Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
Timothy Geiser <slimshady007@inbox.lv> Mon, 05 September 2022 20:52 UTC
Return-Path: <slimshady007@inbox.lv>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9DFAC14CE25 for <spasm@ietfa.amsl.com>; Mon, 5 Sep 2022 13:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.654
X-Spam-Level:
X-Spam-Status: No, score=-6.654 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inbox.lv
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afnhiYrPigh1 for <spasm@ietfa.amsl.com>; Mon, 5 Sep 2022 13:52:11 -0700 (PDT)
Received: from shark4.inbox.lv (shark4.inbox.lv [194.152.32.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AACBC14CF05 for <spasm@ietf.org>; Mon, 5 Sep 2022 13:51:50 -0700 (PDT)
Received: by shark4.inbox.lv (Postfix, from userid 2004) id 0AE4AC0147; Mon, 5 Sep 2022 23:51:48 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=inbox.lv; s=p20220324; t=1662411108; x=1662412908; bh=C+jAidJKx9kdaIpURF8X35udujwpA3vdaK3jmZvXSqw=; h=Content-Type:Message-ID:Date:From:Subject:References:In-Reply-To: To:X-ESPOL:From:Date:To:Cc:Message-ID:Subject:Reply-To; b=YS/IPjEVfxgL5yBlqSv6XSSeuuklbV4MN3BOiME4IrUEVrqPDSLBzW+bldnDbYiGD 3wcTEkolSyrSbuJ5Rhf0vn4o4RK43o4u8I5J4SXD94lN9Z5o48rYdhmfTkQ8JqCiE2 IZAD3zZJW5N6l1dnpnCMb+tDO1kRCdFx/0DZti2o=
Received: from localhost (localhost [127.0.0.1]) by shark4-in.inbox.lv (Postfix) with ESMTP id E1CB3C0146; Mon, 5 Sep 2022 23:51:47 +0300 (EEST)
Received: from shark4.inbox.lv ([127.0.0.1]) by localhost (shark4.inbox.lv [127.0.0.1]) (spamfilter, port 35) with ESMTP id xjAaDCyI50IP; Mon, 5 Sep 2022 23:51:45 +0300 (EEST)
Received: from w1.inbox.lv (w1 [127.0.0.1]) by shark4-in.inbox.lv (Postfix) with ESMTP id 7568DC00EB; Mon, 5 Sep 2022 23:51:45 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-HTTP-USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Message-ID: <1662411105.631661615fc13@email.inbox.lv>
Date: Mon, 05 Sep 2022 16:51:45 -0400
From: Timothy Geiser <slimshady007@inbox.lv>
References: <1658963914.62e1c7ca77cce@email.inbox.lv> <7BF5D539-173D-47E9-A007-765E3FBDB489@vigilsec.com>
In-Reply-To: <7BF5D539-173D-47E9-A007-765E3FBDB489@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>, spasm@ietf.org
User-Agent: Inbox.lv Webmail
X-ESPOL: AJ2EQ3kam3BGsMC+K5gfg+6c2qXNWz0io16EvMJY9w4/qsWywNMQE3P3aIntBXHKfwa85Li9YwVO+MntdFwudSjNhGyCNuzXN1X+SV2tazwAC87xDTXAZzydby/wVQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lOtrGp4Bq4k7Q7hbM0QAr0BGOWA>
Subject: Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2022 20:52:15 -0000
Russ,
These examples look correct. As expected, example B.4 is four bytes longer to get the additional SEQUENCE in there. I also fed the base64-encoded certificate from example B.5 into the software that alerted me to the issue in the first place and it parsed correctly. Thanks for correcting this.
Tim
Subject: Re: [lamps] Inconsistent examples in draft-ietf-lamps-rfc3709bis-03
Date: Sat, 27 Aug 2022, 11:04
From: Russ Housley <housley@vigilsec.com>
To: Timothy Geiser <slimshady007@inbox.lv>
Tim:I am sorry it has taken me so long to respond.I found the error in my code that was generating the example for Appendix B4. Please take a look at this output. I hope I did not introduce a new problem...Appendix B.430 2914: SEQUENCE {06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12)04 2900: OCTET STRING, encapsulates {30 2896: SEQUENCE {A3 2892: [3] {30 2888: SEQUENCE {30 2884: SEQUENCE {06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3'A0 2870: [0] {30 2866: SEQUENCE {30 2862: SEQUENCE {30 2858: SEQUENCE {16 24: IA5String 'image/svg+xml-compressed'30 49: SEQUENCE {30 47: SEQUENCE {30 11: SEQUENCE {06 9: OBJECT IDENTIFIER: sha-256 (2 16 840 1 101 3 4 2 1): }04 32: OCTET STRING: 83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57: 7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6: }: }30 2777: SEQUENCE {16 2773: IA5String: 'data:image/svg+xml-compressed;base64,H4sICLXutU0': 'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo': 'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em': '8C9d9iERSPOd85+O5EB3+9jhL0YMuyiTPLh3iYgfpLMrjJJt': 'eOv/661M/cFBZhVkcpnmmL50sd34b/TIsH6YoiS+da11UySS': 'Jwkqj21k41Q6CDbNyUMSTS+e+quYDz1sul+6SuXkx9YhSysP': 'Uo7QPK/rlKqvCx35Wvmu+a/uGYow9EOigh0Qvr/LHSwcjjDj': 'GiGHQ914n0/sKlMf4Vwctk7i6X7/sGEYdNA5L/WeRT5IUDKm': 'SbLVWNoo2cqNCh1XyoKN8Nsuz0iqwVW8Qb1fOF0Vqp+PI06m': 'e6awqPeISzxn9goYzXYVxWIUWpfWLCMwcGoLpgy83n8wzGkb': 'R4GtefENmMBznC7DEroKpOBpM8mIWVqPEYGtA+BvoMfS2E5u': 'F1Wqu7R6FLvNFEelWReNolpiV3l2VpGntMW9nk6RKdf0+9Br': 'FrMbeVuWhtzbHvMR6UlobPyVpBWjXBk7six2vH5nCwY6nXCo': '5xb7YusvFVPqCOGh16fSxSxglmPkScLfvmDDmC4FlDc1wov8': 'IF2WZhNlVumgEPRliimDD3PhGPyTgUUMC6lKqKAjxaptq1bo': 'UJvQFsvi+LOJyxZkPE/vCwHuAmXmoj1AarnRBatzqkbv7cK5': 'Ls2ORfwM/vsOG5lURZqXxOnDXPKZw5t5jVzIhFKO0B6D6hAR': 'SXDR6Fzqq7H7mQeJAOQiUSPvFIrUHOfuui3zrFI5dYVeAmpc': 'OcOb9u63vLjae4kYX4yRifYPrTa2SlMigYdO+cEWeGADMLZL': 'H96SH4R9xRYApl6q3Y02f+NzlRAl+cZSKhB6qSIVa80fsqMn': 'WOqZJpmsXwAPoyNaQ95uNIGasKPwhxGzQzOXzMIIzBKabmLI': 'il470zfSjWWn+kvpvLQ9g1l3yRIc8gukz0uysEcakcDfy3KM': 'k+l0SOXlOopltJL7EPtUlzZfP4tnM70k8xkKCySt92MwfIXP': 'oTe0pnu4dYbp7hJ/kxWySN0ey0o/1qbiCsxDXJMWWo37QekB': 'cAUFPSGkPCnUJF5wwBacDK5cGlEp4BC2lYoJcrNNGVc7DzIq': 'xT4CKsPlrAG8mL8whRejiQe9EmImIAoz3sds9NxP4RZEzugq': 'zb7c3Q89u3WQKY9aegbsA/AUJB/bJs6pfJt9BHFEuk5DWITz': 'OH5uZSThLUsDjQ5GE6RMsyihMTaQLfA6BIiAQMAhnHHN1sd6': '1WtUhDVJiuhkrdBXd740+hLB9Vm1HjQe4ywLOBLWOMMiyQAX': 'NB8sm9Gx2qdGgGkMG6wY8aLfqgH4dfnmrVc+pPrE/Z/QnZOs': '8C1Okb2/ggwLdxlDC1D6DFPZDD98txv8xQf5TEc7Ax6ZyaDf': '6BC4SylWKCMqtizp80+UMchATal63qHq0M3ZTs83Ob/XO6LY': 'sFzpGVY5+iLxdWvwY+NaKoR/0iJIXL3dBjT2hG+wO+NXm53X': 'StSh1eogfeojV35BTOaqh/cmPUe2Mdp91pQp2CjWOO2k7Oam': 'hjU1HB3DLGm66n6iajz4bqn2oICmNFxDR/x2mC5s+rKhlkUA': '3Ne3P8lgP0qJfjf9uvu+HWXSfFwNoH4uqGUmTadYMtOc7yjE': 'Ed9EUhkwEEOcDSHKQ+yhnSvUYRH8miQo2FK5TCjWZZGWKB8i': 'HPud16wApnCvTOzjIFAj9TQdCxa+ddOTizaa1xJvD0qMrKx+': 'Ydaj6iwJQG0vaSdYWpTv4HwVRAP3Z6ONjOJunEIeKRVmhujp': 'A2+wPmQR9WFQAFhh9bGQzFEXX+WwOnXq8pV35P2Acdn0pGeb': 'cMg7OgQKaEdOKEAkFlk/9HuEKGBVwucc4AjnJ/LBYU09hVwW': 'Y1F0HlBUC2lbyIuYF58O8p+adMwUt9YAoX/IwRtAC9NAdBAy': 'GuEB3VR59u8/TGYx9/Xjz8bPB/Z/F9B0SghBK+4xxfiwtr0G': 'XECqedQQ9PRVpEAQ+26MidbGSmPm8RwRzcQsT17EPSmoorH3': '+av4Jcj78O/vIp/uzMEkHKAE6/F7VHHSj8HddR0Q3ymcGZfR': 'VjwfmOnNn3GuWR+FzhcPmPqiptHcayacT28T8j3Cs0/LQCwo': '6J2iYxP4R58AsobjFegusoJhuq7VNS2evRPcqASvQki+gbkB': 'YwETNPt/1A2pT6UErR1zMzUITZRvF5Lp5basO1fk2U4aBSjk': 'ji8quL3cDyW7TpI3unxezMcSTNhQJhfpGctKgKN2Amo7/7Sh': 'Sev4oXicPSYS+6GkCm9a1Qw3VEchCUA+z5HtTcbQhK6F14YF': 'Up+Yn7WgmzwpZCDf5DDiXT9B7U6RdHAHpdb7IqmLVjqZSLnT': 'W61zjQ7/G7D3hm9E846uTDZoNMADmLlm7IG2ieXfUtu1US9T': 'eNGUHibE9Nv//2jRJGZfQmK3v7ykJJOv1IXjBsDCPpmgWppe': '6sHxR3KVSQKqp+WIqammuJbtqkxZmMHry4oS/9pLhdCXKq8u': 'R0R+LDEqCKRxqc5VXdvPvIP+ggwR0RkyBfO9iKZvrWGAKVdz': '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD': 'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol': '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA=': }: }: }: }: }: }: }: }: }: }: }Likewise, I made the same mistake in generating the example for Appendix B.5...Appendix B.530 446: SEQUENCE {A0 227: [0] {30 224: SEQUENCE {A0 111: [0] {30 109: SEQUENCE {30 107: SEQUENCE {30 105: SEQUENCE {16 10: IA5String 'image/jpeg'30 49: SEQUENCE {30 47: SEQUENCE {30 11: SEQUENCE {06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1): }04 32: OCTET STRING: AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A: 84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED: }: }30 40: SEQUENCE {16 38: IA5String 'http://www.example.net/images/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.example.net/images/logo.jpg': }: }: }: }: }A0 109: [0] {30 107: SEQUENCE {30 105: SEQUENCE {30 103: SEQUENCE {16 9: IA5String 'image/gif'30 49: SEQUENCE {30 47: SEQUENCE {30 11: SEQUENCE {06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1): }04 32: OCTET STRING: 88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0: EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66: }: }30 39: SEQUENCE {16 37: IA5String 'http://www.example.org/logo-image.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.example.org/logo-image.gif': }: }: }: }: }: }: }A2 213: [2] {A0 210: [0] {30 207: SEQUENCE {30 101: SEQUENCE {30 99: SEQUENCE {16 9: IA5String 'image/gif'30 49: SEQUENCE {30 47: SEQUENCE {30 11: SEQUENCE {06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1): }04 32: OCTET STRING: 6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60: A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19: }: }30 35: SEQUENCE {16 33: IA5String 'http://www.smime.example/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.gif': }: }: }30 102: SEQUENCE {30 100: SEQUENCE {16 10: IA5String 'image/jpeg'30 49: SEQUENCE {30 47: SEQUENCE {30 11: SEQUENCE {06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1): }04 32: OCTET STRING: BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA: 4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5: }: }30 35: SEQUENCE {16 33: IA5String 'http://www.smime.example/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.jpg': }: }: }: }: }: }: }-----BEGIN CERTIFICATE-----MIIFpTCCBI2gAwIBAgITN0EFee11f0Kpolw69Phqzpqx1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMjA2MTUxODE4MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4IChDCCAoAwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMIIB0AYIKwYBBQUHAQwEggHCMIIBvqCB4zCB4KBvMG0wazBpFgppbWFnZS9qcGVnMDEwLzALBglghkgBZQMEAgEEIK/8EBZGy1YltJl95Yk+rjqEb1oC04LW2o7U7vh8vR3tMCgWJmh0dHA6Ly93d3cuZXhhbXBsZS5uZXQvaW1hZ2VzL2xvZ28uanBnoG0wazBpMGcWCWltYWdlL2dpZjAxMC8wCwYJYIZIAWUDBAIBBCCIkIGBrftmri9m0EmgTY6g7E6oZEI4WzZKvyyL0unpZjAnFiVodHRwOi8vd3d3LmV4YW1wbGUub3JnL2xvZ28taW1hZ2UuZ2lmooHVoIHSMIHPMGUwYxYJaW1hZ2UvZ2lmMDEwLzALBglghkgBZQMEAgEEIGpYUC5ZZ/nd0Yr+vQ2x/mClExvfD7K+8LVzRVC6G78ZMCMWIWh0dHA6Ly93d3cuc21pbWUuZXhhbXBsZS9sb2dvLmdpZjBmMGQWCmltYWdlL2pwZWcwMTAvMAsGCWCGSAFlAwQCAQQgvct7dXJtjBszpCzerHly2krZ8nmEClhYas4vAoDq16UwIxYhaHR0cDovL3d3dy5zbWltZS5leGFtcGxlL2xvZ28uanBnMA0GCSqGSIb3DQEBDQUAA4IBAQBbjdCNVFA/emCc5uKX5WSPrdvRFZSs57SEhE0odxvhTrOs13VM8Om0TxhNJ0Pl6d9CJdbUxtFwSSnSu9fnghDO7OZDJnPiIYLNY5eTTzY6sx85mde9TLaBTE7RZf0W7NV0hqDqcfM+9HnQrU4TtPSvtPS5rr5SvqkaMM0k89bpbkgZlh9HH14+x+DIeT0dLythiXJvkVodqEfyZTcdplQHQ4szWO7lsjmvHrUIbS1tdAJnah8AZRZfqiJEFeiUp06hvAWnPc3y1TMwYI8onfwPIVzyT6YLgjiT6PuLwSB/wtlhI+vWfdINaHdotegjawLm/3jZ+ceNtu39FvbV0uKJ-----END CERTIFICATE-----Thanks fo you carful review that uncovered the problem.RussOn Jul 27, 2022, at 7:18 PM, Timothy Geiser <slimshady007=40inbox.lv@dmarc.ietf.org" rel="noopener noreferrer nofollow" target="_blank">slimshady007=40inbox.lv@dmarc.ietf.org> wrote:When trying to manually parse the examples in Appendix B of draft-ietf-lamps-rfc3709bis-03, I ran into trouble with B.4 and B.5 as the SEQUENCE nesting doesn't seem correct. Examples B.1, B.2, and B.3 all show three nested SEQUENCEs under the 'direct' LogotypeInfo tag [0]. This tag [0] indicates that it should contain a LogotypeData SEQUENCE, in turn containing a SEQUENCE OF LogotypeImage, in turn containing a LogotypeDetails SEQUENCE. LogotypeDetails then always starts with an IA5String. Examples B.4 and B.5 only have two nested SEQUENCEs between the [0] and IA5String.
I've added comments/annotations after '#' on various lines to try to keep track of the parsing. Most comments are of the form "name (type)". The name is always defined one level higher up than itself, and the type is the type (i.e. it's contents), directly from the ASN.1 syntax.
If nothing else, please focus on the lines marked with !!!!!!!! - if you agree that these are 'direct' SEQUENCEs that should contain a LogotypeData, then you can see that the examples are not consistent. You can even see that example B.3 has nested <<[2], [0], SEQUENCE, SEQUENCE, SEQUENCE, IA5String>> which is different than example B.5 with nested <<[2], [0], SEQUENCE, SEQUENCE, IA5String>>.
Apoligies if this is not the correct venue for this sort of report.
Regards,
Tim Geiser
B.1. Example from RFC 3709
30 106: SEQUENCE { # an Extension
06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
04 94: OCTET STRING, encapsulates { # extnValue
30 92: SEQUENCE { # LogotypeExtn (issuerLogo present; communityLogos, subjectLogo and otherLogos omitted)
A1 90: [1] { # issuerLogo (LogotypeInfo)
A0 88: [0] { # direct (LogotypeData) !!!!!!!!
30 86: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 84: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
30 82: SEQUENCE { # imageDetails (LogotypeDetails)
16 9: IA5String 'image/gif' # mediaType
30 33: SEQUENCE { # logotypeHash (SEQUENCE OF HashAlgAndValue)
30 31: SEQUENCE { # First and only HashAlgAndValue in the SEQUENCE OF
30 7: SEQUENCE { # hashAlg (AlgorithmIdentifier)
06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) # algorithm
: # NULL parameters omitted
: }
04 20: OCTET STRING # hashValue
: 8F E5 D3 1A 86 AC 8D 8E 6B C3 CF 80 6A D4 48 18
: 2C 7B 19 2E
: }
: }
30 34: SEQUENCE { # logotypeURI (SEQUENCE OF IA5String)
16 32: IA5String 'http://logo.example.com/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://logo.example.com/logo.gif' # First and only IA5String in the SEQUENCE OF
: }
: }
: }
: }
: }
: }
: }
: }
: }
# I skipped analysis of B.2 as it's identical to B.1 except for swapping sha-256 for sha1 and jpeg for gif
B.3. Embedded Image Example
30 2160: SEQUENCE { # an Extension
06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
04 2146: OCTET STRING, encapsulates { # extnValue
30 2142: SEQUENCE { # LogotypeExtn (subjectLogo present; communityLogos, issuerLogo and otherLogos omitted)
A2 2138: [2] { # subjectLogo (LogotypeInfo)
A0 2134: [0] { # direct (LogotypeData) !!!!!!!!
30 2130: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 2126: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
30 2122: SEQUENCE { # imageDetails (LogotypeDetails)
16 24: IA5String 'image/svg+xml-compressed' # mediaType
30 49: SEQUENCE { # logotypeHash (SEQUENCE OF HashAlgAndValue)
30 47: SEQUENCE { # First and only HashAlgAndValue in the SEQUENCE OF
30 11: SEQUENCE { # hashAlg (AlgorithmIdentifier)
06 9: OBJECT IDENTIFIER # algorithm
: sha-256 (2 16 840 1 101 3 4 2 1)
# NULL parameters omitted
: }
04 32: OCTET STRING # hashValue
: C5 AC 94 1A 0A 25 1F B3 16 6F 97 C5 52 40 9B 49
: 9E 7B 92 61 5A B0 A2 6C 19 BF B9 D8 09 C5 D9 E7
: }
: }
30 2041: SEQUENCE { # logotypeURI (SEQUENCE OF IA5String)
16 2037: IA5String # First and only IA5String in the SEQUENCE OF
: 'data:image/svg+xml-compressed;base64,H4sICIGpy2E'
: 'AA2xvZ28tY29weS5zdmcApVbbbhs3EH3nV0y3Lw2Q9fK2JLe'
: 'wHDROUBRo2iBxW+RRlTa2UFkypIWV5ut7zlB2UqF9cuLlUkt'
: # <-- snipped for brevity -->
: 'ZFerdjksaCqt3IUWXcXW16vb6xdWyHLTgCaKXWKUKK1kOp9H'
: 'K5B3ELjSdXb0loB5RYtS01L6h9yTPW51Wpqwgosr5I927aw6'
: '401+YfwDria4WoQwAAA=='
: }
: }
: }
: }
: }
: }
: }
: }
: }
B.4. Embedded Certificate Image Example
30 2910: SEQUENCE { # an Extension
06 8: OBJECT IDENTIFIER logotype (1 3 6 1 5 5 7 1 12) # extnID
04 2896: OCTET STRING, encapsulates { # extnValue
30 2892: SEQUENCE { # LogotypeExtn (otherLogos present; communityLogos, issuerLogo and subjectLogo omitted)
A3 2888: [3] { # otherLogos (SEQUENCE OF OtherLogotypeInfo)
30 2884: SEQUENCE { # The SEQUENCE OF OtherLogotypeInfo
30 2880: SEQUENCE { # First and only OtherLogotypeInfo
06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 20 3' # logotypeType
A0 2866: [0] { # direct (LogotypeData) !!!!!!!!
30 2862: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 2858: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
: # ??? Expected imageDetails (SEQUENCE) but found IA5String
16 24: IA5String 'image/svg+xml-compressed'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER
: sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 83 14 B3 26 9B D3 8B 0B 2A E6 6E 42 74 E2 A7 57
: 7A 40 B7 E1 2E 53 42 44 CC 7C AE 14 68 1B 0E B6
: }
: }
30 2777: SEQUENCE {
16 2773: IA5String
: 'data:image/svg+xml-compressed;base64,H4sICLXutU0'
: 'AA0NlcnRJbWFnZURlbW8uc3ZnANVaW2/bOBZ+n19BqBigwdo'
: 'S7xK9jmeapB0EWHQHzez2WZZoR1tZMiQ5jvvr95CSL7Gl1Em'
: # <-- snipped for brevity -->
: '31cuocvoO/qemClFMYEFEH7oI+vpkek4s4bCMBqK+5mHQUlD'
: 'pE/oylpy+2/6pWXK31PEYagP04epV1cE50UMy6IQZeQM7+Ol'
: '74Z+eHfpHNc7OjffQ/HeV0X8BopoDkGEkAAA='
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
B.5. Full Certificate Example
30 438: SEQUENCE { # LogotypeExtn (communityLogos and subjectLogo present; issuerLogo and otherLogos omitted)
A0 223: [0] { # communityLogos (SEQUENCE OF LogotypeInfo)
30 220: SEQUENCE { # The SEQUENCE OF LogotypeInfo
A0 109: [0] { # First of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData) !!!!!!!!
30 107: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 105: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
: # ??? Expected imageDetails (SEQUENCE) but found IA5String
16 10: IA5String 'image/jpeg'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: AF FC 10 16 46 CB 56 25 B4 99 7D E5 89 3E AE 3A
: 84 6F 5A 02 D3 82 D6 DA 8E D4 EE F8 7C BD 1D ED
: }
: }
30 40: SEQUENCE {
16 38: IA5String 'http://www.example.net/images/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.example.net/images/logo.jpg'
: }
: }
: }
: }
A0 107: [0] { # Second of two LogotypeInfo in the SEQUENCE OF - direct (LogotypeData) !!!!!!!!
30 105: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 103: SEQUENCE { # First and only LogotypeImage in the SEQUENCE OF
: # ??? Expected imageDetails (SEQUENCE) but found IA5String
16 9: IA5String 'image/gif'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 88 90 81 81 AD FB 66 AE 2F 66 D0 49 A0 4D 8E A0
: EC 4E A8 64 42 38 5B 36 4A BF 2C 8B D2 E9 E9 66
: }
: }
30 39: SEQUENCE {
16 37: IA5String 'http://www.example.org/logo-image.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.example.org/logo-image.gif'
: }
: }
: }
: }
: }
: }
A2 209: [2] { # subjectLogo (LogotypeInfo)
A0 206: [0] { # direct (LogotypeData) !!!!!!!!
30 203: SEQUENCE { # image (SEQUENCE OF LogotypeImage)
30 99: SEQUENCE { # First of two LogotypeImage in the SEQUENCE OF
: # ??? Expected imageDetails (SEQUENCE) but found IA5String
16 9: IA5String 'image/gif'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: 6A 58 50 2E 59 67 F9 DD D1 8A FE BD 0D B1 FE 60
: A5 13 1B DF 0F B2 BE F0 B5 73 45 50 BA 1B BF 19
: }
: }
30 35: SEQUENCE {
16 33: IA5String 'http://www.smime.example/logo.gif" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.gif'
: }
: }
30 100: SEQUENCE { # Second of two LogotypeImage in the SEQUENCE OF
: # ??? Expected imageDetails (SEQUENCE) but found IA5String
16 10: IA5String 'image/jpeg'
30 49: SEQUENCE {
30 47: SEQUENCE {
30 11: SEQUENCE {
06 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
04 32: OCTET STRING
: BD CB 7B 75 72 6D 8C 1B 33 A4 2C DE AC 79 72 DA
: 4A D9 F2 79 84 0A 58 58 6A CE 2F 02 80 EA D7 A5
: }
: }
30 35: SEQUENCE {
16 33: IA5String 'http://www.smime.example/logo.jpg" rel="noopener noreferrer nofollow" target="_blank">http://www.smime.example/logo.jpg'
: }
: }
: }
: }
: }
: }
_______________________________________________
Spasm mailing list
Spasm@ietf.org" rel="noopener noreferrer nofollow" target="_blank">Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Inconsistent examples in draft-ietf-lamps… Timothy Geiser
- Re: [lamps] Inconsistent examples in draft-ietf-l… Russ Housley
- Re: [lamps] Inconsistent examples in draft-ietf-l… Timothy Geiser