Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03

Timothy Geiser <slimshady007@inbox.lv> Mon, 05 September 2022 20:52 UTC

Return-Path: <slimshady007@inbox.lv>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9DFAC14CE25 for <spasm@ietfa.amsl.com>; Mon, 5 Sep 2022 13:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.654
X-Spam-Level:
X-Spam-Status: No, score=-6.654 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inbox.lv
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afnhiYrPigh1 for <spasm@ietfa.amsl.com>; Mon, 5 Sep 2022 13:52:11 -0700 (PDT)
Received: from shark4.inbox.lv (shark4.inbox.lv [194.152.32.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AACBC14CF05 for <spasm@ietf.org>; Mon, 5 Sep 2022 13:51:50 -0700 (PDT)
Received: by shark4.inbox.lv (Postfix, from userid 2004) id 0AE4AC0147; Mon, 5 Sep 2022 23:51:48 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=inbox.lv; s=p20220324; t=1662411108; x=1662412908; bh=C+jAidJKx9kdaIpURF8X35udujwpA3vdaK3jmZvXSqw=; h=Content-Type:Message-ID:Date:From:Subject:References:In-Reply-To: To:X-ESPOL:From:Date:To:Cc:Message-ID:Subject:Reply-To; b=YS/IPjEVfxgL5yBlqSv6XSSeuuklbV4MN3BOiME4IrUEVrqPDSLBzW+bldnDbYiGD 3wcTEkolSyrSbuJ5Rhf0vn4o4RK43o4u8I5J4SXD94lN9Z5o48rYdhmfTkQ8JqCiE2 IZAD3zZJW5N6l1dnpnCMb+tDO1kRCdFx/0DZti2o=
Received: from localhost (localhost [127.0.0.1]) by shark4-in.inbox.lv (Postfix) with ESMTP id E1CB3C0146; Mon, 5 Sep 2022 23:51:47 +0300 (EEST)
Received: from shark4.inbox.lv ([127.0.0.1]) by localhost (shark4.inbox.lv [127.0.0.1]) (spamfilter, port 35) with ESMTP id xjAaDCyI50IP; Mon, 5 Sep 2022 23:51:45 +0300 (EEST)
Received: from w1.inbox.lv (w1 [127.0.0.1]) by shark4-in.inbox.lv (Postfix) with ESMTP id 7568DC00EB; Mon, 5 Sep 2022 23:51:45 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-HTTP-USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Message-ID: <1662411105.631661615fc13@email.inbox.lv>
Date: Mon, 05 Sep 2022 16:51:45 -0400
From: Timothy Geiser <slimshady007@inbox.lv>
References: <1658963914.62e1c7ca77cce@email.inbox.lv> <7BF5D539-173D-47E9-A007-765E3FBDB489@vigilsec.com>
In-Reply-To: <7BF5D539-173D-47E9-A007-765E3FBDB489@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>, spasm@ietf.org
User-Agent: Inbox.lv Webmail
X-ESPOL: AJ2EQ3kam3BGsMC+K5gfg+6c2qXNWz0io16EvMJY9w4/qsWywNMQE3P3aIntBXHKfwa85Li9YwVO+MntdFwudSjNhGyCNuzXN1X+SV2tazwAC87xDTXAZzydby/wVQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lOtrGp4Bq4k7Q7hbM0QAr0BGOWA>
Subject: Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2022 20:52:15 -0000

Russ,
These examples look correct. As expected, example B.4 is four bytes longer to get the additional SEQUENCE in there. I also fed the base64-encoded certificate from example B.5 into the software that alerted me to the issue in the first place and it parsed correctly. Thanks for correcting this.

Tim
 

----- Reply to message -----
Subject: Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
Date: Sat, 27 Aug 2022, 11:04
From: Russ Housley <housley@vigilsec.com>
To: Timothy Geiser <slimshady007@inbox.lv>
Tim:
 
I am sorry it has taken me so long to respond.
 
I found the error in my code that was generating the example for Appendix B4.  Please take a look at this output.  I hope I did not introduce a new problem...
 
Appendix B.4
 
30 2914: SEQUENCE {
06    8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)
04 2900:  OCTET STRING, encapsulates {
30 2896:   SEQUENCE {
A3 2892:    [3] {
30 2888:     SEQUENCE {
30 2884:      SEQUENCE {
06    8:       OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3'
A0 2870:       [0] {
30 2866:        SEQUENCE {
30 2862:         SEQUENCE {
30 2858:          SEQUENCE {
16   24:           IA5String 'image/svg+xml-compressed'
30   49:           SEQUENCE {
30   47:            SEQUENCE {
30   11:             SEQUENCE {
06    9:              OBJECT IDENTIFIER
       :               sha-256 (2 16 840 1 101 3 4 2 1)
       :               }
04   32:             OCTET STRING
       :           83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
       :           7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
       :              }
       :             }
30 2777:           SEQUENCE {
16 2773:            IA5String
       :          'data:image/svg+xml-compressed;base64,H4sICLXutU0'
       :          'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
       :          'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
       :          '8C9d9iERSPOd85+O5EB3+9jhL0YMuyiTPLh3iYgfpLMrjJJt'
       :          'eOv/661M/cFBZhVkcpnmmL50sd34b/TIsH6YoiS+da11UySS'
       :          'Jwkqj21k41Q6CDbNyUMSTS+e+quYDz1sul+6SuXkx9YhSysP'
       :          'Uo7QPK/rlKqvCx35Wvmu+a/uGYow9EOigh0Qvr/LHSwcjjDj'
       :          'GiGHQ914n0/sKlMf4Vwctk7i6X7/sGEYdNA5L/WeRT5IUDKm'
       :          'SbLVWNoo2cqNCh1XyoKN8Nsuz0iqwVW8Qb1fOF0Vqp+PI06m'
       :          'e6awqPeISzxn9goYzXYVxWIUWpfWLCMwcGoLpgy83n8wzGkb'
       :          'R4GtefENmMBznC7DEroKpOBpM8mIWVqPEYGtA+BvoMfS2E5u'
       :          'F1Wqu7R6FLvNFEelWReNolpiV3l2VpGntMW9nk6RKdf0+9Br'
       :          'FrMbeVuWhtzbHvMR6UlobPyVpBWjXBk7six2vH5nCwY6nXCo'
       :          '5xb7YusvFVPqCOGh16fSxSxglmPkScLfvmDDmC4FlDc1wov8'
       :          'IF2WZhNlVumgEPRliimDD3PhGPyTgUUMC6lKqKAjxaptq1bo'
       :          'UJvQFsvi+LOJyxZkPE/vCwHuAmXmoj1AarnRBatzqkbv7cK5'
       :          'Ls2ORfwM/vsOG5lURZqXxOnDXPKZw5t5jVzIhFKO0B6D6hAR'
       :          'SXDR6Fzqq7H7mQeJAOQiUSPvFIrUHOfuui3zrFI5dYVeAmpc'
       :          'OcOb9u63vLjae4kYX4yRifYPrTa2SlMigYdO+cEWeGADMLZL'
       :          'H96SH4R9xRYApl6q3Y02f+NzlRAl+cZSKhB6qSIVa80fsqMn'
       :          'WOqZJpmsXwAPoyNaQ95uNIGasKPwhxGzQzOXzMIIzBKabmLI'
       :          'il470zfSjWWn+kvpvLQ9g1l3yRIc8gukz0uysEcakcDfy3KM'
       :          'k+l0SOXlOopltJL7EPtUlzZfP4tnM70k8xkKCySt92MwfIXP'
       :          'oTe0pnu4dYbp7hJ/kxWySN0ey0o/1qbiCsxDXJMWWo37QekB'
       :          'cAUFPSGkPCnUJF5wwBacDK5cGlEp4BC2lYoJcrNNGVc7DzIq'
       :          'xT4CKsPlrAG8mL8whRejiQe9EmImIAoz3sds9NxP4RZEzugq'
       :          'zb7c3Q89u3WQKY9aegbsA/AUJB/bJs6pfJt9BHFEuk5DWITz'
       :          'OH5uZSThLUsDjQ5GE6RMsyihMTaQLfA6BIiAQMAhnHHN1sd6'
       :          '1WtUhDVJiuhkrdBXd740+hLB9Vm1HjQe4ywLOBLWOMMiyQAX'
       :          'NB8sm9Gx2qdGgGkMG6wY8aLfqgH4dfnmrVc+pPrE/Z/QnZOs'
       :          '8C1Okb2/ggwLdxlDC1D6DFPZDD98txv8xQf5TEc7Ax6ZyaDf'
       :          '6BC4SylWKCMqtizp80+UMchATal63qHq0M3ZTs83Ob/XO6LY'
       :          'sFzpGVY5+iLxdWvwY+NaKoR/0iJIXL3dBjT2hG+wO+NXm53X'
       :          'StSh1eogfeojV35BTOaqh/cmPUe2Mdp91pQp2CjWOO2k7Oam'
       :          'hjU1HB3DLGm66n6iajz4bqn2oICmNFxDR/x2mC5s+rKhlkUA'
       :          '3Ne3P8lgP0qJfjf9uvu+HWXSfFwNoH4uqGUmTadYMtOc7yjE'
       :          'Ed9EUhkwEEOcDSHKQ+yhnSvUYRH8miQo2FK5TCjWZZGWKB8i'
       :          'HPud16wApnCvTOzjIFAj9TQdCxa+ddOTizaa1xJvD0qMrKx+'
       :          'Ydaj6iwJQG0vaSdYWpTv4HwVRAP3Z6ONjOJunEIeKRVmhujp'
       :          'A2+wPmQR9WFQAFhh9bGQzFEXX+WwOnXq8pV35P2Acdn0pGeb'
       :          'cMg7OgQKaEdOKEAkFlk/9HuEKGBVwucc4AjnJ/LBYU09hVwW'
       :          'Y1F0HlBUC2lbyIuYF58O8p+adMwUt9YAoX/IwRtAC9NAdBAy'
       :          'GuEB3VR59u8/TGYx9/Xjz8bPB/Z/F9B0SghBK+4xxfiwtr0G'
       :          'XECqedQQ9PRVpEAQ+26MidbGSmPm8RwRzcQsT17EPSmoorH3'
       :          '+av4Jcj78O/vIp/uzMEkHKAE6/F7VHHSj8HddR0Q3ymcGZfR'
       :          'VjwfmOnNn3GuWR+FzhcPmPqiptHcayacT28T8j3Cs0/LQCwo'
       :          '6J2iYxP4R58AsobjFegusoJhuq7VNS2evRPcqASvQki+gbkB'
       :          'YwETNPt/1A2pT6UErR1zMzUITZRvF5Lp5basO1fk2U4aBSjk'
       :          'ji8quL3cDyW7TpI3unxezMcSTNhQJhfpGctKgKN2Amo7/7Sh'
       :          'Sev4oXicPSYS+6GkCm9a1Qw3VEchCUA+z5HtTcbQhK6F14YF'
       :          'Up+Yn7WgmzwpZCDf5DDiXT9B7U6RdHAHpdb7IqmLVjqZSLnT'
       :          'W61zjQ7/G7D3hm9E846uTDZoNMADmLlm7IG2ieXfUtu1US9T'
       :          'eNGUHibE9Nv//2jRJGZfQmK3v7ykJJOv1IXjBsDCPpmgWppe'
       :          '6sHxR3KVSQKqp+WIqammuJbtqkxZmMHry4oS/9pLhdCXKq8u'
       :          'R0R+LDEqCKRxqc5VXdvPvIP+ggwR0RkyBfO9iKZvrWGAKVdz'
       :          '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
       :          'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
       :          '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
       :             }
       :            }
       :           }
       :          }
       :         }
       :        }
       :       }
       :      }
       :     }
       :    }
       :   }
 
 
Likewise, I made the same mistake in generating the example for Appendix B.5...
 
Appendix B.5
 
30 446: SEQUENCE {
A0 227:  [0] {
30 224:   SEQUENCE {
A0 111:    [0] {
30 109:     SEQUENCE {
30 107:      SEQUENCE {
30 105:       SEQUENCE {
16  10:        IA5String 'image/jpeg'
30  49:        SEQUENCE {
30  47:         SEQUENCE {
30  11:          SEQUENCE {
06   9:           OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
      :            }
04  32:          OCTET STRING
      :           AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
      :           84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
      :           }
      :          }
30  40:        SEQUENCE {
16  38:         IA5String 'http://www.example.net/images/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.example.net/images/logo.jpg'
      :          }
      :         }
      :        }
      :       }
      :      }
A0 109:    [0] {
30 107:     SEQUENCE {
30 105:      SEQUENCE {
30 103:       SEQUENCE {
16   9:        IA5String 'image/gif'
30  49:        SEQUENCE {
30  47:         SEQUENCE {
30  11:          SEQUENCE {
06   9:           OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
      :            }
04  32:          OCTET STRING
      :           88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
      :           EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
      :           }
      :          }
30  39:        SEQUENCE {
16  37:         IA5String 'http://www.example.org/logo-image.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.example.org/logo-image.gif'
      :          }
      :         }
      :        }
      :       }
      :      }
      :     }
      :    }
A2 213:  [2] {
A0 210:   [0] {
30 207:    SEQUENCE {
30 101:     SEQUENCE {
30  99:      SEQUENCE {
16   9:       IA5String 'image/gif'
30  49:       SEQUENCE {
30  47:        SEQUENCE {
30  11:         SEQUENCE {
06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
      :           }
04  32:         OCTET STRING
      :          6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
      :          A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
      :          }
      :         }
30  35:       SEQUENCE {
16  33:        IA5String 'http://www.smime.example/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.gif'
      :         }
      :        }
      :       }
30 102:     SEQUENCE {
30 100:      SEQUENCE {
16  10:       IA5String 'image/jpeg'
30  49:       SEQUENCE {
30  47:        SEQUENCE {
30  11:         SEQUENCE {
06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
      :           }
04  32:         OCTET STRING
      :          BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
      :          4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
      :          }
      :         }
30  35:       SEQUENCE {
16  33:        IA5String 'http://www.smime.example/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.jpg'
      :         }
      :        }
      :       }
      :      }
      :     }
      :    }
      :   }
 
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgITN0EFee11f0Kpolw69Phqzpqx1zANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMjA2
MTUxODE4MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/
pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB
DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC
rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4IC
hDCCAoAwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYD
VR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcD
BDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZz
MB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMIIB0AYIKwYBBQUHAQwE
ggHCMIIBvqCB4zCB4KBvMG0wazBpFgppbWFnZS9qcGVnMDEwLzALBglghkgBZQME
AgEEIK/8EBZGy1YltJl95Yk+rjqEb1oC04LW2o7U7vh8vR3tMCgWJmh0dHA6Ly93
d3cuZXhhbXBsZS5uZXQvaW1hZ2VzL2xvZ28uanBnoG0wazBpMGcWCWltYWdlL2dp
ZjAxMC8wCwYJYIZIAWUDBAIBBCCIkIGBrftmri9m0EmgTY6g7E6oZEI4WzZKvyyL
0unpZjAnFiVodHRwOi8vd3d3LmV4YW1wbGUub3JnL2xvZ28taW1hZ2UuZ2lmooHV
oIHSMIHPMGUwYxYJaW1hZ2UvZ2lmMDEwLzALBglghkgBZQMEAgEEIGpYUC5ZZ/nd
0Yr+vQ2x/mClExvfD7K+8LVzRVC6G78ZMCMWIWh0dHA6Ly93d3cuc21pbWUuZXhh
bXBsZS9sb2dvLmdpZjBmMGQWCmltYWdlL2pwZWcwMTAvMAsGCWCGSAFlAwQCAQQg
vct7dXJtjBszpCzerHly2krZ8nmEClhYas4vAoDq16UwIxYhaHR0cDovL3d3dy5z
bWltZS5leGFtcGxlL2xvZ28uanBnMA0GCSqGSIb3DQEBDQUAA4IBAQBbjdCNVFA/
emCc5uKX5WSPrdvRFZSs57SEhE0odxvhTrOs13VM8Om0TxhNJ0Pl6d9CJdbUxtFw
SSnSu9fnghDO7OZDJnPiIYLNY5eTTzY6sx85mde9TLaBTE7RZf0W7NV0hqDqcfM+
9HnQrU4TtPSvtPS5rr5SvqkaMM0k89bpbkgZlh9HH14+x+DIeT0dLythiXJvkVod
qEfyZTcdplQHQ4szWO7lsjmvHrUIbS1tdAJnah8AZRZfqiJEFeiUp06hvAWnPc3y
1TMwYI8onfwPIVzyT6YLgjiT6PuLwSB/wtlhI+vWfdINaHdotegjawLm/3jZ+ceN
tu39FvbV0uKJ
-----END CERTIFICATE-----
 
Thanks fo you carful review that uncovered the problem.
 
Russ
 
 
 
On Jul 27, 2022, at 7:18 PM, Timothy Geiser <slimshady007=40inbox.lv@dmarc.ietf.org" rel="noopener noreferrer nofollow" target="_blank">slimshady007=40inbox.lv@dmarc.ietf.org> wrote:
 
When trying to manually parse the examples in Appendix B of draft-ietf-lamps-rfc3709bis-03, I ran into trouble with B.4 and B.5 as the SEQUENCE nesting doesn't seem correct. Examples B.1, B.2, and B.3 all show three nested SEQUENCEs under the 'direct' LogotypeInfo tag [0]. This tag [0] indicates that it should contain a LogotypeData SEQUENCE, in turn containing a SEQUENCE OF LogotypeImage, in turn containing a LogotypeDetails SEQUENCE. LogotypeDetails then always starts with an IA5String. Examples B.4 and B.5 only have two nested SEQUENCEs between the [0] and IA5String.

I've added comments/annotations after '#' on various lines to try to keep track of the parsing. Most comments are of the form "name (type)". The name is always defined one level higher up than itself, and the type is the type (i.e. it's contents), directly from the ASN.1 syntax.
If nothing else, please focus on the lines marked with !!!!!!!! - if you agree that these are 'direct' SEQUENCEs that should contain a LogotypeData, then you can see that the examples are not consistent. You can even see that example B.3 has nested <<[2], [0], SEQUENCE, SEQUENCE, SEQUENCE, IA5String>> which is different than example B.5 with nested <<[2], [0], SEQUENCE, SEQUENCE, IA5String>>.
Apoligies if this is not the correct venue for this sort of report.

Regards,
Tim Geiser



B.1.  Example from RFC 3709
   30 106: SEQUENCE {  # an Extension
   06   8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04  94:  OCTET STRING, encapsulates {  # extnValue
   30  92:   SEQUENCE {  # LogotypeExtn (issuerLogo present; communityLogos, subjectLogo and otherLogos omitted)
   A1  90:    [1] {  # issuerLogo (LogotypeInfo)
   A0  88:     [0] {  # direct (LogotypeData)  !!!!!!!!
   30  86:      SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30  84:       SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
   30  82:        SEQUENCE {  # imageDetails (LogotypeDetails)
   16   9:         IA5String 'image/gif'  # mediaType
   30  33:         SEQUENCE {  # logotypeHash (SEQUENCE OF HashAlgAndValue)
   30  31:          SEQUENCE {  # First and only HashAlgAndValue in the SEQUENCE OF
   30   7:           SEQUENCE {  # hashAlg (AlgorithmIdentifier)
   06   5:            OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)  # algorithm
         :            # NULL parameters omitted
         :             }
   04  20:           OCTET STRING  # hashValue
         :            8F E5 D3 1A 86 AC 8D 8E 6B C3 CF 80 6A D4 48 18
         :            2C 7B 19 2E
         :            }
         :           }
   30  34:         SEQUENCE {  # logotypeURI (SEQUENCE OF IA5String)
   16  32:          IA5String 'http://logo.example.com/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://logo.example.com/logo.gif'  # First and only IA5String in the SEQUENCE OF
         :           }
         :          }
         :         }
         :        }
         :       }
         :      }
         :     }
         :    }
         :   }

# I skipped analysis of B.2 as it's identical to B.1 except for swapping sha-256 for sha1 and jpeg for gif

B.3.  Embedded Image Example
   30 2160: SEQUENCE {  # an Extension
   06    8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04 2146:  OCTET STRING, encapsulates {  # extnValue
   30 2142:   SEQUENCE {  # LogotypeExtn (subjectLogo present; communityLogos, issuerLogo and otherLogos omitted)
   A2 2138:    [2] {  # subjectLogo (LogotypeInfo)
   A0 2134:     [0] {  # direct (LogotypeData)  !!!!!!!!
   30 2130:      SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 2126:       SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
   30 2122:        SEQUENCE {  # imageDetails (LogotypeDetails)
   16   24:         IA5String 'image/svg+xml-compressed'  # mediaType
   30   49:         SEQUENCE {  # logotypeHash (SEQUENCE OF HashAlgAndValue)
   30   47:          SEQUENCE {  # First and only HashAlgAndValue in the SEQUENCE OF
   30   11:           SEQUENCE {  # hashAlg (AlgorithmIdentifier)
   06    9:            OBJECT IDENTIFIER  # algorithm
          :             sha-256 (2 16 840 1 101 3 4 2 1)
                       # NULL parameters omitted
          :             }
   04   32:           OCTET STRING  # hashValue
          :           C5 AC 94 1A 0A 25 1F B3 16 6F 97 C5 52 40 9B 49
          :           9E 7B 92 61 5A B0 A2 6C 19 BF B9 D8 09 C5 D9 E7
          :            }
          :           }
   30 2041:         SEQUENCE {  # logotypeURI (SEQUENCE OF IA5String)
   16 2037:          IA5String  # First and only IA5String in the SEQUENCE OF
          :          'data:image/svg+xml-compressed;base64,H4sICIGpy2E'
          :          'AA2xvZ28tY29weS5zdmcApVbbbhs3EH3nV0y3Lw2Q9fK2JLe'
          :          'wHDROUBRo2iBxW+RRlTa2UFkypIWV5ut7zlB2UqF9cuLlUkt'
          :          # <-- snipped for brevity -->
          :          'ZFerdjksaCqt3IUWXcXW16vb6xdWyHLTgCaKXWKUKK1kOp9H'
          :          'K5B3ELjSdXb0loB5RYtS01L6h9yTPW51Wpqwgosr5I927aw6'
          :          '401+YfwDria4WoQwAAA=='
          :           }
          :          }
          :         }
          :        }
          :       }
          :      }
          :     }
          :    }
          :   }



B.4.  Embedded Certificate Image Example
   30 2910: SEQUENCE {  # an Extension
   06    8:  OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)  # extnID
   04 2896:  OCTET STRING, encapsulates {  # extnValue
   30 2892:   SEQUENCE {  # LogotypeExtn (otherLogos present; communityLogos, issuerLogo and subjectLogo omitted)
   A3 2888:    [3] {  # otherLogos (SEQUENCE OF OtherLogotypeInfo)
   30 2884:     SEQUENCE {  # The SEQUENCE OF OtherLogotypeInfo
   30 2880:      SEQUENCE {  # First and only OtherLogotypeInfo
   06    8:       OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3'  # logotypeType
   A0 2866:       [0] {  # direct (LogotypeData)  !!!!!!!!
   30 2862:        SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 2858:         SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
          :          # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   24:          IA5String 'image/svg+xml-compressed'
   30   49:          SEQUENCE {
   30   47:           SEQUENCE {
   30   11:            SEQUENCE {
   06    9:             OBJECT IDENTIFIER
          :              sha-256 (2 16 840 1 101 3 4 2 1)
          :              }
   04   32:            OCTET STRING
          :           83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
          :           7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
          :             }
          :            }
   30 2777:          SEQUENCE {
   16 2773:           IA5String
          :          'data:image/svg+xml-compressed;base64,H4sICLXutU0'
          :          'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
          :          'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
          :          # <-- snipped for brevity -->
          :          '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
          :          'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
          :          '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
          :            }
          :           }
          :          }
          :         }
          :        }
          :       }
          :      }
          :     }
          :    }
          :   }



B.5.  Full Certificate Example
   30 438: SEQUENCE {  # LogotypeExtn (communityLogos and subjectLogo present; issuerLogo and otherLogos omitted)
   A0 223:  [0] {  # communityLogos (SEQUENCE OF LogotypeInfo)
   30 220:   SEQUENCE { # The SEQUENCE OF LogotypeInfo
   A0 109:    [0] {  # First of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData)  !!!!!!!!
   30 107:     SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 105:      SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
         :       # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16  10:       IA5String 'image/jpeg'
   30  49:       SEQUENCE {
   30  47:        SEQUENCE {
   30  11:         SEQUENCE {
   06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :           }
   04  32:         OCTET STRING
         :          AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
         :          84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
         :          }
         :         }
   30  40:       SEQUENCE {
   16  38:        IA5String 'http://www.example.net/images/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.example.net/images/logo.jpg'
         :         }
         :        }
         :       }
         :      }
   A0 107:    [0] {  # Second of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData)  !!!!!!!!
   30 105:     SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30 103:      SEQUENCE {  # First and only LogotypeImage in the SEQUENCE OF
         :       # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   9:       IA5String 'image/gif'
   30  49:       SEQUENCE {
   30  47:        SEQUENCE {
   30  11:         SEQUENCE {
   06   9:          OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :           }
   04  32:         OCTET STRING
         :          88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
         :          EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
         :          }
         :         }
   30  39:       SEQUENCE {
   16  37:        IA5String 'http://www.example.org/logo-image.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.example.org/logo-image.gif'
         :         }
         :        }
         :       }
         :      }
         :     }
         :    }
   A2 209:  [2] {  # subjectLogo (LogotypeInfo)
   A0 206:   [0] {  # direct (LogotypeData)  !!!!!!!!
   30 203:    SEQUENCE {  # image (SEQUENCE OF LogotypeImage)
   30  99:     SEQUENCE {  # First of two LogotypeImage in the SEQUENCE OF
         :      # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16   9:      IA5String 'image/gif'
   30  49:      SEQUENCE {
   30  47:       SEQUENCE {
   30  11:        SEQUENCE {
   06   9:         OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :          }
   04  32:        OCTET STRING
         :         6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
         :         A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
         :         }
         :        }
   30  35:      SEQUENCE {
   16  33:       IA5String 'http://www.smime.example/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.gif'
         :        }
         :       }
   30 100:     SEQUENCE {  # Second of two LogotypeImage in the SEQUENCE OF
         :      # ??? Expected imageDetails (SEQUENCE) but found IA5String
   16  10:      IA5String 'image/jpeg'
   30  49:      SEQUENCE {
   30  47:       SEQUENCE {
   30  11:        SEQUENCE {
   06   9:         OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
         :          }
   04  32:        OCTET STRING
         :         BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
         :         4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
         :         }
         :        }
   30  35:      SEQUENCE {
   16  33:       IA5String 'http://www.smime.example/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.jpg'
         :        }
         :       }
         :      }
         :     }
         :    }
         :   }
  _______________________________________________
Spasm mailing list
Spasm@ietf.org" rel="noopener noreferrer nofollow" target="_blank">Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/spasm