IETF Logo Mail Archive

[lamps] [CMP Updates] position of hashAlg in certStatus

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 31 August 2021 12:21 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5139A3A11E4 for <spasm@ietfa.amsl.com>; Tue, 31 Aug 2021 05:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjwnXDnPUFnO for <spasm@ietfa.amsl.com>; Tue, 31 Aug 2021 05:21:21 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80048.outbound.protection.outlook.com [40.107.8.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 147053A11F2 for <spasm@ietf.org>; Tue, 31 Aug 2021 05:21:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kSJZpkDjymw5ORpCAnhNZ7W10Lu5b2hDF7f3ehu3YJAOURArkuG7ci9R8PLVN5X1zGYqpZC6l8OTjhg7Oetlsa3lp2CoLtny+Js9QGjPFCWzmjQ2EEo6nNbr25e4lE0SPgdvjPcBUXJCAWoEzKtl0+Bq+DN+47E+xdKsOSATk1ldyfF32eJiFEtTeXyxg8R1NWigelRNN/OudFamgkzTLAsGZXcpJOBi0flU2XnSy0MvM5C3PALbBAYD50KQGi93EINSveOrUMPFfkt+mE2+AS7TkHtkf13tQUclRVhm5uaS721AIAC8/3RibrF+cF3Hm+sMQn3G1DAm2YrQfMSVrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9LcOz5nB5yRBGH7qZdldSp7VMKBKSeXpH0tZUMHwM3Y=; b=WUDY0rEs9FWFnxBonE6MIz0TT2HcTxHTJM31RevVgSO7Hl0dbEpxsnJwhs49QyCP8HQpFajRDmM5pF5jJ1Ml++7Me3zMbZ9GJwmMXieKSy/urBoHJJvJkNmMyRN/1aHkexJ9kiqNHWyEMOLhtwOGF+hVJR+wFIlZdEExTchOR5gutAtqtlZwGdO/C5tJSnygPTGXyes6n9FaIUx1v3wVr3eNc28SRhq2sDDXPWiwbGgTW6DoOsV+DTlF/SIU2vCG+jCLA0wnrKXmtRNeRkFIwBjAM7or63geQ7AaFJPTx2QlbU4WjTHPUS25tyTLRrkVgwwvvkibCekgyPwz/xMj/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9LcOz5nB5yRBGH7qZdldSp7VMKBKSeXpH0tZUMHwM3Y=; b=YuJIgvQ9ZFYwzt8499aMSd6mi3zF34BcgBHE9GYexkkqmE0O8Xm1T5I8nvfrToFmBi0hyfSfICMTK2/EO+p2tE0y/FpzMqMILOybRyF5DmPjSupKQX354PpwNLqKB0qUxEjjaAkBN+A6xqGN6dIwbf1yTbW4nHGCrq8O7nsOAYc=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB3537.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:155::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.24; Tue, 31 Aug 2021 12:21:11 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::94af:54e2:d772:2fb5]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::94af:54e2:d772:2fb5%6]) with mapi id 15.20.4457.024; Tue, 31 Aug 2021 12:21:11 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>, "spasm@ietf.org" <spasm@ietf.org>
CC: John Gray <John.Gray@entrust.com>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, "ietf-hendrikb@h.mailbouncer.info" <ietf-hendrikb@h.mailbouncer.info>
Thread-Topic: [CMP Updates] position of hashAlg in certStatus
Thread-Index: AdeeYf4qJoncXhwQRYWt5DPU7d+LUg==
Date: Tue, 31 Aug 2021 12:21:11 +0000
Message-ID: <AM0PR10MB24186D6DC7AF50CCC6576D93FECC9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-08-31T12:21:10Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=001f4c8c-7be7-4d27-b680-e4ad560dd2b9; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 04d30465-d110-4439-ad01-08d96c79d1fa
x-ms-traffictypediagnostic: AM0PR10MB3537:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB353789616CAD768327C28F84FECC9@AM0PR10MB3537.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aOSwktgMYiSw2MkO7TCoC2a/60VEJJaSajbr/iyYDpox73BfZY0Q5nlV7Y7RjFMOwFINl1nYf81wtQ4E+snjqhf7ws1MBN/JNMvcHVXLfdYyEnjnMmNaLcVLdJOspVIuHLt9cOjCrjHuiIbtPKCoVuqD55F11TZzKN1tl6sYgMte3Oqc4/ZXVQQUUVSYTLEu1GBiPFqe6U1BQj996cvnin6DQNeUGKtnJGMEEmfjwQ1SUY0KYwWDu4WnO00LjOv5w/p7kYsAQDpNt+6o5mcDDVBSUhLsr4LulKfTEZX6VJrqxXpVaxVfxfPdrgSG6arIIp+eyHs/lsNU1qk0zQ352xPRwDm3F0q8dAwWKstsYhPDKHLcs+RJ7gJNLJrHbbWTqnEHpeno8nWOzI3ZIj9f4Ci1bFNimKjz1bFYaXNt3xsbR8MKcauuFK+nM/oPHjkDAp1c3pmJ35GBcq1VkiIZs/MAAfh3EDi7gCxpzYftONEGdEn79Znvw+Fl6dO56v6+i0GoaUeC0ewwGeTR1jbt08GK8JZ7fFTdNmozay1ZuFhkqfUD3+6tubijxDIpdTXAdXxhjKYyrm1vZkEznjYPb2ZGgMi9C1RerIas+/O8EEPcKWfJdupu8iysQ813ONZbp+jupXJk+7tyt8JEwBeGmQiqpbXNRwKAVMJ5+nWk/F+9VgFqBfSbfnawSrBm86TZgqsbmQfXmAREkK5GwqhCsw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(33656002)(186003)(9686003)(54906003)(55016002)(38070700005)(86362001)(498600001)(15650500001)(71200400001)(110136005)(66556008)(66476007)(64756008)(66946007)(66446008)(4326008)(26005)(76116006)(55236004)(83380400001)(38100700002)(2906002)(6506007)(5660300002)(8936002)(53546011)(52536014)(7696005)(8676002)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: N6mAklFer3E69+Lb6cgd/IDZtmsSgWUvy7pQ+XIghHjAV0r76HRB+PygYccsquDhd4IoC+plKy3VZDEe8D6KftcYTvniz4cGNp+3o6UpdGK+nOiYupEKubTd+hSxlvYMTHEgKogG6gugdjRnvLLdQo0Khp+JuQ+s34imtWUahbzLWkXJtuhf2fcKApQgs5+6mvb7FPcEKkKwsdQv27Pp0e47mfWYuP87oYGjHZbepVf8wSSqWI4N5YSlJeST5fSx2dSr6g49GJE7n0WodNyfDRKcyMTzdcORvbK1Q181Ki/CXEie/8+P0jrb/4wa+sWs1bonRB7fLrMsrYBjRaVzaggZgEo6u7rkGSPTqH3LkQRQf49Z9ZTbF2H1G0jRLDmqIJIN/4Q0zad5XioFpdcIEUPXzX4PBJyALeSvO0GiTH86nuE1Qham+bvG0fc52xIrxQC/JsbZKM0U4pAxx9QYYrCoVT9t5sVivdEXalCyuRVQyii8hfq+rPlUf+9jVO9xnJf8sd/JTzJ4EtjgXLBgLdSpdp3rYQYaeD62RYnucHvqad3h/GvRb0GUhcjCEXNtDwGOtHgr3+xEEI2QMFLocUBEnp0oZAxxecCiqLKP8fInb/MQZ4atpEZvutJDtef4ad8P+8lUJWHnahtgqtt5spiimHbqPA10yg0rAQmnBZl/yDzQUncFPa2KEgX1HUvcczcLGjS9PvqhivPYmiBY5L8Awvoszi5wz5VZXWplFmTd9DN4MAx3asJ1smpbUbG5p8kmyViumMmJ3IKJASLLFoH8yGCRxuO+zsqMCexICc6J6hn2B5mc1ub4hOmxB27naK0wuE8IZ4u1Km+1Whsps5cp4Yc0KkuQGF/tTlpDHKEX2LNVs8qT7ep6tYOM3qANQERlpk/n5bI4LKbUByC1sEbXcZOwgzQvp937nfqJd/L1VeGc0OgA+OxoikI7Pz4rFpieYLtaldFfdvcZ2D1u8mnhHdndEA1qBDYF0OtIunJm2iaVdp0fCvr7xgtu2HQaNmmhoC+vLOGF6Iblw2cAy8O3hF69dcLuLYpoMCXIzqddLFVF98dMtigxvXc/G+2tFRfSSuKboGJBBfEJtBULDcDY6y6n4Io6Ce7B/THN1x15s+8w8e2pIwRA7vc5lyebKI50QKA8VeIU3lNO06qr9fU932VA910ij328rD8urW0P0+IkgfeBbBZT769hHtPiFCzL71GIz/HXx7gowQWHIqGPN0p0Dl4OlNrzfQF5OKW5mN5CAQWcQl1OW+LpGTkXDew1MXEiCRbA/txUFq2cD1mIPGFGjjD8QjgL9D3WsRjjyHJIrw84GliR78B/ZfV5
Content-Type: multipart/alternative; boundary="_000_AM0PR10MB24186D6DC7AF50CCC6576D93FECC9AM0PR10MB2418EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 04d30465-d110-4439-ad01-08d96c79d1fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2021 12:21:11.8265 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 88BUJ+JZkkhPcOIjFvm+D9VU5up0IooPGrxjnp+7YXVDOHlTvIb3XROxrg6mtODLIfEBybdJUGSCOhBKRL8Pv+BrACwj0mM5a9yrfh+lSss=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3537
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/WBxlrE93v8bPwQy6fba0QTddspk>
Subject: [lamps] [CMP Updates] position of hashAlg in certStatus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2021 12:21:27 -0000

Russ

Currently we receive valuable feedback from John Gray on the CMP Updates draft.

One proposal from John is on moving the hashAlg field in the certStatus sequence from the first to the last position. Please see his arguments in this email tread below.

Current syntax:

   CertStatus ::= SEQUENCE {

      hashAlg [0] AlgorithmIdentifier OPTIONAL

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

   }

Johns proposal:

   CertStatus ::= SEQUENCE {

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

      hashAlg [0] AlgorithmIdentifier OPTIONAL

   }

Davids proposal:

   CertStatus ::= SEQUENCE {

      certHash    OCTET STRING,

      certReqId   INTEGER,

      statusInfo  PKIStatusInfo OPTIONAL,

      hashAlg     AlgorithmIdentifier OPTIONAL

   }

We are uncertain what the best approach from an ASN.1 syntax parsing perspective is. What is your opinion?

Hendrik


Von: Brockhaus, Hendrik (T RDA CST SEA-DE)
Gesendet: Dienstag, 31. August 2021 14:07
An: John Gray <John.Gray@entrust.com>

Von: David von Oheimb <David.von.Oheimb@siemens.com<mailto:David.von.Oheimb@siemens.com>>
Gesendet: Donnerstag, 26. August 2021 22:43
An: John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>

On 26.08.21 11:26, Brockhaus, Hendrik (T RDA CST SEA-DE) wrote:

Von: John Gray <John.Gray@entrust.com><mailto:John.Gray@entrust.com>
Gesendet: Mittwoch, 25. August 2021 18:35
An: von Oheimb, David (T RDA CST SEA-DE) <david.von.oheimb@siemens.com><mailto:david.von.oheimb@siemens.com>; Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com><mailto:hendrik.brockhaus@siemens.com>
Cc: ietf-hendrikb@h.mailbouncer.info<mailto:ietf-hendrikb@h.mailbouncer.info>; Kretschmer, Andreas (T RDA CST SEA-DE) <andreas.kretschmer@siemens.com><mailto:andreas.kretschmer@siemens.com>
Betreff: RE: [EXTERNAL] Re: CMP Updates and Lightweight CMP Profile

Thanks for the updates.

I continued to review the document today as well.   Here are some more comments:

Section 2.10 -  CertStatus update.  I was wondering if adding the optional tagged element as the last element *might* make a difference:

For now it is defined as:

Replace the ASN.1 Syntax of CertStatus with the following text:

      CertStatus ::= SEQUENCE {
         hashAlg [0] AlgorithmIdentifier OPTIONAL,
         certHash    OCTET STRING,
         certReqId   INTEGER,
         statusInfo  PKIStatusInfo OPTIONAL
      }


I would have expected that adding something new would be added like this:


Replace the ASN.1 Syntax of CertStatus with the following text:



      CertStatus ::= SEQUENCE {

         certHash    OCTET STRING,

         certReqId   INTEGER,

         statusInfo  PKIStatusInfo OPTIONAL,

         hashAlg [0] AlgorithmIdentifier OPTIONAL

      }

If a CMPv2 server received the hashAlg as the last element, it might still work, but would fail in the first case.   However, I know you say if the hashAlg is included then it must use the pvno of version 3, so the order doesn’t really matter.   I just thought that for someone implementing it, it might be a bit easier to check if the tag exists after the existing parsing (at the end), rather than checking if it exists on the first element.  It would mean no parsing logic has to change until it reaches the last element.   However, I suppose the counter argument would be that if hashAlg is included first, but it isn’t supported then an older server would fail faster which is probably a desirable property.

[Bro] This is a interesting point we also thought about. Here are some thoughts we had.
First of all, we think the binary ASN.1 of a certConf message produced by a client only knowing the original cmp2000 without hashAlg does not differ between from a client knowing the hashAlg field, but not using it.
This should be the case when placing the hashAlg field at the first as well as at the last position of the sequence.
Second, we took the OOBCertHash type as an example and therefore decided for placing the hashAlg field also at the first position.
        OOBCertHash ::= SEQUENCE {
            hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
            certId      [1] CertId                  OPTIONAL,
            hashVal         BIT STRING
        }
Third, the hash algorithm OID is required before calculating the hash value. Therefore, it is the logical order to have hashAlg first.
Theses were the thoughts we had for placing hashAlg in the first position, but they are no strict reasons to do it this way round.
I cannot say, if your arguments still hold true from an implementation perspective. @David, maybe you can comment on the more implementation related issues.

I am not an ASN.1 expert, but as far as I understand from using its OpenSSL implementation, it should not make much difference whether to fail earlier or later in case the bits do not fit with the expected structure.
At least for the CMP implementation, which simply uses the ASN.1 parser, there would be no noticeable difference since either the parsing of the whole structure (including its total sequence length) succeeds or not.
If a receiver expects a structure encoded as in CMPv2 but gets an encoding for CMPv3, I think due to the presence of the "[0]" tag, parsing will fail even if the hashAlg fields is at the end with not value being present.
A backward-compatible definition might look like this:

      CertStatus ::= SEQUENCE {

         certHash    OCTET STRING,

         certReqId   INTEGER,

         statusInfo  PKIStatusInfo OPTIONAL,

         hashAlg     AlgorithmIdentifier OPTIONAL

      }

but supposedly we cannot do this because it would be ambiguous whether the optional statusInfo or hashAlg field is present.
To me, the main point is a conceptual one: the hashAlg needs to "seen" before the certHash, so it is logical to have them in this order.

[Bro] I am also no ASN.1 expert, but Russ is. Therefore, I will forward the question to him to get his advice. As statusInfo and hashAlg have different types, it may also work without tagging.

v2.23.0 | Report a Bug | By Email