Re: Matching CertIDs between OCSP requests and responses
Jonathan.Tuliani@symbian.com Tue, 20 March 2001 16:43 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA12666 for <pkix-archive@odin.ietf.org>; Tue, 20 Mar 2001 11:43:56 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id IAA03615; Tue, 20 Mar 2001 08:43:02 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 20 Mar 2001 08:42:54 -0800
Received: from smtp02.symbian.com (smtp02.symbian.com [194.200.144.248]) by above.proper.com (8.9.3/8.9.3) with ESMTP id IAA03577 for <ietf-pkix@imc.org>; Tue, 20 Mar 2001 08:42:52 -0800 (PST)
From: Jonathan.Tuliani@symbian.com
Received: from SymbianUK05.Symbian.com (unverified) by smtp02.symbian.com (Content Technologies SMTPRS 4.1.2) with ESMTP id <T0a9b023c526954e807@smtp02.symbian.com>; Tue, 20 Mar 2001 16:41:30 +0000
Subject: Re: Matching CertIDs between OCSP requests and responses
To: Jeff Jacoby <jjacoby@rsasecurity.com>
Cc: ietf-pkix@imc.org
X-Mailer: Lotus Notes Release 5.0.4a July 24, 2000
Message-ID: <OFB3DFBE89.83F18BDE-ON80256A15.005AC340@Symbian.com>
Date: Tue, 20 Mar 2001 16:40:13 +0000
X-Priority: 3 (Normal)
X-MIMETrack: Serialize by Router on SymbianUK05/Symbian(Release 5.0.1b (Intl)|30 September 1999) at 20/03/2001 04:41:59 PM
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Jeff, all, I believe that if something is DER, then its components should also be. However, I'm willing to be corrected if someone else wishes to comment. You're right in your observations that people aren't as strict as they might be in how they write the specifications. I have certainly found the phrasing in certain areas unclear or ambiguous. This is also true of how the specifications are then implemented - I've found several minor transgressions of RFC 2456/2560 that simply required me to relax our code a little. On the whole, DER is what people are using, so you'd be best to stick to that. My advice would be that as far as is possible (and safe) you should be strict in what you encode, and generous in what you decode. And there is no substitute for interoperability testing. Jonathan ------------ Dr Jonathan Tuliani www.symbian.com Jeff Jacoby <jjacoby@rsasec To: ietf-pkix@imc.org urity.com> cc: Subject: Re: Matching CertIDs between OCSP requests and responses 20/03/01 16:17 Jonathan, [some snippage] Reading both 2560 and the draft for v2, I see this regarding DER encoding: 1. Before calculainting hashs and signatures DER is specified in various sections 2. In section 4.1.1 Request Syntax, aside from items noted in 1. above, there is no other mention of a DER encoding requirment for requests or any part of the request 3. In section 4.2.1 ASN.1 Specification of the OCSP Response, there is an explicit statement that DER shall be used for encoding of BasicOCSPResonse 4. Appendix A OCSP over HTTP, there are explicit statements that DER is to be used (but no use of "SHALL" or "MUST") for both request and responses On point 3 alone -- and this may show off my ignorance of ASN.1 -- does saying that BasicOCSPResponse must be DER encoded ALSO mean all subbordinate components must be DER encoded as well? On points 2 and 4 together, it seems that if I use another transport protocol I'm allowed to encode my requests in BER. Is this right? Jeff ********************************************************************** Symbian Ltd is a company registered in England and Wales with registered number 01796587 and registered office at 19 Harcourt Street, London, W1H 4HF, UK. This message is intended only for use by the named addressee and may contain privileged and/or confidential information. If you are not the named addressee you should not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify postmaster@symbian.com and delete the message and any attachments accompanying it immediately. Symbian does not accept liability for any corruption, interception, amendment, tampering or viruses occuring to this message in transit or for any message sent by its employees which is not in compliance with Symbian corporate policy. **********************************************************************
- Matching CertIDs between OCSP requests and respon… Jonathan.Tuliani
- RE: Matching CertIDs between OCSP requests and re… Michael Myers
- RE: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- Re: Matching CertIDs between OCSP requests and re… Peter Gutmann
- Re: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- Re: Matching CertIDs between OCSP requests and re… Peter Gutmann
- Re: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- RE: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- RE: Matching CertIDs between OCSP requests and re… Peter Gutmann
- RE: Matching CertIDs between OCSP requests and re… Ambarish Malpani
- RE: Matching CertIDs between OCSP requests and re… Michael Myers
- Re: Matching CertIDs between OCSP requests and re… Dr S N Henson
- RE: Matching CertIDs between OCSP requests and re… Ambarish Malpani
- RE: Matching CertIDs between OCSP requests and re… Grant, Alistair
- Re: Matching CertIDs between OCSP requests and re… Jeff Jacoby
- Re: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- Re: Matching CertIDs between OCSP requests and re… Jeff Jacoby
- Re: Matching CertIDs between OCSP requests and re… Jonathan.Tuliani
- Re: Matching CertIDs between OCSP requests and re… Peter Gutmann
- some thoughts re DPD and DPV Stephen Kent
- RE: some thoughts re DPD and DPV Michael Myers
- Re: some thoughts re DPD and DPV Paul Hoffman / IMC
- Re: some thoughts re DPD and DPV Liaquat Khan
- RE: some thoughts re DPD and DPV Carlin Covey
- RE: some thoughts re DPD and DPV Carlin Covey
- Re: some thoughts re DPD and DPV Liaquat Khan
- Re: some thoughts re DPD and DPV Denis Pinkas
- Re: some thoughts re DPD and DPV Stephen Farrell
- Re: some thoughts re DPD and DPV Denis Pinkas
- Re: some thoughts re DPD and DPV Stephen Farrell
- Re: some thoughts re DPD and DPV Denis Pinkas
- Re: some thoughts re DPD and DPV Stephen Farrell
- RE: some thoughts re DPD and DPV Carlin Covey
- RE: some thoughts re DPD and DPV Carlin Covey
- Re: some thoughts re DPD and DPV Denis Pinkas
- Re: some thoughts re DPD and DPV Stephen Kent
- RE: some thoughts re DPD and DPV Stephen Kent
- Re: some thoughts re DPD and DPV Paul Hoffman / IMC
- Re: some thoughts re DPD and DPV Stephen Kent
- RE: some thoughts re DPD and DPV Stephen Kent
- Re: some thoughts re DPD and DPV Stephen Kent
- Re: some thoughts re DPD and DPV Paul Hoffman / IMC
- Re: some thoughts re DPD and DPV Stephen Kent
- slides anyone Stephen Kent