Re: [TLS] TLS grammar checker?
Carl Wallace <carl@redhoundsoftware.com> Fri, 21 June 2013 21:38 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBA7521F9E27 for <tls@ietfa.amsl.com>; Fri, 21 Jun 2013 14:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.566
X-Spam-Level:
X-Spam-Status: No, score=-0.566 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_ASCII_ART_SPACINGc=0.833, J_CHICKENPOX_19=0.6, J_CHICKENPOX_44=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZR0AobDjia3 for <tls@ietfa.amsl.com>; Fri, 21 Jun 2013 14:38:15 -0700 (PDT)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 80DAA21F9E11 for <tls@ietf.org>; Fri, 21 Jun 2013 14:38:15 -0700 (PDT)
Received: by mail-qc0-f169.google.com with SMTP id c10so5059969qcz.14 for <tls@ietf.org>; Fri, 21 Jun 2013 14:38:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:x-mailer:from:subject:date :to:x-gm-message-state; bh=Il8PSvKLAoSqthF89DQsacshqMTyGVEtUFHzMKClU2g=; b=cOL8N3cBObSrTnjkZCLQZOOHhM/LLdINeUhLTo7u76laDESfJi2RnnTV5Mwlx01pvL R8C1tknsevMcbrkk668b593kXB4tOUp1H2phpGGOapEivT+IPb0w9DOOfjuC+VI2X8Pg qlz5F7E1zlVDirr1HYqKiA5oFLRz2d8t3AJjsiN1QqcvIQgAc2rqt133YgmJ0WfasqpY xr/HvWVs5y15Dgm2bSIwA06qs6AN3b6q+l+9GETWiGPvd/ZEqzlGlD5oLJSRGsFT5uEq ts7rP0NERndEIBvO/G7Zqaa2wVuC3yINAkyuow6tMR/33Aw84pz9Lq0Fpmsvo+FkYuIR phag==
X-Received: by 10.49.35.65 with SMTP id f1mr7614262qej.72.1371850694887; Fri, 21 Jun 2013 14:38:14 -0700 (PDT)
Received: from [10.226.70.81] (209.sub-174-236-199.myvzw.com. [174.236.199.209]) by mx.google.com with ESMTPSA id 15sm8826428qaa.9.2013.06.21.14.38.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 21 Jun 2013 14:38:14 -0700 (PDT)
References: <20130621213358.0235D1A842@ld9781.wdf.sap.corp>
Mime-Version: 1.0 (1.0)
In-Reply-To: <20130621213358.0235D1A842@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <09A2DAED-00A3-4A6C-83F4-1AB80619F691@redhoundsoftware.com>
X-Mailer: iPhone Mail (10B146)
From: Carl Wallace <carl@redhoundsoftware.com>
Date: Fri, 21 Jun 2013 17:38:03 -0400
To: "mrex@sap.com" <mrex@sap.com>
X-Gm-Message-State: ALoCoQlnl4N2idYaCip6AMZiB5td2bvdePuYIWK5qCtj3hys/XNoAVI5otxN0582FZL7hkjLnPEA
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] TLS grammar checker?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 21:38:24 -0000
See RFC5911 and RFC5912. Those provide a nice collection. On Jun 21, 2013, at 5:33 PM, mrex@sap.com (Martin Rex) wrote: > the most appropriate guidance is probably in X.208-1988 Section 32, > but the source of the original confusion is from where the information > originally comes from, that OCSP conveys in these fields. > > When the mentioned OCSP elements originate from X.509 and PKIX CRLs, > then from an element that is defined as (e.g. rfc5280 page 17): > > Time ::= CHOICE { > utcTime UTCTime, > generalTime GeneralizedTime } > > and the CRL definition (rfc5280, page 56): > > CertificateList ::= SEQUENCE { > tbsCertList TBSCertList, > signatureAlgorithm AlgorithmIdentifier, > signatureValue BIT STRING } > > TBSCertList ::= SEQUENCE { > version Version OPTIONAL, > -- if present, MUST be v2 > signature AlgorithmIdentifier, > issuer Name, > thisUpdate Time, > nextUpdate Time OPTIONAL, > revokedCertificates SEQUENCE OF SEQUENCE { > userCertificate CertificateSerialNumber, > revocationDate Time, > crlEntryExtensions Extensions OPTIONAL > -- if present, version MUST be v2 > } OPTIONAL, > crlExtensions [0] EXPLICIT Extensions OPTIONAL > -- if present, version MUST be v2 > } > > But the real problem really isn't about whether you can find something > intelligible hidden somewhere in some X.something document, but how > clear will this be to an average implementor. And on this particular > account, ASN.1 is a real nightmare. > > > -Martin > > > Martin Rex wrote: >> Kemp, David P. wrote: >>> Of all the possible criticisms of ASN.1, this doesn't seem to be >>> among them. X.680 is unambiguous - the year MUST be 4 digits: >> >> Your answer is way off the target. >> >> I didn't ask about what to send out, but what to accept(!) and why. >> >> rfc2560 OSCP is based on X.690-1994: >> http://tools.ietf.org/html/rfc2560#section-6 >> >> [X.690] ITU-T Recommendation X.690 (1994) | ISO/IEC 8825-1:1995, >> Information Technology - ASN.1 encoding rules: >> Specification of Basic Encoding Rules (BER), Canonical >> Encoding Rules (CER) and Distinguished Encoding Rules >> (DER). >> >> If you search X.680 from 1994 for GeneralizedTime, it only says that it >> is a reserved keyword (therefore useless for the question at hand). >> >> In order to figure out what to **ACCEPT**, you have to refer to the >> original specifcation exclusively. >> >> >> Your quote seems to be from X.680 2008. >> >> -Martin >> >>> >>> 46.3 The type is defined, using ASN.1, as follows: >>> GeneralizedTime ::= [UNIVERSAL 24] IMPLICIT VisibleString >>> with the values of the VisibleString restricted to strings >>> of characters which are either: >>> a) a specification of a calendar date followed by a local >>> time, consisting of: >>> 1) a string representing the calendar date, as specified >>> in ISO 8601, 4.1.2.2 - Basic format); followed by: >>> >>> NOTE 1 - This specifies a four-digit representation >>> of the year, a two-digit representation of the month >>> and a two-digit representation of the day, without >>> use of separators. >>> >>> >>> >>> -----Original Message----- >>> >>> To illustrate one of my many problems with ASN.1 complexity and lack >>> of clarity, I was recently wondering on OCSP, whether it is permissible >>> or not _on_receipt_ when the "RevodedInfo->revocationTime" element >>> >>> http://tools.ietf.org/html/rfc2560#page-9 >>> >>> or the CRL Extension "CRL References" "CrlID->crlTime" element >>> >>> http://tools.ietf.org/html/rfc2560#section-4.4.2 >>> >>> contains a date&time with only 2-year, where exactly in ASN.1 it is >>> described how the receiver ought to be implemented, and whether >>> support for 2-digit years in GeneralizedTime is a "MAY", "SHOULD NOT" >>> or "MUST NOT". >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] TLS grammar checker? Peter Gutmann
- [TLS] TLS grammar checker? Paul Hoffman
- Re: [TLS] TLS grammar checker? Paul Hoffman
- Re: [TLS] TLS grammar checker? Eric Rescorla
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Paul Hoffman
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Bill Frantz
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS grammar checker? Bill Frantz
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS grammar checker? Bill Frantz
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Peter Gutmann
- Re: [TLS] TLS grammar checker? Hannes Tschofenig
- Re: [TLS] TLS grammar checker? Paul Hoffman
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Nikos Mavrogiannopoulos
- Re: [TLS] TLS grammar checker? Salz, Rich
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Kemp, David P.
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Kemp, David P.
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Carl Wallace
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Peter Gutmann
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Peter Gutmann
- Re: [TLS] TLS grammar checker? Martin Rex
- Re: [TLS] TLS grammar checker? Nico Williams
- Re: [TLS] TLS grammar checker? Kemp, David P.