June 2001 08:57 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA17621 for <pkix-archive@odin.ietf.org>; Wed, 13 Jun 2001 04:57:23 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5D88IZ22026 for ietf-pkix-bks; Wed, 13 Jun 2001 01:08:18 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5D88GJ22022 for <ietf-pkix@imc.org>; Wed, 13 Jun 2001 01:08:16 -0700 (PDT)
Received: from cdc-ws1.cdc.informatik.tu-darmstadt.de (cdc-ws1 [130.83.23.82]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with ESMTP id B4F642C89; Wed, 13 Jun 2001 10:08:15 +0200 (MET DST)
Received: (from moeller@localhost) by cdc-ws1.cdc.informatik.tu-darmstadt.de (8.9.3+Sun/8.9.3) id KAA12709; Wed, 13 Jun 2001 10:08:14 +0200 (MEST)
Date: Wed, 13 Jun 2001 10:08:14 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Carlin Covey <ccovey@cylink.com>
Cc: "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org
Subject: Re: X.509 Extensions Enhancements
Message-ID: <20010613100813.B12609@cdc.informatik.tu-darmstadt.de>
Mail-Followup-To: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>, Carlin Covey <ccovey@cylink.com>, "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org
References: <5.0.1.4.2.20010612120440.02009ef8@exna07.securitydynamics.com> <KHEDLMGGCCGHDAAKNAFOCEKDCAAA.ccovey@cylink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2i
In-Reply-To: <KHEDLMGGCCGHDAAKNAFOCEKDCAAA.ccovey@cylink.com>; from ccovey@cylink.com on Tue, Jun 12, 2001 at 10:43:50AM -0700
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Content-Transfer-Encoding: 8bit
On Tue, Jun 12, 2001 at 10:43:50AM -0700, Carlin Covey wrote: > Some people interpret X.680/690 as requiring that the DER encoding > omit trailing zeros from such a named bit string. I (with some concurrence > from the X.509 folks) believe that this is an error. X.680/690 say that > trailing UNUSED bits are to be omitted. Bits (7) and (8) WERE unused, > and certificates issued in ignorance of the newly defined bits should > omit them. But certificates issued in cognizance of the newly defined bits > should include these bits as either 1 or 0, as appropriate. I have no idea how one could read this out of X.680 and X.690. X.680 (12/97), section 21.7, says When a "NamedBitList" is used in defining a bitstring type ASN.1 encoding rules are free to add (or remove) arbitrarily many trailing 0 bits to (or from) values that are being encoded or decoded. Application designers should therefore ensure that different semantics are not associated with such values which differ only in the number of trailing 0 bits. X.690 (12/97), section 11.2.2, says Where ITU-T Rec. X.680 | ISO/IEC 8824-1, 21.7, applies, the bitstring shall have all trailing 0 bits removed before it is encoded. (Section 11 is entitled "Restrictions on BER employed by both CER and DER", section 11.2 is entitled "Unused bits".) This looks pretty clear to me: Trailing zeros in named bit strings are forbidden in DER, period. -- Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
- X.509 Extensions Enhancements Housley, Russ
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Charles W. Gardiner
- Re: X.509 Extensions Enhancements Dean Povey
- Re: X.509 Extensions Enhancements Hoyt L. Kesterson II
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements David A. Cooper
- RE: X.509 Extensions Enhancements Hoyt L. Kesterson II
- Re: X.509 Extensions Enhancements Bodo Moeller
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- Re: X.509 Extensions Enhancements Bodo Moeller
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Tom Gindin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- Re: X.509 Extensions Enhancements David P. Kemp
- Re: X.509 Extensions Enhancements Phil Griffin
- RE: X.509 Extensions Enhancements Carlin Covey
- RE: X.509 Extensions Enhancements David A. Cooper