IETF Logo Mail Archive

Re: [Trans] RFC6962 BIS Log file encodings.

Rick Andrews <Rick_Andrews@symantec.com> Fri, 28 March 2014 17:31 UTC

Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 423461A06E5 for <trans@ietfa.amsl.com>; Fri, 28 Mar 2014 10:31:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RmG3imafzSLp for <trans@ietfa.amsl.com>; Fri, 28 Mar 2014 10:31:26 -0700 (PDT)
Received: from tus1smtoutpex02.symantec.com (tus1smtoutpex02.symantec.com [216.10.195.242]) by ietfa.amsl.com (Postfix) with ESMTP id E07411A00DD for <trans@ietf.org>; Fri, 28 Mar 2014 10:31:25 -0700 (PDT)
X-AuditID: d80ac3f2-b7f828e0000045d3-d4-5335b1eb1138
Received: from ecl1mtahubpin01.ges.symantec.com (ecl1mtahubpin01.ges.symantec.com [10.48.69.201]) by tus1smtoutpex02.symantec.com (Symantec Brightmail Gateway out) with SMTP id 6B.86.17875.BE1B5335; Fri, 28 Mar 2014 17:31:23 +0000 (GMT)
Received: from [155.64.220.138] (helo=TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM) by ecl1mtahubpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1WTack-0000rb-R4; Fri, 28 Mar 2014 17:31:22 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.147]) by TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM ([155.64.220.138]) with mapi; Fri, 28 Mar 2014 10:31:19 -0700
From: Rick Andrews <Rick_Andrews@symantec.com>
To: Eran Messeri <eranm@google.com>, Phillip Hallam-Baker <hallam@gmail.com>
Date: Fri, 28 Mar 2014 10:31:18 -0700
Thread-Topic: [Trans] RFC6962 BIS Log file encodings.
Thread-Index: Ac8/bE5FWSAO0Oc1ReCbdFefrIADBwKqY+hA
Message-ID: <544B0DD62A64C1448B2DA253C011414607C85F39F4@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <CAMm+Lwjy7gMphsfByROYP2WDTvP4nVkCQPj=oHkVFr=AQv=qjw@mail.gmail.com> <5322131A.2080507@comodo.com> <CAMm+Lwhz7KM44kMgn8mdFtR6Ow=aMik-5GD-Wge+JZUKz751mA@mail.gmail.com> <CALzYgEdSs0+SJrL9uzem1NnWv=jPAFr_dxrqvLkSqyd_nX+yGg@mail.gmail.com>
In-Reply-To: <CALzYgEdSs0+SJrL9uzem1NnWv=jPAFr_dxrqvLkSqyd_nX+yGg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_544B0DD62A64C1448B2DA253C011414607C85F39F4TUS1XCHEVSPIN_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMIsWRmVeSWpSXmKPExsXCZeB6Uvf1RtNggyf/tS0+f9/OZnF1+XEm i0WNi1kt1j6+yOLA4nFpyWxGj52z7rJ7LNhU6rFkyU+mAJYoLpuU1JzMstQifbsEroym1uOM BbcKKrpPbWBsYLyS28XIySEhYCLxve8AC4QtJnHh3no2EFtI4B2jxKU1fF2MXED2K0aJ5Tv+ MEI4qxglvp7ewARSxSagJ7Hl8RV2EFtEwEfiwsePYHFmgUCJ79tfMoPYLAKqEh/X/ACzhYG2 3ZjxEWgDB1C9qcS1TZwQrUYSjUfnMIKEeQWiJJ49r4RY9Y9R4uqrTawgNZxAIzvOnQU7lBHo 0O+n1kCtEpe49WQ+E8QDAhJL9pxnhrBFJV4+/scKUS8qcad9Pdh8ZoF8iRld4iBhXgFBiZMz n7BMYBSbhWTSLISqWUiqIMKaEut36UNUK0pM6X7IDmFrSLTOmcuOLL6AkX0Vo0xJabFhcW5J fmlJQWqFgZFecWVuIjBik/WS83M3MQKj9gbX4U87GGfudTzEKMDBqMTDy7jYNFiINbEMqPIQ owQHs5IIb9ZEoBBvSmJlVWpRfnxRaU5q8SFGaQ4WJXHeoI+GwUIC6YklqdmpqQWpRTBZJg5O qQbGBc65AT677zJ7zl3rzei7oHhB5rkT5u7eC/b33lms41W2kF3la+/sk+r35HJku8vsvWt6 V1y8+1m+rC2I51SFUc7sw5cL7ATv2R7a9W2rofokH4mfU5tOP13rYOgSsnDNsnDt9zn8jVum cPa8Wn+XU+OoTLL7yjd+So3Z664cNToUfKLswy4pJZbijERDLeai4kQAacHY3dYCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/0g4Kkqpoh9aGNi3ZA78pZoZr-4g
Cc: Rob Stradling <rob.stradling@comodo.com>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] RFC6962 BIS Log file encodings.
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 17:31:28 -0000

In addition, our ASN.1 experts have asked for the syntax to be described in “ASN.1-like” syntax, as is used in RFCs 3280 and 5280.

For example, 3280/5280 defines an Extension like this:

Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING  }

so the extnValue is defined as an OCTET STRING, yet 6962 says “…encoding the SignedCertificateTimestampList structure as an ASN.1 OCTET STRING and inserting the resulting data in the TBSCertificate as an X.509v3 certificate extension…”. The ASN.1 folks say it’s not clear if that means that the Extension contains the OCTET STRING data type (for extnValue) and length followed by another OCTET STRING data type identifier and length of the SCT. Or is the second OCTET STRING identifier redundant?

Those updating existing cert generation code will probably be dealing with ASN.1 compilers, so a precise definition of structures in ASN.1-like syntax will go a long way. In addition, defining OIDs as arc plus extension (like this: id-kp-serverAuth  OBJECT IDENTIFIER ::= { id-kp 1 }) would help.

-Rick

From: Trans [mailto:trans-bounces@ietf.org] On Behalf Of Eran Messeri
Sent: Friday, March 14, 2014 3:01 AM
To: Phillip Hallam-Baker
Cc: Rob Stradling; trans@ietf.org<mailto:trans@ietf.org>
Subject: Re: [Trans] RFC6962 BIS Log file encodings.

I strongly support clarifying the description of the file format. When I started implementing aspects of RFC6962 (with no background in TLS encoding or ASN.1) it was very unclear.
From other posts<https://groups.google.com/forum/#!topic/certificate-transparency/T9CDwnsercQ> on the list it seems this was unclear to others as well.

On Thu, Mar 13, 2014 at 10:50 PM, Phillip Hallam-Baker <hallam@gmail.com<mailto:hallam@gmail.com>> wrote:
On Thu, Mar 13, 2014 at 4:20 PM, Rob Stradling <rob.stradling@comodo.com<mailto:rob.stradling@comodo.com>> wrote:
(Inspired by RFC5280 Appendix C)

Would it help to include one or more example SCTs in the text?

I think we definitely need that for Proposed. But right now I am trying to see how complete the description is.

--
Website: http://hallambaker.com/

_______________________________________________
Trans mailing list
Trans@ietf.org<mailto:Trans@ietf.org>
https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email