Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

Bah. Except that in the DVCS there was an IMPLICIT other than the module default that was in effect. That is likely why Russ saw the compilation error. 

ocspcertstatus               [5] IMPLICIT CertStatus,

And of course the side-by-side SEQUENCE issue is unrelated. 

From: Carl Wallace <carl@redhoundsoftware.com>
Date: Monday, March 1, 2021 at 7:40 PM
To: Stefan Santesson <stefan@aaa-sec.com>, Carlisle Adams <cadams@uottawa.ca>, Russ Housley <housley@vigilsec.com>, Erwann Abalea <eabalea@gmail.com>
Cc: "Roman D. Danyliw" <rdd@cert.org>, IETF PKIX <pkix@ietf.org>, Ben Kaduk <kaduk@mit.edu>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

The IMPLICIT default for the module containing the DistributionPointName definition does not apply to these CHOICE types. See this snip from X.680:

“30.6 The tagging construction specifies explicit tagging if any of the following holds:

a) the "Tag EXPLICIT Type" alternative is used;

b) the "Tag Type" alternative is used and the value of "TagDefault" for the module is either EXPLICIT

TAGS or is empty;

c) the "Tag Type" alternative is used and the value of "TagDefault" for the module is IMPLICIT TAGS or

AUTOMATIC TAGS, but the type defined by "Type" is an untagged choice type, an untagged open type, or

an untagged "DummyReference" (see ITU-T Rec. X.683 | ISO/IEC 8824-4, 8.3).”

Option c) is in effect. The “untagged choice type” lingo is confusing on first read and the term is not defined but “tagged type” is defined:

“30.1 The notation for a tagged type shall be "TaggedType":

TaggedType ::=

                Tag Type

                                | Tag IMPLICIT Type 

                                | Tag EXPLICIT Type”

Since the CHOICE definitions here are not TaggedTypes, EXPLICIT is in effect.

The DVCS module also uses an IMPLICIT default and is not using TaggedTypes, so same would apply there too. 

From: pkix <pkix-bounces@ietf.org> on behalf of Stefan Santesson <stefan@aaa-sec.com>
Date: Monday, March 1, 2021 at 4:54 PM
To: Carlisle Adams <cadams@uottawa.ca>, Russ Housley <housley@vigilsec.com>, Erwann Abalea <eabalea@gmail.com>
Cc: "Roman D. Danyliw" <rdd@cert.org>, IETF PKIX <pkix@ietf.org>, Ben Kaduk <kaduk@mit.edu>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

I think there is a need for clarification and to correct the “Integer -> INTEGER” issue.

But I don’t think it is appropriate to change any ASN.1 to attempt to fix neither the implicit tagging or the ambiguity of the “Data” type.

Here is my motivation.

On the nested implicit tagged object we have a similar issue with Distribution Point in RFC 5280:

   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

   DistributionPoint ::= SEQUENCE {

        distributionPoint       [0]     DistributionPointName OPTIONAL,

        reasons                 [1]     ReasonFlags OPTIONAL,

        cRLIssuer               [2]     GeneralNames OPTIONAL }

   DistributionPointName ::= CHOICE {

        fullName                [0]     GeneralNames,

        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

Here we have the Implicitly tagged DistributionPointName containing the implicitly tagged choice of GeneralNames or RelativeDistinguishedName.

I’m not an ASN.1 expert, but this is solved by implementations by converting the outer tag to an explicit tag.

E.g. when GeneralNames is used it is represented by [0][0]{GeneralNames length and value}

I assume that the same principle must apply to CertEtcToken.

On the “Data” structure it turns out that there are 4 different service types:

   - Certification of Possession of Data (cpd),

   - Certification of Claim of Possession of Data (ccpd),

   - Validation of Digitally Signed Document (vsd), and

   - Validation of Public Key Certificates (vpkc).

Where cpd and vsd always use message, ccpd always use messageImprint and vpkc always use sequence of TargetEtcChain

So, even if this is not great, it is still possible to implement the protocol, given that you know what service that use the “Data” type.

This is in fact how the implementation pointed out by Russ implements this: https://github.com/a-i-b/jnotary/blob/master/dvcs/src/main/java/org/jnotary/dvcs/Data.java

Se the ”getInstance()” function at line 90:

My conclusion is that the protocol has design flaws, but it is not the task of an errata to fix design flaws.

Fixing design flaws is the task of a protocol update. But I don’t think there is a good motivation to put the efforts into releasing a new version of this protocol.

As it is, the protocol is at least implementable, demonstrated by the linked code.

Stefan Santesson 

From: Carlisle Adams <cadams@uottawa.ca>
Date: Monday, 1 March 2021 at 17:23
To: Russ Housley <housley@vigilsec.com>, Erwann Abalea <eabalea@gmail.com>
Cc: "Roman D. Danyliw" <rdd@cert.org>, Ben Kaduk <kaduk@mit.edu>, Stefan Santesson <stefan@aaa-sec.com>, IETF PKIX <pkix@ietf.org>
Subject: RE: [pkix] [Technical Errata Reported] RFC3029 (6444)

Hi Russ, all,

I agree that these errors need fixing because there doesn’t seem to be an easy way to get around them otherwise.  I also agree with Stefan that this is probably an indication that DVCS was never widely implemented…  L

Carlisle.

From: Russ Housley <housley@vigilsec.com> 
Sent: February-28-21 5:26 PM
To: Erwann Abalea <eabalea@gmail.com>
Cc: Roman D. Danyliw <rdd@cert.org>; Ben Kaduk <kaduk@mit.edu>; Stefan Santesson <stefan@aaa-sec.com>; IETF PKIX <pkix@ietf.org>; Carlisle Adams <cadams@site.uottawa.ca>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

Attention : courriel externe | external email

Erwann:

Le sam. 27 févr. 2021 à 08:45, Russ Housley <housley@vigilsec.com> a écrit :

I guess I should have held off on reporting this ASN.1 error.  Once I corrected it, I discovered two errors that I do not know how to fix.

There is an implementation somewhere because Appendix F contains examples.  I do not know how the implementer got around these two problems.

PROBLEM 1:

CertEtcToken ::= CHOICE {
     certificate                  [0] IMPLICIT Certificate ,
     esscertid                    [1] ESSCertId ,
     pkistatus                    [2] IMPLICIT PKIStatusInfo ,
     assertion                    [3] ContentInfo ,
     crl                          [4] IMPLICIT CertificateList,
     ocspcertstatus               [5] IMPLICIT CertStatus,
     oscpcertid                   [6] IMPLICIT CertId ,
     oscpresponse                 [7] IMPLICIT OCSPResponse,
     capabilities                 [8] SMIMECapabilities,
     extension                    Extension{{ExtensionSet}}
}

CertEtcToken is a CHOICE with tags 0 through 8, but CertStatus CHOICE with tags 0 through 2.  You cannot nest a CHOICE in another CHOICE is the IMPLICIT tags overlap.

The use of EXPLICIT tagging would have solved the problem, but the authors clearly preferred IMPLICIT tags.

Here, it's easy. The outermost IMPLICIT tag is transformed into an EXPLICIT one by the ASN.1 compiler (it will probably emit a warning, though).

Yes, I am aware of that possibility of fixing the specification, but it is unclear what an implementer would do with a ASN.1 module with compilation errors, or a warning that inserts a EXPLICIT.

PROBLEM 2

DigestInfo ::= SEQUENCE {
    digestAlgorithm   DigestAlgorithmIdentifier,
    digest            Digest
}

Data ::= CHOICE {
      message           OCTET STRING ,
      messageImprint    DigestInfo,
      certs             SEQUENCE SIZE (1..MAX) OF
                            TargetEtcChain
}

DigestInfo is a SEQUENCE, and certs is a SEQUENCE, so the two have the same tag.  A recipient cannot tell which one the sender intended.

For this one, there's clearly no solution. Tagging would have solved it (any kind of tagging mode), but it's missing.

Indeed, at lease one of the SEQUENCE needs a tag.

Russ

_______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix 