Re: [Trans] Precertificate format

Brian Smith <brian@briansmith.org> Tue, 09 September 2014 20:02 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71C11A0199 for <trans@ietfa.amsl.com>; Tue, 9 Sep 2014 13:02:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwJb8KjZh5v4 for <trans@ietfa.amsl.com>; Tue, 9 Sep 2014 13:02:47 -0700 (PDT)
Received: from mail-qa0-f45.google.com (mail-qa0-f45.google.com [209.85.216.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B33791A017D for <trans@ietf.org>; Tue, 9 Sep 2014 13:02:47 -0700 (PDT)
Received: by mail-qa0-f45.google.com with SMTP id s7so927505qap.4 for <trans@ietf.org>; Tue, 09 Sep 2014 13:02:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=F2YsmJOCnWtlVG6HnPLwdlxSlCTmrLkQEplc6yNWl5U=; b=B/NTbGuwhXLD7Uano1WPJdsanvZ7CX9yIq5qSFT2/zVpkJMA5V8XIahTrYCksvWY7A 8zhUWNhGMxRVaxbgK4qTTwPtVHFOSwRUExWOXQZxTPwK6AlRXHNlVWaf+zyjR9HsMLRK +35orlSjfm5n8sRRE9m5c7X/0HnMZqOcGmo8pGCnSpNJwB8sf1H6rKXm7A/osplSEX4k tfRIxShkI2AicQdpw/VclN5b/+oiKN1bPYXDXfbAwTb/A7BOa9kVH/qjG0acntI46LfE IppwetEzEdxPZKIa2za2/F5I2akpMOoo0imOiLv/hJCl+cai1r4m6iVreT6cYceJQWFj W1Tw==
X-Gm-Message-State: ALoCoQmnD6st/1EOJJh0HR2VZD7jfv+XrulKCaRo/s22n5KmYLDd76vQO8/kC7jtBS5BU2uQpMQr
MIME-Version: 1.0
X-Received: by 10.140.38.73 with SMTP id s67mr52832967qgs.4.1410292966861; Tue, 09 Sep 2014 13:02:46 -0700 (PDT)
Received: by 10.224.67.133 with HTTP; Tue, 9 Sep 2014 13:02:46 -0700 (PDT)
In-Reply-To: <CAFewVt4FpwpXhcrW0mM6atASBh6k9jDb3DCCsDBNppJBrkjwXQ@mail.gmail.com>
References: <540DFA75.2040000@gmail.com> <540E0E90.1070208@bbn.com> <CAFewVt5kZqw0-W7PqtFHe7yJUsR9PqVJ6C74ZShgo0qs19wLjA@mail.gmail.com> <544B0DD62A64C1448B2DA253C011414607D07DC251@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAFewVt4FpwpXhcrW0mM6atASBh6k9jDb3DCCsDBNppJBrkjwXQ@mail.gmail.com>
Date: Tue, 9 Sep 2014 13:02:46 -0700
Message-ID: <CAFewVt70RE1R==hdmrXG75549off2gA5oTmuRXNy5hHgo8BAeQ@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Rick Andrews <Rick_Andrews@symantec.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/aFOShSajngLWJ_5x2H648hNOeLU
Cc: "trans@ietf.org" <trans@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [Trans] Precertificate format
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 20:02:50 -0000

On Tue, Sep 9, 2014 at 12:56 PM, Brian Smith <brian@briansmith.org> wrote:
> where the internal syntax of ASN.1Precert is (in ASN.1):
>
>   ASN1Precert ::=  SEQUENCE  {
>     precertSigningCert [0] EXPLICIT OptionalCertificate,
>     tbsCertificate       TBSCertificate,
>     signatureAlgorithm   AlgorithmIdentifier,
>     signatureValue BIT STRING }
>
>   OptionalCertificate ::= certificate Certificate OPTIONAL;
>
> In other words, ASN1Precert is exactly an X.509 Certificate except
> that it starts with an explicitly-tagged, possibly-empty
> precertSigningCert field.

...and where signatureValue covers both precertSigningCert and
tbsCertificate, instead of just tbsCertificate. (This would have been
more clear if I would have wrapped precertSigningCert and
tbsCertificate in a SEQUENCE.)

Cheers,
Brian