IETF Logo Mail Archive

Re: [pkix] [Technical Errata Reported] RFC5912 (3623)

Carl Wallace <carl@redhoundsoftware.com> Thu, 16 May 2013 16:38 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8657B21F8528 for <pkix@ietfa.amsl.com>; Thu, 16 May 2013 09:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zXNLBsjNrQDA for <pkix@ietfa.amsl.com>; Thu, 16 May 2013 09:38:17 -0700 (PDT)
Received: from mail-qa0-x22c.google.com (mail-qa0-x22c.google.com [IPv6:2607:f8b0:400d:c00::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 445C421F898A for <pkix@ietf.org>; Thu, 16 May 2013 09:38:17 -0700 (PDT)
Received: by mail-qa0-f44.google.com with SMTP id hu16so895343qab.3 for <pkix@ietf.org>; Thu, 16 May 2013 09:38:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:user-agent:date:subject:from:to:cc:message-id :thread-topic:in-reply-to:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=SlOdUNjpCCKjCfFiGNa4a1euN5CEUrX6zYDYLX8ny6g=; b=cGlusGHV32/T6zBTzkyXsOtUghE/H6i24kjcBLgZmBx8OagnP3D2AuwQ3V4Sd1rjDw 8hwDrq1pu3Yh8mghwZ7gc96gz3ozGF0/iwGikHfx5XhskPOpYVLxvTgIq8qfl7cfuB8q LZ2i/SmgJFuLz+tkwY93XdZDm98VmNfjylnp4wzIiUGqJWNrn4N9maQ9bqy4Dp7n8s49 Vy1k5S3eFKxR10P9j9mv5ExmSJMgA4HhA9MMhAu3XsT9TjncUaduu7q0aOITerM/O8xa Cgz3WMLAr3l8iBs4eFZEt5HshpsiOWHKHs9O4gcB2ss5OgaJY9ykD5M9BgdmnIXUAavy zsVQ==
X-Received: by 10.224.166.67 with SMTP id l3mr33116116qay.48.1368722296541; Thu, 16 May 2013 09:38:16 -0700 (PDT)
Received: from [192.168.2.7] (pool-173-79-106-247.washdc.fios.verizon.net. [173.79.106.247]) by mx.google.com with ESMTPSA id v1sm7730928qab.8.2013.05.16.09.38.14 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 16 May 2013 09:38:15 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.3.1.130117
Date: Thu, 16 May 2013 12:38:11 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Erwann Abalea <eabalea@gmail.com>, Jim Schaad <jimsch@augustcellars.com>
Message-ID: <CDBA826D.40C59%carl@redhoundsoftware.com>
Thread-Topic: [pkix] [Technical Errata Reported] RFC5912 (3623)
In-Reply-To: <CA+i=0E4AWXcbMH7Q-zNnuRwCsqGqehEsGKn3bZVkDGsGd3L1kQ@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Gm-Message-State: ALoCoQnGsACrWXpVhYSTrMDPvY5OMpoDKd6bk64VPmVsDoYMELCj/fZUhc6hFSwxXVu6pO7+7WrM
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Stefan Santesson <stefan@aaa-sec.com>, jimsch@exmsft.com, Paul Hoffman <paul.hoffman@vpnc.org>, pkix@ietf.org
Subject: Re: [pkix] [Technical Errata Reported] RFC5912 (3623)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2013 16:38:18 -0000

Independent of limit, this should change to use CRLnumber type to
facilitate satisfying the requirement for a big integer.  The CRLNumber
type is used in the prose describing the extension, but not in its
definition.  It is used in the DeltaCRLIndicator definition.

On 5/16/13 12:01 PM, "Erwann Abalea" <eabalea@gmail.com> wrote:

>The certificate serialNumber is limited to [0 .. 256^20] in value.
>The CRLNumber is limited to [-256^20 .. 256^20], it's not said to be a
>positive integer.
>
>2013/5/16 Jim Schaad <jimsch@augustcellars.com>:
>> Reject
>>
>> The serial number MUST be a positive integer assigned by the CA to
>>    each certificate.
>>
>>
>>> -----Original Message-----
>>> From: RFC Errata System [mailto:rfc-editor@rfc-editor.org]
>>> Sent: Thursday, May 16, 2013 12:08 PM
>>> To: paul.hoffman@vpnc.org; jimsch@exmsft.com;
>>>stephen.farrell@cs.tcd.ie;
>>> turners@ieca.com; kent@bbn.com; stefan@aaa-sec.com
>>> Cc: carl@redhoundsoftware.com; pkix@ietf.org; rfc-editor@rfc-editor.org
>>> Subject: [Technical Errata Reported] RFC5912 (3623)
>>>
>>> The following errata report has been submitted for RFC5912, "New ASN.1
>>> Modules for the Public Key Infrastructure Using X.509 (PKIX)".
>>>
>>> --------------------------------------
>>> You may review the report below and at:
>>> http://www.rfc-editor.org/errata_search.php?rfc=5912&eid=3623
>>>
>>> --------------------------------------
>>> Type: Technical
>>> Reported by: Carl Wallace <carl@redhoundsoftware.com>
>>>
>>> Section: 14
>>>
>>> Original Text
>>> -------------
>>>    -- CRL number extension OID and syntax
>>>    ext-CRLNumber EXTENSION ::= {SYNTAX
>>>        INTEGER (0..MAX) IDENTIFIED BY id-ce-cRLNumber }
>>>    id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
>>>
>>>    CRLNumber ::= INTEGER (0..MAX)
>>>
>>> Corrected Text
>>> --------------
>>>    -- CRL number extension OID and syntax
>>>    CRLNumber ::= INTEGER
>>>
>>>    ext-CRLNumber EXTENSION ::= {SYNTAX
>>>        CRLNumber IDENTIFIED BY id-ce-cRLNumber }
>>>    id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
>>>
>>>
>>> Notes
>>> -----
>>> The CRLNumber extension was not defined to use the CRLNumber type.  The
>>> CRLNumber type uses MAX to limit the maximum value.  This limitation is
>>> inconsistent with section 5.2.3 and Appendix B, which allow CRLNumber
>>> values up to 20 octets in length.
>>>
>>> Instructions:
>>> -------------
>>> This errata is currently posted as "Reported". If necessary, please use
>> "Reply
>>> All" to discuss whether it should be verified or rejected. When a
>>>decision
>> is
>>> reached, the verifying party (IESG) can log in to change the status and
>> edit the
>>> report, if necessary.
>>>
>>> --------------------------------------
>>> RFC5912 (draft-ietf-pkix-new-asn1-08)
>>> --------------------------------------
>>> Title               : New ASN.1 Modules for the Public Key
>>>Infrastructure
>> Using
>>> X.509 (PKIX)
>>> Publication Date    : June 2010
>>> Author(s)           : P. Hoffman, J. Schaad
>>> Category            : INFORMATIONAL
>>> Source              : Public-Key Infrastructure (X.509)
>>> Area                : Security
>>> Stream              : IETF
>>> Verifying Party     : IESG
>>
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>
>
>
>--
>Erwann.
>_______________________________________________
>pkix mailing list
>pkix@ietf.org
>https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email