Re: [pkix] a question of cert (and OCSP) extension syntax
Melinda Shore <melinda.shore@gmail.com> Tue, 31 March 2015 15:51 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29A41AC422 for <pkix@ietfa.amsl.com>; Tue, 31 Mar 2015 08:51:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vaE0MDPjaC0D for <pkix@ietfa.amsl.com>; Tue, 31 Mar 2015 08:51:44 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AD961AC423 for <pkix@ietf.org>; Tue, 31 Mar 2015 08:51:44 -0700 (PDT)
Received: by patj18 with SMTP id j18so23423241pat.2 for <pkix@ietf.org>; Tue, 31 Mar 2015 08:51:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=GMwlIoBhKRycuJ7vd6WvBBVFiis6jB7Xp802kUAzdQ4=; b=P2UmsA5BZeqsscPDkC4Yn1E/In2OSzWqrPQPgHIekn868H3t2aO8M0I+cjFUOH3YLq 61WnIkXGOZcNxTWqyR6GeJ0OXsf4wtv2lhM2Fp7gZ5xioJSTEMPp6iMa9nLCD/ydWHoA 7nx3jimP/gKaFw0MIoPRMRNN+VxIMXO6tb1TykLxfHYacb8h9pCoIfJIoUMYoovcOsep 0GSzzXQ0UX4afaozU+drPsnO1U0YaJzlvQDnlcGqxqbnv3GEAOYYnOhqEXT+C9UIAU40 L0XLqpui8oODwZjwCTDZu72VbTrEMCa6lShW34KKMZ5RjG85TT6mR07bO90e67F0n+nA E3sQ==
X-Received: by 10.70.8.130 with SMTP id r2mr3881763pda.4.1427817104057; Tue, 31 Mar 2015 08:51:44 -0700 (PDT)
Received: from spandex.local (209-112-223-242-rb1.sol.dsl.dynamic.acsalaska.net. [209.112.223.242]) by mx.google.com with ESMTPSA id cz10sm14361745pdb.9.2015.03.31.08.51.42 for <pkix@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 31 Mar 2015 08:51:43 -0700 (PDT)
Message-ID: <551AC28D.3010202@gmail.com>
Date: Tue, 31 Mar 2015 07:51:41 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: pkix@ietf.org
References: <00d201d06b68$779e2c90$66da85b0$@akayla.com> <B679DABC-5B8B-40C4-A7C3-527227D4A876@vpnc.org> <9CF25F90-396C-4341-B04D-E850BDBA7339@vigilsec.com> <5C63864B-CE7F-4118-BDC5-2E0419704CB5@vpnc.org>
In-Reply-To: <5C63864B-CE7F-4118-BDC5-2E0419704CB5@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/sZWbb2XkaXmWAMMDZl32O5W5bdA>
Subject: Re: [pkix] a question of cert (and OCSP) extension syntax
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 15:51:45 -0000
On 3/31/15 7:18 AM, Paul Hoffman wrote: > On Mar 31, 2015, at 8:03 AM, Russ Housley <housley@vigilsec.com> > wrote: >> ASN.1 processing is needed to get the value of the OCTET STRING >> from the extension, so I do not understand the point you are trying >> to make. > > At the beginning of the thread, it seemed like the issue was > *encoding* the values, not decoding them. Right, but there seems to be some suggestion that there is certificate processing software out there that tries to decode the contents of an extension it doesn't recognize or understand. I'm hopeful that people raising this concern can be more specific and point out what software it is. *That* would be a pretty good example of the new information we've been asking for. Melinda
- [pkix] a question of cert (and OCSP) extension sy… Stephen Kent
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Gutmann
- Re: [pkix] a question of cert (and OCSP) extensio… Manger, James
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Gutmann
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Denis
- Re: [pkix] a question of cert (and OCSP) extensio… Stephen Kent
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- [pkix] update on ITU-T Public-key infrastructure:… Tony Rutkowski
- Re: [pkix] update on ITU-T Public-key infrastruct… Erik Andersen
- Re: [pkix] update on ITU-T Public-key infrastruct… George Michaelson
- Re: [pkix] a question of cert (and OCSP) extensio… Massimiliano Pala
- Re: [pkix] a question of cert (and OCSP) extensio… Massimiliano Pala
- Re: [pkix] a question of cert (and OCSP) extensio… Rob Stradling
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- [pkix] Cryptographic Message Syntax Tony Rutkowski
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] Cryptographic Message Syntax Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Yoav Nir
- Re: [pkix] a question of cert (and OCSP) extensio… Sean Leonard
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Yee
- Re: [pkix] a question of cert (and OCSP) extensio… Stephen Farrell
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Russ Housley
- Re: [pkix] a question of cert (and OCSP) extensio… Paul Hoffman
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Santosh Chokhani
- Re: [pkix] a question of cert (and OCSP) extensio… Peter Yee
- Re: [pkix] a question of cert (and OCSP) extensio… Melinda Shore
- Re: [pkix] a question of cert (and OCSP) extensio… Eric Rescorla