[pkix] [Technical Errata Reported] RFC5912 (4145)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 23 October 2014 19:24 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEBC41A90D3 for <pkix@ietfa.amsl.com>; Thu, 23 Oct 2014 12:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.912
X-Spam-Level:
X-Spam-Status: No, score=-101.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0uDZ4FPtox3m for <pkix@ietfa.amsl.com>; Thu, 23 Oct 2014 12:24:06 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id 095641ACEAA for <pkix@ietf.org>; Thu, 23 Oct 2014 12:24:01 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id CFDF018001B; Thu, 23 Oct 2014 12:23:33 -0700 (PDT)
To: paul.hoffman@vpnc.org, jimsch@exmsft.com, stephen.farrell@cs.tcd.ie, Kathleen.Moriarty.ietf@gmail.com, kent@bbn.com, stefan@aaa-sec.com
X-PHP-Originating-Script: 6000:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20141023192333.CFDF018001B@rfc-editor.org>
Date: Thu, 23 Oct 2014 12:23:33 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/vURQc5YO5kn6sSJOg_cuy9vq97I
Cc: pleonber@gmail.com, pkix@ietf.org, rfc-editor@rfc-editor.org
Subject: [pkix] [Technical Errata Reported] RFC5912 (4145)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Oct 2014 19:24:07 -0000
The following errata report has been submitted for RFC5912, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5912&eid=4145 -------------------------------------- Type: Technical Reported by: Pierce Leonberger <pleonber@gmail.com> Section: 14 Original Text ------------- -- 3. A more complex version, but one that automatically ties -- together both the signature algorithm and the -- signature value for automatic decoding. -- SIGNED{ToBeSigned} ::= SEQUENCE { toBeSigned ToBeSigned, algorithmIdentifier SEQUENCE { algorithm SIGNATURE-ALGORITHM. &id({SignatureAlgorithms}), parameters SIGNATURE-ALGORITHM. &Params({SignatureAlgorithms} {@algorithmIdentifier.algorithm}) OPTIONAL }, signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value( {SignatureAlgorithms} {@algorithmIdentifier.algorithm})) } Corrected Text -------------- SIGNED{ToBeSigned} ::= SEQUENCE { toBeSigned ToBeSigned, algorithmIdentifier SEQUENCE { algorithm SIGNATURE-ALGORITHM. &id({SignatureAlgorithms}), parameters SIGNATURE-ALGORITHM. &Params({SignatureAlgorithms} {@algorithmIdentifier.algorithm}) OPTIONAL }, signature BIT STRING } Notes ----- I *believe* the 3rd option for SIGNED{} is invalid. The "signature" BIT STRING contains an OpenType which references an optional class field. It's possible to define objects with no type and OpenTypes must refer to a type. There's no mechanism to allow an OpenType to reference random bytes (not ASN.1 encoded). I understand the intent is to allow for automatic decoding, but unless the "&Value" is required in SIGNATURE-ALGORITHM this will not work. Requiring it will not work because not all signature algorithms require the signature value to be encoded (e.g. RSA). The syntax would be valid is if "signature" was OPTIONAL (obviously not desirable). So I propose we revert "signature" to "BIT STRING" without constraints. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5912 (draft-ietf-pkix-new-asn1-08) -------------------------------------- Title : New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX) Publication Date : June 2010 Author(s) : P. Hoffman, J. Schaad Category : INFORMATIONAL Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Technical Errata Reported] RFC5912 (4145) RFC Errata System