Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
Russ Housley <housley@vigilsec.com> Sat, 27 August 2022 15:04 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC12DC14CF11 for <spasm@ietfa.amsl.com>; Sat, 27 Aug 2022 08:04:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.806
X-Spam-Level:
X-Spam-Status: No, score=-1.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TLOkfyQtDfy for <spasm@ietfa.amsl.com>; Sat, 27 Aug 2022 08:04:31 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C07EAC14CE35 for <spasm@ietf.org>; Sat, 27 Aug 2022 08:04:30 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 1C3E3DDD04; Sat, 27 Aug 2022 11:04:28 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id EB0A5DDD03; Sat, 27 Aug 2022 11:04:27 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <7BF5D539-173D-47E9-A007-765E3FBDB489@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_268A0FCB-BD44-4851-ACE8-D85650B83730"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Sat, 27 Aug 2022 11:04:27 -0400
In-Reply-To: <1658963914.62e1c7ca77cce@email.inbox.lv>
Cc: LAMPS <spasm@ietf.org>
To: Timothy Geiser <slimshady007=40inbox.lv@dmarc.ietf.org>
References: <1658963914.62e1c7ca77cce@email.inbox.lv>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/POxH5DdeFClTfp4j-VJUDq5g6XA>
Subject: Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2022 15:04:32 -0000
Tim:
I am sorry it has taken me so long to respond.
I found the error in my code that was generating the example for Appendix B4. Please take a look at this output. I hope I did not introduce a new problem...
Appendix B.4
30 2914: SEQUENCE {
06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)
04 2900: OCTET STRING, encapsulates {
30 2896: SEQUENCE {
A3 2892: [3] {
30 2888: SEQUENCE {
30 2884: SEQUENCE {
06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3'
A0 2870: [0] {
30 2866: SEQUENCE {
30 2862: SEQUENCE {
30 2858: SEQUENCE {
16 24: IA5String 'image/svg+xml-compressed'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER
: sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
: 7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
: }
: }
30 2777: SEQUENCE {
16 2773: IA5String
: 'data:image/svg+xml-compressed;base64,H4sICLXutU0'
: 'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
: 'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
: '8C9d9iERSPOd85+O5EB3+9jhL0YMuyiTPLh3iYgfpLMrjJJt'
: 'eOv/661M/cFBZhVkcpnmmL50sd34b/TIsH6YoiS+da11UySS'
: 'Jwkqj21k41Q6CDbNyUMSTS+e+quYDz1sul+6SuXkx9YhSysP'
: 'Uo7QPK/rlKqvCx35Wvmu+a/uGYow9EOigh0Qvr/LHSwcjjDj'
: 'GiGHQ914n0/sKlMf4Vwctk7i6X7/sGEYdNA5L/WeRT5IUDKm'
: 'SbLVWNoo2cqNCh1XyoKN8Nsuz0iqwVW8Qb1fOF0Vqp+PI06m'
: 'e6awqPeISzxn9goYzXYVxWIUWpfWLCMwcGoLpgy83n8wzGkb'
: 'R4GtefENmMBznC7DEroKpOBpM8mIWVqPEYGtA+BvoMfS2E5u'
: 'F1Wqu7R6FLvNFEelWReNolpiV3l2VpGntMW9nk6RKdf0+9Br'
: 'FrMbeVuWhtzbHvMR6UlobPyVpBWjXBk7six2vH5nCwY6nXCo'
: '5xb7YusvFVPqCOGh16fSxSxglmPkScLfvmDDmC4FlDc1wov8'
: 'IF2WZhNlVumgEPRliimDD3PhGPyTgUUMC6lKqKAjxaptq1bo'
: 'UJvQFsvi+LOJyxZkPE/vCwHuAmXmoj1AarnRBatzqkbv7cK5'
: 'Ls2ORfwM/vsOG5lURZqXxOnDXPKZw5t5jVzIhFKO0B6D6hAR'
: 'SXDR6Fzqq7H7mQeJAOQiUSPvFIrUHOfuui3zrFI5dYVeAmpc'
: 'OcOb9u63vLjae4kYX4yRifYPrTa2SlMigYdO+cEWeGADMLZL'
: 'H96SH4R9xRYApl6q3Y02f+NzlRAl+cZSKhB6qSIVa80fsqMn'
: 'WOqZJpmsXwAPoyNaQ95uNIGasKPwhxGzQzOXzMIIzBKabmLI'
: 'il470zfSjWWn+kvpvLQ9g1l3yRIc8gukz0uysEcakcDfy3KM'
: 'k+l0SOXlOopltJL7EPtUlzZfP4tnM70k8xkKCySt92MwfIXP'
: 'oTe0pnu4dYbp7hJ/kxWySN0ey0o/1qbiCsxDXJMWWo37QekB'
: 'cAUFPSGkPCnUJF5wwBacDK5cGlEp4BC2lYoJcrNNGVc7DzIq'
: 'xT4CKsPlrAG8mL8whRejiQe9EmImIAoz3sds9NxP4RZEzugq'
: 'zb7c3Q89u3WQKY9aegbsA/AUJB/bJs6pfJt9BHFEuk5DWITz'
: 'OH5uZSThLUsDjQ5GE6RMsyihMTaQLfA6BIiAQMAhnHHN1sd6'
: '1WtUhDVJiuhkrdBXd740+hLB9Vm1HjQe4ywLOBLWOMMiyQAX'
: 'NB8sm9Gx2qdGgGkMG6wY8aLfqgH4dfnmrVc+pPrE/Z/QnZOs'
: '8C1Okb2/ggwLdxlDC1D6DFPZDD98txv8xQf5TEc7Ax6ZyaDf'
: '6BC4SylWKCMqtizp80+UMchATal63qHq0M3ZTs83Ob/XO6LY'
: 'sFzpGVY5+iLxdWvwY+NaKoR/0iJIXL3dBjT2hG+wO+NXm53X'
: 'StSh1eogfeojV35BTOaqh/cmPUe2Mdp91pQp2CjWOO2k7Oam'
: 'hjU1HB3DLGm66n6iajz4bqn2oICmNFxDR/x2mC5s+rKhlkUA'
: '3Ne3P8lgP0qJfjf9uvu+HWXSfFwNoH4uqGUmTadYMtOc7yjE'
: 'Ed9EUhkwEEOcDSHKQ+yhnSvUYRH8miQo2FK5TCjWZZGWKB8i'
: 'HPud16wApnCvTOzjIFAj9TQdCxa+ddOTizaa1xJvD0qMrKx+'
: 'Ydaj6iwJQG0vaSdYWpTv4HwVRAP3Z6ONjOJunEIeKRVmhujp'
: 'A2+wPmQR9WFQAFhh9bGQzFEXX+WwOnXq8pV35P2Acdn0pGeb'
: 'cMg7OgQKaEdOKEAkFlk/9HuEKGBVwucc4AjnJ/LBYU09hVwW'
: 'Y1F0HlBUC2lbyIuYF58O8p+adMwUt9YAoX/IwRtAC9NAdBAy'
: 'GuEB3VR59u8/TGYx9/Xjz8bPB/Z/F9B0SghBK+4xxfiwtr0G'
: 'XECqedQQ9PRVpEAQ+26MidbGSmPm8RwRzcQsT17EPSmoorH3'
: '+av4Jcj78O/vIp/uzMEkHKAE6/F7VHHSj8HddR0Q3ymcGZfR'
: 'VjwfmOnNn3GuWR+FzhcPmPqiptHcayacT28T8j3Cs0/LQCwo'
: '6J2iYxP4R58AsobjFegusoJhuq7VNS2evRPcqASvQki+gbkB'
: 'YwETNPt/1A2pT6UErR1zMzUITZRvF5Lp5basO1fk2U4aBSjk'
: 'ji8quL3cDyW7TpI3unxezMcSTNhQJhfpGctKgKN2Amo7/7Sh'
: 'Sev4oXicPSYS+6GkCm9a1Qw3VEchCUA+z5HtTcbQhK6F14YF'
: 'Up+Yn7WgmzwpZCDf5DDiXT9B7U6RdHAHpdb7IqmLVjqZSLnT'
: 'W61zjQ7/G7D3hm9E846uTDZoNMADmLlm7IG2ieXfUtu1US9T'
: 'eNGUHibE9Nv//2jRJGZfQmK3v7ykJJOv1IXjBsDCPpmgWppe'
: '6sHxR3KVSQKqp+WIqammuJbtqkxZmMHry4oS/9pLhdCXKq8u'
: 'R0R+LDEqCKRxqc5VXdvPvIP+ggwR0RkyBfO9iKZvrWGAKVdz'
: '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
: 'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
: '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
Likewise, I made the same mistake in generating the example for Appendix B.5...
Appendix B.5
30 446: SEQUENCE {
A0 227: [0] {
30 224: SEQUENCE {
A0 111: [0] {
30 109: SEQUENCE {
30 107: SEQUENCE {
30 105: SEQUENCE {
16 10: IA5String 'image/jpeg'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
: 84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
: }
: }
30 40: SEQUENCE {
16 38: IA5String 'http://www.example.net/images/logo.jpg'
: }
: }
: }
: }
: }
A0 109: [0] {
30 107: SEQUENCE {
30 105: SEQUENCE {
30 103: SEQUENCE {
16 9: IA5String 'image/gif'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
: EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
: }
: }
30 39: SEQUENCE {
16 37: IA5String 'http://www.example.org/logo-image.gif'
: }
: }
: }
: }
: }
: }
: }
A2 213: [2] {
A0 210: [0] {
30 207: SEQUENCE {
30 101: SEQUENCE {
30 99: SEQUENCE {
16 9: IA5String 'image/gif'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
: A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
: }
: }
30 35: SEQUENCE {
16 33: IA5String 'http://www.smime.example/logo.gif'
: }
: }
: }
30 102: SEQUENCE {
30 100: SEQUENCE {
16 10: IA5String 'image/jpeg'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
: 4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
: }
: }
30 35: SEQUENCE {
16 33: IA5String 'http://www.smime.example/logo.jpg'
: }
: }
: }
: }
: }
: }
: }
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgITN0EFee11f0Kpolw69Phqzpqx1zANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMjA2
MTUxODE4MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/
pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB
DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC
rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4IC
hDCCAoAwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYD
VR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcD
BDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZz
MB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMIIB0AYIKwYBBQUHAQwE
ggHCMIIBvqCB4zCB4KBvMG0wazBpFgppbWFnZS9qcGVnMDEwLzALBglghkgBZQME
AgEEIK/8EBZGy1YltJl95Yk+rjqEb1oC04LW2o7U7vh8vR3tMCgWJmh0dHA6Ly93
d3cuZXhhbXBsZS5uZXQvaW1hZ2VzL2xvZ28uanBnoG0wazBpMGcWCWltYWdlL2dp
ZjAxMC8wCwYJYIZIAWUDBAIBBCCIkIGBrftmri9m0EmgTY6g7E6oZEI4WzZKvyyL
0unpZjAnFiVodHRwOi8vd3d3LmV4YW1wbGUub3JnL2xvZ28taW1hZ2UuZ2lmooHV
oIHSMIHPMGUwYxYJaW1hZ2UvZ2lmMDEwLzALBglghkgBZQMEAgEEIGpYUC5ZZ/nd
0Yr+vQ2x/mClExvfD7K+8LVzRVC6G78ZMCMWIWh0dHA6Ly93d3cuc21pbWUuZXhh
bXBsZS9sb2dvLmdpZjBmMGQWCmltYWdlL2pwZWcwMTAvMAsGCWCGSAFlAwQCAQQg
vct7dXJtjBszpCzerHly2krZ8nmEClhYas4vAoDq16UwIxYhaHR0cDovL3d3dy5z
bWltZS5leGFtcGxlL2xvZ28uanBnMA0GCSqGSIb3DQEBDQUAA4IBAQBbjdCNVFA/
emCc5uKX5WSPrdvRFZSs57SEhE0odxvhTrOs13VM8Om0TxhNJ0Pl6d9CJdbUxtFw
SSnSu9fnghDO7OZDJnPiIYLNY5eTTzY6sx85mde9TLaBTE7RZf0W7NV0hqDqcfM+
9HnQrU4TtPSvtPS5rr5SvqkaMM0k89bpbkgZlh9HH14+x+DIeT0dLythiXJvkVod
qEfyZTcdplQHQ4szWO7lsjmvHrUIbS1tdAJnah8AZRZfqiJEFeiUp06hvAWnPc3y
1TMwYI8onfwPIVzyT6YLgjiT6PuLwSB/wtlhI+vWfdINaHdotegjawLm/3jZ+ceN
tu39FvbV0uKJ
-----END CERTIFICATE-----
Thanks fo you carful review that uncovered the problem.
Russ
> On Jul 27, 2022, at 7:18 PM, Timothy Geiser <slimshady007=40inbox.lv@dmarc.ietf.org> wrote:
>
> When trying to manually parse the examples in Appendix B of draft-ietf-lamps-rfc3709bis-03, I ran into trouble with B.4 and B.5 as the SEQUENCE nesting doesn't seem correct. Examples B.1, B.2, and B.3 all show three nested SEQUENCEs under the 'direct' LogotypeInfo tag [0]. This tag [0] indicates that it should contain a LogotypeData SEQUENCE, in turn containing a SEQUENCE OF LogotypeImage, in turn containing a LogotypeDetails SEQUENCE. LogotypeDetails then always starts with an IA5String. Examples B.4 and B.5 only have two nested SEQUENCEs between the [0] and IA5String.
>
> I've added comments/annotations after '#' on various lines to try to keep track of the parsing. Most comments are of the form "name (type)". The name is always defined one level higher up than itself, and the type is the type (i.e. it's contents), directly from the ASN.1 syntax.
> If nothing else, please focus on the lines marked with !!!!!!!! - if you agree that these are 'direct' SEQUENCEs that should contain a LogotypeData, then you can see that the examples are not consistent. You can even see that example B.3 has nested <<[2], [0], SEQUENCE, SEQUENCE, SEQUENCE, IA5String>> which is different than example B.5 with nested <<[2], [0], SEQUENCE, SEQUENCE, IA5String>>.
> Apoligies if this is not the correct venue for this sort of report.
>
> Regards,
> Tim Geiser
>
>
>
> B.1. Example from RFC 3709
> 30 106: SEQUENCE { # an Extension
> 06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
> 04 94: OCTET STRING, encapsulates { # extnValue
> 30 92: SEQUENCE { # LogotypeExtn (issuerLogo present; communityLogos, subjectLogo and otherLogos omitted)
> A1 90: [1] { # issuerLogo (LogotypeInfo)
> A0 88: [0] { # direct (LogotypeData) !!!!!!!!
> 30 86: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 84: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
> 30 82: SEQUENCE { # imageDetails (LogotypeDetails)
> 16 9: IA5String 'image/gif' # mediaType
> 30 33: SEQUENCE { # logotypeHash (SEQUENCE OF HashAlgAndValue)
> 30 31: SEQUENCE { # First and only HashAlgAndValue in the SEQUENCE OF
> 30 7: SEQUENCE { # hashAlg (AlgorithmIdentifier)
> 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) # algorithm
> : # NULL parameters omitted
> : }
> 04 20: OCTET STRING # hashValue
> : 8F E5 D3 1A 86 AC 8D 8E 6B C3 CF 80 6A D4 48 18
> : 2C 7B 19 2E
> : }
> : }
> 30 34: SEQUENCE { # logotypeURI (SEQUENCE OF IA5String)
> 16 32: IA5String 'http://logo.example.com/logo.gif' # First and only IA5String in the SEQUENCE OF
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
>
> # I skipped analysis of B.2 as it's identical to B.1 except for swapping sha-256 for sha1 and jpeg for gif
>
> B.3. Embedded Image Example
> 30 2160: SEQUENCE { # an Extension
> 06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
> 04 2146: OCTET STRING, encapsulates { # extnValue
> 30 2142: SEQUENCE { # LogotypeExtn (subjectLogo present; communityLogos, issuerLogo and otherLogos omitted)
> A2 2138: [2] { # subjectLogo (LogotypeInfo)
> A0 2134: [0] { # direct (LogotypeData) !!!!!!!!
> 30 2130: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 2126: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
> 30 2122: SEQUENCE { # imageDetails (LogotypeDetails)
> 16 24: IA5String 'image/svg+xml-compressed' # mediaType
> 30 49: SEQUENCE { # logotypeHash (SEQUENCE OF HashAlgAndValue)
> 30 47: SEQUENCE { # First and only HashAlgAndValue in the SEQUENCE OF
> 30 11: SEQUENCE { # hashAlg (AlgorithmIdentifier)
> 06 9: OBJECT IDENTIFIER # algorithm
> : sha-256 (2 16 840 1 101 3 4 2 1)
> # NULL parameters omitted
> : }
> 04 32: OCTET STRING # hashValue
> : C5 AC 94 1A 0A 25 1F B3 16 6F 97 C5 52 40 9B 49
> : 9E 7B 92 61 5A B0 A2 6C 19 BF B9 D8 09 C5 D9 E7
> : }
> : }
> 30 2041: SEQUENCE { # logotypeURI (SEQUENCE OF IA5String)
> 16 2037: IA5String # First and only IA5String in the SEQUENCE OF
> : 'data:image/svg+xml-compressed;base64,H4sICIGpy2E'
> : 'AA2xvZ28tY29weS5zdmcApVbbbhs3EH3nV0y3Lw2Q9fK2JLe'
> : 'wHDROUBRo2iBxW+RRlTa2UFkypIWV5ut7zlB2UqF9cuLlUkt'
> : # <-- snipped for brevity -->
> : 'ZFerdjksaCqt3IUWXcXW16vb6xdWyHLTgCaKXWKUKK1kOp9H'
> : 'K5B3ELjSdXb0loB5RYtS01L6h9yTPW51Wpqwgosr5I927aw6'
> : '401+YfwDria4WoQwAAA=='
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
>
>
>
> B.4. Embedded Certificate Image Example
> 30 2910: SEQUENCE { # an Extension
> 06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
> 04 2896: OCTET STRING, encapsulates { # extnValue
> 30 2892: SEQUENCE { # LogotypeExtn (otherLogos present; communityLogos, issuerLogo and subjectLogo omitted)
> A3 2888: [3] { # otherLogos (SEQUENCE OF OtherLogotypeInfo)
> 30 2884: SEQUENCE { # The SEQUENCE OF OtherLogotypeInfo
> 30 2880: SEQUENCE { # First and only OtherLogotypeInfo
> 06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3' # logotypeType
> A0 2866: [0] { # direct (LogotypeData) !!!!!!!!
> 30 2862: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 2858: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
> : # ??? Expected imageDetails (SEQUENCE) but found IA5String
> 16 24: IA5String 'image/svg+xml-compressed'
> 30 49: SEQUENCE {
> 30 47: SEQUENCE {
> 30 11: SEQUENCE {
> 06 9: OBJECT IDENTIFIER
> : sha-256 (2 16 840 1 101 3 4 2 1)
> : }
> 04 32: OCTET STRING
> : 83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
> : 7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
> : }
> : }
> 30 2777: SEQUENCE {
> 16 2773: IA5String
> : 'data:image/svg+xml-compressed;base64,H4sICLXutU0'
> : 'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
> : 'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
> : # <-- snipped for brevity -->
> : '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
> : 'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
> : '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
> : }
>
>
>
> B.5. Full Certificate Example
> 30 438: SEQUENCE { # LogotypeExtn (communityLogos and subjectLogo present; issuerLogo and otherLogos omitted)
> A0 223: [0] { # communityLogos (SEQUENCE OF LogotypeInfo)
> 30 220: SEQUENCE { # The SEQUENCE OF LogotypeInfo
> A0 109: [0] { # First of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData) !!!!!!!!
> 30 107: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 105: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
> : # ??? Expected imageDetails (SEQUENCE) but found IA5String
> 16 10: IA5String 'image/jpeg'
> 30 49: SEQUENCE {
> 30 47: SEQUENCE {
> 30 11: SEQUENCE {
> 06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
> : }
> 04 32: OCTET STRING
> : AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
> : 84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
> : }
> : }
> 30 40: SEQUENCE {
> 16 38: IA5String 'http://www.example.net/images/logo.jpg'
> : }
> : }
> : }
> : }
> A0 107: [0] { # Second of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData) !!!!!!!!
> 30 105: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 103: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
> : # ??? Expected imageDetails (SEQUENCE) but found IA5String
> 16 9: IA5String 'image/gif'
> 30 49: SEQUENCE {
> 30 47: SEQUENCE {
> 30 11: SEQUENCE {
> 06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
> : }
> 04 32: OCTET STRING
> : 88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
> : EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
> : }
> : }
> 30 39: SEQUENCE {
> 16 37: IA5String 'http://www.example.org/logo-image.gif'
> : }
> : }
> : }
> : }
> : }
> : }
> A2 209: [2] { # subjectLogo (LogotypeInfo)
> A0 206: [0] { # direct (LogotypeData) !!!!!!!!
> 30 203: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
> 30 99: SEQUENCE { # First of two LogotypeImage in the SEQUENCE OF
> : # ??? Expected imageDetails (SEQUENCE) but found IA5String
> 16 9: IA5String 'image/gif'
> 30 49: SEQUENCE {
> 30 47: SEQUENCE {
> 30 11: SEQUENCE {
> 06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
> : }
> 04 32: OCTET STRING
> : 6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
> : A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
> : }
> : }
> 30 35: SEQUENCE {
> 16 33: IA5String 'http://www.smime.example/logo.gif'
> : }
> : }
> 30 100: SEQUENCE { # Second of two LogotypeImage in the SEQUENCE OF
> : # ??? Expected imageDetails (SEQUENCE) but found IA5String
> 16 10: IA5String 'image/jpeg'
> 30 49: SEQUENCE {
> 30 47: SEQUENCE {
> 30 11: SEQUENCE {
> 06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
> : }
> 04 32: OCTET STRING
> : BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
> : 4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
> : }
> : }
> 30 35: SEQUENCE {
> 16 33: IA5String 'http://www.smime.example/logo.jpg'
> : }
> : }
> : }
> : }
> : }
> : }
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Inconsistent examples in draft-ietf-lamps… Timothy Geiser
- Re: [lamps] Inconsistent examples in draft-ietf-l… Russ Housley
- Re: [lamps] Inconsistent examples in draft-ietf-l… Timothy Geiser