Re: [Trans] Alternate formats for Precertificates
Carl Wallace <carl@redhoundsoftware.com> Wed, 26 February 2014 17:05 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8071A06D6 for <trans@ietfa.amsl.com>; Wed, 26 Feb 2014 09:05:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smDWO4VOn_XP for <trans@ietfa.amsl.com>; Wed, 26 Feb 2014 09:05:50 -0800 (PST)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by ietfa.amsl.com (Postfix) with ESMTP id 18E071A06B3 for <trans@ietf.org>; Wed, 26 Feb 2014 09:05:50 -0800 (PST)
Received: by mail-qc0-f182.google.com with SMTP id w7so1779337qcr.27 for <trans@ietf.org>; Wed, 26 Feb 2014 09:05:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=WJhQdgCcRCbsujJYZc05pfArui4T6jsl/H4CiPafEk0=; b=ZVm8eplC8UY9/GRq0vz59AloQk5F9jeLVe2h391tMbWuw4DVZTdLDJWkI1vxhVKcDd gNyI7qM9WSLe3ufT6dIqdGbHTu8xAOZygVE5OjqQBsaPmkYKviC8fsRkUe6bAh0GM+Er NvYtqwu0sL3hI99c2x7ZWug2su6/MQIwEUhtSDcaCIm4HNuZKTTImkYpMBnEdSoGaHqm WDhIo07iD0ffCERogx7O1v0tYRF6Q6JN/AGkE8TiG8H8pfIlUDcLjzBV3gWJapU0YZbP 2mbw59bA0sMcBCi3UtAmygH/1mAnZuLVf1AcY6gS6TQlO9REdtQ0of/4e7jlgRrJVOYm GdBg==
X-Gm-Message-State: ALoCoQk52i2S1KvueGovFavPgWTEmi7mzCNwNfAzl1yKcYNvBpOvo0QZP9xTgvUL6B51y0mSGjwh
X-Received: by 10.224.223.134 with SMTP id ik6mr9630956qab.90.1393434348718; Wed, 26 Feb 2014 09:05:48 -0800 (PST)
Received: from [192.168.2.4] (pool-173-79-106-67.washdc.fios.verizon.net. [173.79.106.67]) by mx.google.com with ESMTPSA id h12sm686737qge.0.2014.02.26.09.05.46 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 26 Feb 2014 09:05:48 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.3.9.131030
Date: Wed, 26 Feb 2014 12:05:42 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, Ben Laurie <benl@google.com>
Message-ID: <CF3388E0.11D87%carl@redhoundsoftware.com>
Thread-Topic: [Trans] Alternate formats for Precertificates
References: <CABrd9SSOmEgbTvLNw5bPN2SnKbob800qEecn+tHvZUkrghFcQg@mail.gmail.com> <530E100A.7040503@primekey.se> <530E142A.90007@comodo.com> <530E16CD.6030908@primekey.se> <CABrd9SR1S7Fg5Xs_dkgou3HfF4O_hyzFxW4qS=-2eti7DmGZew@mail.gmail.com> <67380B58-5D8B-4B38-B20B-2FF6769FE94B@vpnc.org>
In-Reply-To: <67380B58-5D8B-4B38-B20B-2FF6769FE94B@vpnc.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/oHEZD-dxZCpG-gESr8kRY7TeEek
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Alternate formats for Precertificates
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 17:05:54 -0000
On 2/26/14, 11:58 AM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote: >RFC 4211 is also somewhat ambiguous. It says: > > CertTemplate ::= SEQUENCE { > version [0] Version OPTIONAL, > serialNumber [1] INTEGER OPTIONAL, > signingAlg [2] AlgorithmIdentifier OPTIONAL, > issuer [3] Name OPTIONAL, > validity [4] OptionalValidity OPTIONAL, > subject [5] Name OPTIONAL, > publicKey [6] SubjectPublicKeyInfo OPTIONAL, > issuerUID [7] UniqueIdentifier OPTIONAL, > subjectUID [8] UniqueIdentifier OPTIONAL, > extensions [9] Extensions OPTIONAL } > >And: > > serialNumber MUST be omitted. This field is assigned by the CA > during certificate creation. > > signingAlg MUST be omitted. This field is assigned by the CA > during certificate creation. > >If it "MUST be omitted", it is not optional. So, a document updating RFC >4211 to fix this error, at least for the limited use of CT, seems fine. If this is all that is sought, why not just use TBSCertificate as Rob suggested and be done? How would that run afoul of ritual compliance?
- [Trans] Alternate formats for Precertificates Ben Laurie
- Re: [Trans] Alternate formats for Precertificates Phillip Hallam-Baker
- Re: [Trans] Alternate formats for Precertificates Tomas Gustavsson
- Re: [Trans] Alternate formats for Precertificates Goulet, Walter
- Re: [Trans] Alternate formats for Precertificates Rob Stradling
- Re: [Trans] Alternate formats for Precertificates Tomas Gustavsson
- Re: [Trans] Alternate formats for Precertificates Ben Laurie
- Re: [Trans] Alternate formats for Precertificates Tomas Gustavsson
- Re: [Trans] Alternate formats for Precertificates Paul Hoffman
- Re: [Trans] Alternate formats for Precertificates Carl Wallace
- Re: [Trans] Alternate formats for Precertificates Paul Hoffman
- Re: [Trans] Alternate formats for Precertificates Carl Wallace
- Re: [Trans] Alternate formats for Precertificates Melinda Shore
- Re: [Trans] Alternate formats for Precertificates Robin Alden
- Re: [Trans] Alternate formats for Precertificates Rob Stradling
- Re: [Trans] Alternate formats for Precertificates Rob Stradling
- Re: [Trans] Alternate formats for Precertificates Tomas Gustavsson