[lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03

Timothy Geiser <slimshady007@inbox.lv> Wed, 27 July 2022 23:18 UTC

Return-Path: <slimshady007@inbox.lv>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB6E8C16ECC8 for <spasm@ietfa.amsl.com>; Wed, 27 Jul 2022 16:18:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.457
X-Spam-Level:
X-Spam-Status: No, score=-2.457 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inbox.lv
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-Fub6tiIMV3 for <spasm@ietfa.amsl.com>; Wed, 27 Jul 2022 16:18:38 -0700 (PDT)
Received: from shark3.inbox.lv (shark3.inbox.lv [194.152.32.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1493EC131951 for <spasm@ietf.org>; Wed, 27 Jul 2022 16:18:37 -0700 (PDT)
Received: by shark3.inbox.lv (Postfix, from userid 2004) id 2DAFC280188; Thu, 28 Jul 2022 02:18:35 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=inbox.lv; s=p20220324; t=1658963915; x=1658965715; bh=Cfibe9z9n/5IK05mLFvvCcE+OrYj7QPuIXAhH8MKH2o=; h=Content-Type:Message-ID:Date:From:Subject:To:X-ESPOL:From:Date:To: Cc:Message-ID:Subject:Reply-To; b=QZKG1l83xH1B+wGJUV/6qK8bin841RIBu5DrHF6pomUs8mmfA1aYIzVbHxJKEEeIK fDtnMeyYYvS4eEPfQwEJlK34y+aWorcM/Dn19ZJex7GE9U0IyGgFOK3qZ383oCFH3e oYyluVTLMSCDzChcTl09W29Cgq/hubGOOKajYlV4=
Received: from localhost (localhost [127.0.0.1]) by shark3-in.inbox.lv (Postfix) with ESMTP id 1A104280185 for <spasm@ietf.org>; Thu, 28 Jul 2022 02:18:35 +0300 (EEST)
Received: from shark3.inbox.lv ([127.0.0.1]) by localhost (shark3.inbox.lv [127.0.0.1]) (spamfilter, port 35) with ESMTP id Mhnbcsgj9lCk for <spasm@ietf.org>; Thu, 28 Jul 2022 02:18:34 +0300 (EEST)
Received: from w6.inbox.lv (w6 [127.0.0.1]) by shark3-in.inbox.lv (Postfix) with ESMTP id 87097280179 for <spasm@ietf.org>; Thu, 28 Jul 2022 02:18:34 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-HTTP-USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Message-ID: <1658963914.62e1c7ca77cce@email.inbox.lv>
Date: Wed, 27 Jul 2022 19:18:34 -0400
From: Timothy Geiser <slimshady007@inbox.lv>
To: spasm@ietf.org
User-Agent: Inbox.lv Webmail
X-ESPOL: AJqEQ2Vu/XQ+pLPAJuNq+ZqatKnbSCZFoV6aw78093Bav63Dtt9rdW+JbfecFGfabgGr9cDdaQVD5sPufUIwDFekjBngXObENzKZSynXAi8ACtHtCzzCGUfrfF+OVQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/UWu7Ti9-me3zu_IDzzQeMYlsWns>
Subject: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 23:18:42 -0000

When trying to manually parse the examples in Appendix B of draft-ietf-lamps-rfc3709bis-03, I ran into trouble with B.4 and B.5 as the SEQUENCE nesting doesn't seem correct. Examples B.1, B.2, and B.3 all show three nested SEQUENCEs under the 'direct' LogotypeInfo tag [0]. This tag [0] indicates that it should contain a LogotypeData SEQUENCE, in turn containing a SEQUENCE OF LogotypeImage, in turn containing a LogotypeDetails SEQUENCE. LogotypeDetails then always starts with an IA5String. Examples B.4 and B.5 only have two nested SEQUENCEs between the [0] and IA5String.

I've added comments/annotations after '#' on various lines to try to keep track of the parsing. Most comments are of the form "name (type)". The name is always defined one level higher up than itself, and the type is the type (i.e. it's contents), directly from the ASN.1 syntax.
If nothing else, please focus on the lines marked with !!!!!!!! - if you agree that these are 'direct' SEQUENCEs that should contain a LogotypeData, then you can see that the examples are not consistent. You can even see that example B.3 has nested <<[2], [0], SEQUENCE, SEQUENCE, SEQUENCE, IA5String>> which is different than example B.5 with nested <<[2], [0], SEQUENCE, SEQUENCE, IA5String>>.
Apoligies if this is not the correct venue for this sort of report.

Regards,
Tim Geiser



B.1.  Example from RFC 3709
   30 106: SEQUENCE {  # an Extension
   06   8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04  94:  OCTET STRING, encapsulates {  # extnValue
   30  92:   SEQUENCE {  # LogotypeExtn (issuerLogo present; communityLogos, subjectLogo and otherLogos omitted)
   A1  90:    [1] {  # issuerLogo (LogotypeInfo)
   A0  88:     [0] {  # direct (LogotypeData)  !!!!!!!!
   30  86:      SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30  84:       SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
   30  82:        SEQUENCE {  # imageDetails (LogotypeDetails)
   16   9:         IA5String 'image/gif'  # mediaType
   30  33:         SEQUENCE {  # logotypeHash (SEQUENCE OF HashAlgAndValue)
   30  31:          SEQUENCE {  # First and only HashAlgAndValue in the SEQUENCE OF
   30   7:           SEQUENCE {  # hashAlg (AlgorithmIdentifier)
   06   5:            OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)  # algorithm
         :            # NULL parameters omitted
         :             }
   04  20:           OCTET STRING  # hashValue
         :            8F E5 D3 1A 86 AC 8D 8E 6B C3 CF 80 6A D4 48 18
         :            2C 7B 19 2E
         :            }
         :           }
   30  34:         SEQUENCE {  # logotypeURI (SEQUENCE OF IA5String)
   16  32:          IA5String 'http://logo.example.com/logo.gif'  # First and only IA5String in the SEQUENCE OF
         :           }
         :          }
         :         }
         :        }
         :       }
         :      }
         :     }
         :    }
         :   }

# I skipped analysis of B.2 as it's identical to B.1 except for swapping sha-256 for sha1 and jpeg for gif

B.3.  Embedded Image Example
   30 2160: SEQUENCE {  # an Extension
   06    8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04 2146:  OCTET STRING, encapsulates {  # extnValue
   30 2142:   SEQUENCE {  # LogotypeExtn (subjectLogo present; communityLogos, issuerLogo and otherLogos omitted)
   A2 2138:    [2] {  # subjectLogo (LogotypeInfo)
   A0 2134:     [0] {  # direct (LogotypeData)  !!!!!!!!
   30 2130:      SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 2126:       SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
   30 2122:        SEQUENCE {  # imageDetails (LogotypeDetails)
   16   24:         IA5String 'image/svg+xml-compressed'  # mediaType
   30   49:         SEQUENCE {  # logotypeHash (SEQUENCE OF HashAlgAndValue)
   30   47:          SEQUENCE {  # First and only HashAlgAndValue in the SEQUENCE OF
   30   11:           SEQUENCE {  # hashAlg (AlgorithmIdentifier)
   06    9:            OBJECT IDENTIFIER  # algorithm
          :             sha-256 (2 16 840 1 101 3 4 2 1)
                       # NULL parameters omitted
          :             }
   04   32:           OCTET STRING  # hashValue
          :           C5 AC 94 1A 0A 25 1F B3 16 6F 97 C5 52 40 9B 49
          :           9E 7B 92 61 5A B0 A2 6C 19 BF B9 D8 09 C5 D9 E7
          :            }
          :           }
   30 2041:         SEQUENCE {  # logotypeURI (SEQUENCE OF IA5String)
   16 2037:          IA5String  # First and only IA5String in the SEQUENCE OF
          :          'data:image/svg+xml-compressed;base64,H4sICIGpy2E'
          :          'AA2xvZ28tY29weS5zdmcApVbbbhs3EH3nV0y3Lw2Q9fK2JLe'
          :          'wHDROUBRo2iBxW+RRlTa2UFkypIWV5ut7zlB2UqF9cuLlUkt'
          :          # <-- snipped for brevity -->
          :          'ZFerdjksaCqt3IUWXcXW16vb6xdWyHLTgCaKXWKUKK1kOp9H'
          :          'K5B3ELjSdXb0loB5RYtS01L6h9yTPW51Wpqwgosr5I927aw6'
          :          '401+YfwDria4WoQwAAA=='
          :           }
          :          }
          :         }
          :        }
          :       }
          :      }
          :     }
          :    }
          :   }



B.4.  Embedded Certificate Image Example
   30 2910: SEQUENCE {  # an Extension
   06    8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04 2896:  OCTET STRING, encapsulates {  # extnValue
   30 2892:   SEQUENCE {  # LogotypeExtn (otherLogos present; communityLogos, issuerLogo and subjectLogo omitted)
   A3 2888:    [3] {  # otherLogos (SEQUENCE OF OtherLogotypeInfo)
   30 2884:     SEQUENCE {  # The SEQUENCE OF OtherLogotypeInfo
   30 2880:      SEQUENCE {  # First and only OtherLogotypeInfo
   06    8:       OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3'  # logotypeType
   A0 2866:       [0] {  # direct (LogotypeData)  !!!!!!!!
   30 2862:        SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 2858:         SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
          :          # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   24:          IA5String 'image/svg+xml-compressed'
   30   49:          SEQUENCE {
   30   47:           SEQUENCE {
   30   11:            SEQUENCE {
   06    9:             OBJECT IDENTIFIER
          :              sha-256 (2 16 840 1 101 3 4 2 1)
          :              }
   04   32:            OCTET STRING
          :           83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
          :           7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
          :             }
          :            }
   30 2777:          SEQUENCE {
   16 2773:           IA5String
          :          'data:image/svg+xml-compressed;base64,H4sICLXutU0'
          :          'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
          :          'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
          :          # <-- snipped for brevity -->
          :          '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
          :          'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
          :          '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
          :            }
          :           }
          :          }
          :         }
          :        }
          :       }
          :      }
          :     }
          :    }
          :   }



B.5.  Full Certificate Example
   30 438: SEQUENCE {  # LogotypeExtn (communityLogos and subjectLogo present; issuerLogo and otherLogos omitted)
   A0 223:  [0] {  # communityLogos (SEQUENCE OF LogotypeInfo)
   30 220:   SEQUENCE { # The SEQUENCE OF LogotypeInfo
   A0 109:    [0] {  # First of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData)  !!!!!!!!
   30 107:     SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 105:      SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
         :       # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16  10:       IA5String 'image/jpeg'
   30  49:       SEQUENCE {
   30  47:        SEQUENCE {
   30  11:         SEQUENCE {
   06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :           }
   04  32:         OCTET STRING
         :          AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
         :          84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
         :          }
         :         }
   30  40:       SEQUENCE {
   16  38:        IA5String 'http://www.example.net/images/logo.jpg'
         :         }
         :        }
         :       }
         :      }
   A0 107:    [0] {  # Second of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData)  !!!!!!!!
   30 105:     SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 103:      SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
         :       # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   9:       IA5String 'image/gif'
   30  49:       SEQUENCE {
   30  47:        SEQUENCE {
   30  11:         SEQUENCE {
   06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :           }
   04  32:         OCTET STRING
         :          88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
         :          EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
         :          }
         :         }
   30  39:       SEQUENCE {
   16  37:        IA5String 'http://www.example.org/logo-image.gif'
         :         }
         :        }
         :       }
         :      }
         :     }
         :    }
   A2 209:  [2] {  # subjectLogo (LogotypeInfo)
   A0 206:   [0] {  # direct (LogotypeData)  !!!!!!!!
   30 203:    SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30  99:     SEQUENCE {  # First of two LogotypeImage in the SEQUENCE OF
         :      # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   9:      IA5String 'image/gif'
   30  49:      SEQUENCE {
   30  47:       SEQUENCE {
   30  11:        SEQUENCE {
   06   9:         OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :          }
   04  32:        OCTET STRING
         :         6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
         :         A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
         :         }
         :        }
   30  35:      SEQUENCE {
   16  33:       IA5String 'http://www.smime.example/logo.gif'
         :        }
         :       }
   30 100:     SEQUENCE {  # Second of two LogotypeImage in the SEQUENCE OF
         :      # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16  10:      IA5String 'image/jpeg'
   30  49:      SEQUENCE {
   30  47:       SEQUENCE {
   30  11:        SEQUENCE {
   06   9:         OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :          }
   04  32:        OCTET STRING
         :         BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
         :         4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
         :         }
         :        }
   30  35:      SEQUENCE {
   16  33:       IA5String 'http://www.smime.example/logo.jpg'
         :        }
         :       }
         :      }
         :     }
         :    }
         :   }