Re: [lamps] [CMP Updates] position of hashAlg in certStatus
David von Oheimb <nl0@von-Oheimb.de> Fri, 03 September 2021 11:52 UTC
Return-Path: <nl0@von-Oheimb.de>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5482C3A1B94 for <spasm@ietfa.amsl.com>; Fri, 3 Sep 2021 04:52:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.797
X-Spam-Level:
X-Spam-Status: No, score=-1.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDEZJ67UFpNc for <spasm@ietfa.amsl.com>; Fri, 3 Sep 2021 04:52:30 -0700 (PDT)
Received: from server8.webgo24.de (server8.webgo24.de [185.30.32.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA7A3A1B78 for <spasm@ietf.org>; Fri, 3 Sep 2021 04:52:26 -0700 (PDT)
Received: from [192.168.8.100] (ip-109-40-3-152.web.vodafone.de [109.40.3.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server8.webgo24.de (Postfix) with ESMTPSA id 93E48421908; Fri, 3 Sep 2021 13:52:22 +0200 (CEST)
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Russ Housley <housley@vigilsec.com>
Cc: "spasm@ietf.org" <spasm@ietf.org>, John Gray <John.Gray@entrust.com>, Carl Wallace <carl@redhoundsoftware.com>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
References: <2CEBEA79-AFAA-4166-88D0-26AB49332750@ll.mit.edu> <F01F29B3-B086-4E7E-AA5F-5C504D4F3156@redhoundsoftware.com> <4659b1fb-bf01-fd95-bf39-e5ac192a1741@siemens.com> <EBD4A107-6E1D-4832-B050-8468D5F20681@redhoundsoftware.com> <AM0PR10MB241867FEC0AF8ED504546B56FECD9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <26092A46-708C-450A-BE81-A45380431239@ll.mit.edu> <77FCA0C1-F3C0-4D8D-9D21-B5A46E6B6B5A@vigilsec.com> <0F3E891F-7892-49CF-8F88-0C4484591EB0@ll.mit.edu>
From: David von Oheimb <nl0@von-Oheimb.de>
Message-ID: <db81b1c4-e2a7-060d-80a0-55b99b536f27@von-Oheimb.de>
Date: Fri, 03 Sep 2021 13:52:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <0F3E891F-7892-49CF-8F88-0C4484591EB0@ll.mit.edu>
Content-Type: multipart/alternative; boundary="------------4B4D493E89BBAA39C0F61E76"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/76FCpPbCGFhiwm8zuTjXnps53_4>
Subject: Re: [lamps] [CMP Updates] position of hashAlg in certStatus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 11:52:43 -0000
> I think the fields that carry forward from CMPv1 should have the same > tags that they do in CMPv1. > May I ask why, given that packets from CMPv{2,3} in general can’t be > correctly decoded by CMPv1 parser? Again, the topic being discussed here does not regard CMPv1 vs. CMPv{2,3}, but CMPv2 vs. CMPv3. Note that CMPv1 did not even have a CertStatus message since it did not have the certificate confirmation feature. If you feed some CertStatus structure to a CMPv2 parser, which expects CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL } it should be obvious that any value not matching this definition will not decode. So basically the only thing you can do in a somewhat backward-compatible way is to add optional fields in any positions, and as long as none of those optional fields is actually present in a value to be parsed, CMPv2 decoding can succeed. Changing tags of existing fields is clearly not backward compatible. David > On Sep 1, 2021, at 11:08 AM, Blumenthal, Uri - 0553 - MITLL > <uri@ll.mit.edu <mailto:uri@ll.mit.edu>> wrote: > > > > Here’s my preference: > > > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo [0] PKIStatusInfo OPTIONAL, > > hashAlg [1] AlgorithmIdentifier OPTIONAL > > } > > > > > > I don’t see the ability of an older decoder to parse some – *but > not other* – of the new messages as a benefit. > > > > -- > > Regards, > > Uri > > / / > > /There are two ways to design a system. One is to make is so > simple there are obviously no deficiencies./ > > /The other is to make it so complex there are no obvious > deficiencies./ > > / > - > C. A. R. Hoare/ > > > > > > *From: *"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>> > *Date: *Wednesday, September 1, 2021 at 11:01 > *To: *Carl Wallace <carl@redhoundsoftware.com > <mailto:carl@redhoundsoftware.com>>, "david.von.oheimb@siemens.com > <mailto:david.von.oheimb@siemens.com>" > <david.von.oheimb@siemens.com > <mailto:david.von.oheimb@siemens.com>>, Uri Blumenthal > <uri@ll.mit.edu <mailto:uri@ll.mit.edu>>, Russ Housley > <housley@vigilsec.com <mailto:housley@vigilsec.com>>, John Gray > <John.Gray@entrust.com <mailto:John.Gray@entrust.com>> > *Cc: *"spasm@ietf.org <mailto:spasm@ietf.org>" <spasm@ietf.org > <mailto:spasm@ietf.org>> > *Subject: *AW: [lamps] [CMP Updates] position of hashAlg in certStatus > > > > Manny thanks for the discussion. It helps a lot to improve the draft. > > I see two variants still in the discussion. Both add hashAlg to > the current syntax of RFC 4210. > > Current syntax in RFC 4210 (CMP v2): > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > } > > > > Proposal 1 (current proposal in draft-ietf-lamps-cmp-updates-12): > > CertStatus ::= SEQUENCE { > > hashAlg [0] AlgorithmIdentifier OPTIONAL > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > } > > > > Proposal 2 (proposal made by John): > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > hashAlg [0] AlgorithmIdentifier OPTIONAL > > } > > > > Both proposals should compile and should be bitwise backward > compatible when not using hashAlg. > > I am happy with both proposals. There still seam to be some > preferences for the one or the other proposal. > > To come to a conclusion, could all briefly indicate their > preferred proposal. > > > > Hendrik > > > > *Von:* Spasm <spasm-bounces@ietf.org > <mailto:spasm-bounces@ietf.org>> *Im Auftrag von *Carl Wallace > *Gesendet:* Dienstag, 31. August 2021 21:10 > > > > Thank you. “Current syntax” did not mean current as in v2. That > was what I had gotten wrong. You are adding the hashAlg field, not > simply moving it (relative to v2). I agree adding it at the end > makes the most sense and it needs a tag. > > > > *From: *David von Oheimb <David.von.Oheimb@siemens.com > <mailto:David.von.Oheimb@siemens.com>> > *Date: *Tuesday, August 31, 2021 at 2:56 PM > *To: *Carl Wallace <carl@redhoundsoftware.com > <mailto:carl@redhoundsoftware.com>>, "Blumenthal, Uri - 0553 - > MITLL" <uri@ll.mit.edu <mailto:uri@ll.mit.edu>>, "Brockhaus, > Hendrik" <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>>, Russ Housley > <housley@vigilsec.com <mailto:housley@vigilsec.com>>, John Gray > <John.Gray@entrust.com <mailto:John.Gray@entrust.com>> > *Cc: *<spasm@ietf.org <mailto:spasm@ietf.org>> > *Subject: *Re: [lamps] [CMP Updates] position of hashAlg in certStatus > > > > Let me clarify at first three things: > > 1. What Hendrik introduced as "David's proposal" was meant > by me just as potential a variant of John's proposal, not > something that I would actually like to propose. > Anyway interesting to learn from Russ that the fact that two > optional sequences after each other already make parsing ambiguous - > I would have hoped that the parser looked deeper: as far as to the > first basic (non-sequence) field, where there is more chance that > field types/tags are sufficiently different. > > 2. The versions in question are not CMP v1 vs. v3, but v2 vs. v3 > > 3. The change from v2 to v3 is not about changing the order > of fields, but where to add the new (v3) hashAlg field: at the > beginning or at the end. > > My preference is the original proposal by Hendrik and me, for two > reasons: > > · It is conceptually most clean: the presence and value of > the first field (hashAlg) determines the interpretation of the > following field (certHash); > there is no need to "go back" in the linear handling of the fields > after discovering that a hashAlg field is present. > > · AFAICS, it is as backward compatible as John's proposal: > if a CMPv3 capable sender leaves out the new optional hashAlg > field (when it is not needed), > the overall structure would look identical to a CMPv2 structure, > regardless whether the hashAlg fields was left out at the > beginning or the end, right? > > David > > > > On 31.08.21 20:24, Carl Wallace wrote: > > I did not say it was difficult. What are the several reasons? > > > > On Aug 31, 2021, at 2:16 PM, Blumenthal, Uri - 0553 - > MITLL <uri@ll.mit.edu> <mailto:uri@ll.mit.edu> wrote: > > > > I would rather not leave the structure as-is, for several > reasons. Also, given the amount of differences between v1 > and v3, modifying hand-rolled implementations seems > trivial enough. > > -- > > Regards, > > Uri > > / / > > /There are two ways to design a system. One is to make is > so simple there are obviously no deficiencies./ > > /The other is to make it so complex there are no obvious > deficiencies./ > > / > - > C. A. R. Hoare/ > > > > > > *From: *Carl Wallace <carl@redhoundsoftware.com> > <mailto:carl@redhoundsoftware.com> > *Date: *Tuesday, August 31, 2021 at 14:03 > *To: *John Gray <John.Gray@entrust.com> > <mailto:John.Gray@entrust.com>, Uri > Blumenthal <uri@ll.mit.edu> <mailto:uri@ll.mit.edu>, Russ > Housley <housley@vigilsec.com> > <mailto:housley@vigilsec.com>, "Brockhaus, > Hendrik" <hendrik.brockhaus@siemens.com> > <mailto:hendrik.brockhaus@siemens.com> > *Cc: *"spasm@ietf.org" > <mailto:spasm@ietf.org> <spasm@ietf.org> > <mailto:spasm@ietf.org>, "david.von.oheimb@siemens.com" > <mailto:david.von.oheimb@siemens.com> <david.von.oheimb@siemens.com> > <mailto:david.von.oheimb@siemens.com> > *Subject: *Re: [lamps] [CMP Updates] position of hashAlg > in certStatus > > > > For folks who use a compiler to update encoders/decoders > to v3, this change is likely more or less a no-op (delta > Russ’ tagging point about one of the options), since all > you are doing is sliding the same fields around within a > structure. For folks who hand roll their encoders and > decoders, this change makes unnecessary work to align with > v3. I’d just leave this structure as-is. > > > > *From: *John Gray <John.Gray@entrust.com> > <mailto:John.Gray@entrust.com> > *Date: *Tuesday, August 31, 2021 at 1:37 PM > *To: *Carl Wallace <carl@redhoundsoftware.com> > <mailto:carl@redhoundsoftware.com>, "Blumenthal, Uri - > 0553 - MITLL" <uri@ll.mit.edu> <mailto:uri@ll.mit.edu>, > Russ Housley <housley@vigilsec.com> > <mailto:housley@vigilsec.com>, "Brockhaus, > Hendrik" <hendrik.brockhaus@siemens.com> > <mailto:hendrik.brockhaus@siemens.com> > *Cc: *"spasm@ietf.org" > <mailto:spasm@ietf.org> <spasm@ietf.org> > <mailto:spasm@ietf.org>, "david.von.oheimb@siemens.com" > <mailto:david.von.oheimb@siemens.com> <david.von.oheimb@siemens.com> > <mailto:david.von.oheimb@siemens.com> > *Subject: *RE: [lamps] [CMP Updates] position of hashAlg > in certStatus > > > > When I made the proposal, I was thinking in terms of > backwards compatibility and making it easier for an > existing CMP implementation to add the v3 functionality. > I recognize that either way will technically work, and > since the tagging is optional in Hendrik’s proposal that > would be bit identical to CMPv2 when the hashAlg is not > present. The same is true if it goes at the end since it > is tagged and is optional. CertConf was a new message in > CMPv2, so a pure CMPv1 implementation would always fail. > However, it is possible an implementation may have > modified a CMPv1 implementation to accept the CertConf > which may continue working if hashAlg is at the end if > they encounter a v3 server (which may be more desirable > that failing and requiring the implementation to be > updated). Also, I was thinking as a CMP implementer, I > would only need to append to the end of the parsing logic > rather than muddling up the existing logic which may make > it a bit simpler to implement (for existing > implementations). > > > > So that was my rational for asking the question, but as I > mentioned above, either way will work. > > > > Cheers, > > > > John Gray > > > > > > *From:* Carl Wallace <carl@redhoundsoftware.com> > <mailto:carl@redhoundsoftware.com> > *Sent:* Tuesday, August 31, 2021 1:28 PM > *To:* Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> > <mailto:uri@ll.mit.edu>; Russ > Housley <housley@vigilsec.com> > <mailto:housley@vigilsec.com>; Brockhaus, > Hendrik <hendrik.brockhaus@siemens.com> > <mailto:hendrik.brockhaus@siemens.com> > *Cc:* spasm@ietf.org > <mailto:spasm@ietf.org>; david.von.oheimb@siemens.com > <mailto:david.von.oheimb@siemens.com>; John > Gray <John.Gray@entrust.com> <mailto:John.Gray@entrust.com> > *Subject:* [EXTERNAL] Re: [lamps] [CMP Updates] position > of hashAlg in certStatus > > > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the > sender and know the content is safe. > > ------------------------------------------------------------------------ > > I apologize for maybe having missing some bit of rationale > in this thread, but what is the advantage of moving the > hash alg field to the end? It definitely breaks backwards > compatibility. What does it add? > > > > *From: *Spasm <spasm-bounces@ietf.org > <mailto:spasm-bounces@ietf.org>> on behalf of "Blumenthal, > Uri - 0553 - MITLL" <uri@ll.mit.edu <mailto:uri@ll.mit.edu>> > *Date: *Tuesday, August 31, 2021 at 12:38 PM > *To: *Russ Housley <housley@vigilsec.com > <mailto:housley@vigilsec.com>>, "Brockhaus, Hendrik" > <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>> > *Cc: *"spasm@ietf.org <mailto:spasm@ietf.org>" > <spasm@ietf.org <mailto:spasm@ietf.org>>, > "david.von.oheimb@siemens.com > <mailto:david.von.oheimb@siemens.com>" > <david.von.oheimb@siemens.com > <mailto:david.von.oheimb@siemens.com>>, John Gray > <John.Gray@entrust.com <mailto:John.Gray@entrust.com>> > *Subject: *Re: [lamps] [CMP Updates] position of hashAlg > in certStatus > > > > Hendrik: > > > > John's proposal compiles. Your new one does too. > > > > I have a mild preference for John's proposal because the > bit on the wire are the same as CMPv1 when the hashAlg > field is absent. > > > > For the sake of purity, I would prefer Hendrik’s variant. > > > > Also, I’m not sure it’s good if some of CMPv2 messages > parse OK by CMPv1 decoder, and others fail. That’s another > argument in favor of Hendrik’s. > > > > On Aug 31, 2021, at 12:25 PM, Brockhaus, Hendrik > <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>> wrote: > > > > Russ > > > > Thank you for this explanation. > > > > Would this mean, that Johns proposal should look like > this? > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo [0] PKIStatusInfo OPTIONAL, > > hashAlg [1] AlgorithmIdentifier OPTIONAL > > } > > > > Do you have any preference for the current test or for > Johns proposal? > > > > - Hendrik > > > > *Gesendet:* Dienstag, 31. August 2021 17:12 > *An:* Brockhaus, Hendrik (T RDA CST SEA-DE) > <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>> > > > > Hendrik: > > > > David's proposal will not compile. The OSS compiler > produces this error with that syntax: > > > > line 62 (TestModule): A0100E: Duplicate tag in type > CertStatus: element 'statusInfo' (line 61) and element > 'hashAlg' (line 62). > > > > C0043I: 1 error message, 0 warning messages and 0 > informatory messages issued. > > > > The reason for this error is that the two optional > elements are both SEQUENCEs. So, when decoding, if > only one of the optional SEQUENCEs is present, it > cannot figure out which one it is. > > > > The use of the [0] allows the decoder to tell the two > SEQUENCEs apart. > > > > Russ > > > > > > > > On Aug 31, 2021, at 8:21 AM, Brockhaus, Hendrik > <hendrik.brockhaus@siemens.com > <mailto:hendrik.brockhaus@siemens.com>> wrote: > > > > Russ > > > > Currently we receive valuable feedback from John > Gray on the CMP Updates draft. > > > > One proposal from John is on moving the hashAlg > field in the certStatus sequence from the first to > the last position. Please see his arguments in > this email tread below. > > > > Current syntax: > > CertStatus ::= SEQUENCE { > > hashAlg [0] AlgorithmIdentifier OPTIONAL > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > } > > > > Johns proposal: > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > hashAlg [0] AlgorithmIdentifier OPTIONAL > > } > > > > Davids proposal: > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > hashAlg AlgorithmIdentifier OPTIONAL > > } > > > > We are uncertain what the best approach from an > ASN.1 syntax parsing perspective is. What is your > opinion? > > > > Hendrik > > > > > > *Von:* Brockhaus, Hendrik (T RDA CST SEA-DE) > *Gesendet:* Dienstag, 31. August 2021 14:07 > *An:* John Gray <John.Gray@entrust.com > <mailto:John.Gray@entrust.com>> > > *Von:* David von Oheimb > <David.von.Oheimb@siemens.com > <mailto:David.von.Oheimb@siemens.com>> > *Gesendet:* Donnerstag, 26. August 2021 22:43 > *An:* John Gray <John.Gray@entrust.com > <mailto:John.Gray@entrust.com>> > > On 26.08.21 11:26, Brockhaus, Hendrik (T RDA CST > SEA-DE) wrote: > > > > *Von:* John Gray <John.Gray@entrust.com> > <mailto:John.Gray@entrust.com> > *Gesendet:* Mittwoch, 25. August 2021 18:35 > *An:* von Oheimb, David (T RDA CST > SEA-DE) <david.von.oheimb@siemens.com> > <mailto:david.von.oheimb@siemens.com>; > Brockhaus, Hendrik (T RDA CST > SEA-DE) <hendrik.brockhaus@siemens.com> > <mailto:hendrik.brockhaus@siemens.com> > *Cc:* ietf-hendrikb@h.mailbouncer.info > <mailto:ietf-hendrikb@h.mailbouncer.info>; > Kretschmer, Andreas (T RDA CST > SEA-DE) <andreas.kretschmer@siemens.com> > <mailto:andreas.kretschmer@siemens.com> > *Betreff:* RE: [EXTERNAL] Re: CMP Updates and > Lightweight CMP Profile > > > > Thanks for the updates. > > > > I continued to review the document today as > well. Here are some more comments: > > > > Section 2.10 - CertStatus update. I was > wondering if adding the optional tagged > element as the last element **might** make a > difference: > > > > For now it is defined as: > > > > Replace the ASN.1 Syntax of CertStatus with > the following text: > > > > CertStatus ::= SEQUENCE { > > hashAlg [0] AlgorithmIdentifier OPTIONAL, > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL > > } > > > > > > I would have expected that adding something > new would be added like this: > > > > Replace the ASN.1 Syntax of CertStatus with the following text: > > > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > hashAlg [0] AlgorithmIdentifier OPTIONAL > > } > > > > If a CMPv2 server received the hashAlg as the > last element, it might still work, but would > fail in the first case. However, I know you > say if the hashAlg is included then it must > use the pvno of version 3, so the order > doesn’t really matter. I just thought that > for someone implementing it, it might be a bit > easier to check if the tag exists after the > existing parsing (at the end), rather than > checking if it exists on the first element. > It would mean no parsing logic has to change > until it reaches the last element. However, > I suppose the counter argument would be that > if hashAlg is included first, but it isn’t > supported then an older server would fail > faster which is probably a desirable property. > > > > > [Bro] This is a interesting point we also > thought about. Here are some thoughts we had. > > First of all, we think the binary ASN.1 of a > certConf message produced by a client only > knowing the original cmp2000 without hashAlg > does not differ between from a client knowing > the hashAlg field, but not using it. > This should be the case when placing the > hashAlg field at the first as well as at the > last position of the sequence. > > Second, we took the OOBCertHash type as an > example and therefore decided for placing the > hashAlg field also at the first position. > > OOBCertHash ::= SEQUENCE { > > hashAlg [0] > AlgorithmIdentifier OPTIONAL, > > certId [1] > CertId OPTIONAL, > > hashVal BIT STRING > > } > > Third, the hash algorithm OID is required > before calculating the hash value. Therefore, > it is the logical order to have hashAlg first. > > Theses were the thoughts we had for placing > hashAlg in the first position, but they are no > strict reasons to do it this way round. > I cannot say, if your arguments still hold > true from an implementation perspective. > @David, maybe you can comment on the more > implementation related issues. > > I am not an ASN.1 expert, but as far as I > understand from using its OpenSSL implementation, > it should not make much difference whether to fail > earlier or later in case the bits do not fit with > the expected structure. > At least for the CMP implementation, which simply > uses the ASN.1 parser, there would be no > noticeable difference since either the parsing of > the whole structure (including its total sequence > length) succeeds or not. > If a receiver expects a structure encoded as in > CMPv2 but gets an encoding for CMPv3, I think due > to the presence of the "[0]" tag, parsing will > fail even if the hashAlg fields is at the end with > not value being present. > A backward-compatible definition might look like this: > > CertStatus ::= SEQUENCE { > > certHash OCTET STRING, > > certReqId INTEGER, > > statusInfo PKIStatusInfo OPTIONAL, > > hashAlg AlgorithmIdentifier OPTIONAL > > } > > but supposedly we cannot do this because it would > be ambiguous whether the optional statusInfo or > hashAlg field is present. > To me, the main point is a conceptual one: the > hashAlg needs to "seen" before the certHash, so it > is logical to have them in this order. > > [Bro] I am also no ASN.1 expert, but Russ is. > Therefore, I will forward the question to him to > get his advice. As statusInfo and hashAlg have > different types, it may also work without tagging. > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org <mailto:Spasm@ietf.org> > https://www.ietf.org/mailman/listinfo/spasm > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Feur01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Fwww.ietf.org*2Fmailman*2Flistinfo*2Fspasm%26data%3D04*7C01*7Chendrik.brockhaus*40siemens.com*7C143aeb858f18456f4ef008d96c91b913*7C38ae3bcd95794fd4addab42e1495d55a*7C1*7C0*7C637660195485199311*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26sdata%3D0zVGASW8q0wKP6L3y*2FDbArvhPZfu7N1dddePGJbIfHU*3D%26reserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!FJ-Y8qCqXTj2!LoXbEbIyNev6LwqxU8VE7vr48hf8P9r65NL7ritq1xGlhzX0ww9Z6Z8rGDYc9yQx%24&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C22b22e605bb74452459a08d96cb30447%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637660338422910393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bYMLnfFal41qVClyFbjeoIiS4kNmAAJxWtQX0LYVH2M%3D&reserved=0> > > > > _______________________________________________ Spasm > mailing list Spasm@ietf.org > <mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm__%3B!!FJ-Y8qCqXTj2!LoXbEbIyNev6LwqxU8VE7vr48hf8P9r65NL7ritq1xGlhzX0ww9Z6Z8rGOpMzia-%24&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C22b22e605bb74452459a08d96cb30447%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637660338422920390%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=c68%2F195BNv%2BzHWZQVT%2FncY3XfeyHyjrXW%2FhjOsrOOGg%3D&reserved=0> > > /Any email and files/attachments transmitted with it are > confidential and are intended solely for the use of the > individual or entity to whom they are addressed. If this > message has been sent to you in error, you must not copy, > distribute or disclose of the information it > contains. _Please notify Entrust immediately_ and delete > the message from your system./ > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org <mailto:Spasm@ietf.org> > > https://www.ietf.org/mailman/listinfo/spasm <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C22b22e605bb74452459a08d96cb30447%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637660338422920390%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fzrs1wW9G%2BhCAtwNV9TTJridHaUW8yFLx2%2FNkuI4%2BHU%3D&reserved=0> > > >
- [lamps] [CMP Updates] position of hashAlg in cert… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … David von Oheimb
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Salz, Rich
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … David von Oheimb
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … Salz, Rich
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] position of hashAlg in … John Gray
- Re: [lamps] [CMP Updates] position of hashAlg in … John Gray
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [CMP Updates] position of hashAlg in … David von Oheimb
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … David von Oheimb
- Re: [lamps] [CMP Updates] position of hashAlg in … Carl Wallace
- Re: [lamps] [CMP Updates] position of hashAlg in … David von Oheimb
- Re: [lamps] [CMP Updates] position of hashAlg in … Russ Housley
- Re: [lamps] [CMP Updates] position of hashAlg in … Salz, Rich
- Re: [lamps] [CMP Updates] position of hashAlg in … Blumenthal, Uri - 0553 - MITLL