Re: [Trans] RFC6962 BIS Log file encodings.

Rick Andrews <> Fri, 28 March 2014 18:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 833B71A032F for <>; Fri, 28 Mar 2014 11:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ODLm8tKPnwFi for <>; Fri, 28 Mar 2014 11:00:27 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 895961A0950 for <>; Fri, 28 Mar 2014 11:00:27 -0700 (PDT)
X-AuditID: d80ac3f3-b7f258e000006064-1d-5335b8b8be97
Received: from ( []) by (Symantec Brightmail Gateway out) with SMTP id 1A.BF.24676.8B8B5335; Fri, 28 Mar 2014 18:00:25 +0000 (GMT)
Received: from [] (helo=TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM) by with esmtp (Exim 4.76) (envelope-from <>) id 1WTb4q-0000YR-BD; Fri, 28 Mar 2014 18:00:24 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([]) by TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM ([]) with mapi; Fri, 28 Mar 2014 11:00:08 -0700
From: Rick Andrews <>
To: "David A. Cooper" <>
Date: Fri, 28 Mar 2014 11:00:06 -0700
Thread-Topic: [Trans] RFC6962 BIS Log file encodings.
Thread-Index: Ac9Krt0JwDR97MZjQzu6ht0+bZsBowAAIlTw
Message-ID: <544B0DD62A64C1448B2DA253C011414607C85F3A8F@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <> <> <> <> <544B0DD62A64C1448B2DA253C011414607C85F39F4@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_544B0DD62A64C1448B2DA253C011414607C85F3A8FTUS1XCHEVSPIN_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCIsWRmVeSWpSXmKPExsXCZeB6UnfnDtNgg/+/BC2OLLrKaLH28UUW ByaPJUt+MnlcO/mXNYApissmJTUnsyy1SN8ugStjxYbTTAXz1zBWbG/qZGpgnDCNsYuRk0NC wESif/8DVghbTOLCvfVsXYxcHEIC7xglOq5eZYJwXjFK9HzqAqsSEljFKHFqphqIzSagJ7Hl 8RV2EFtEQFdi0YNFYDXMAqoS244+BYuzANlfX2wAs4WBtt2Y8RFoAwdQvanEtU2cEK1GEucv H2MCsXkFoiReNG+A2vuWSeLQ2vdgvZwCGhKXn79iA7EZgS79fmoNE8QucYlbT+YzQXwgILFk z3lmCFtU4uXjf6wQ9aISd9rXM4LsZRbIlzjbzwGxS1Di5MwnLBMYxWYhmTQLoWoWkiqIEh2J Bbs/sUHY2hLLFr5mhrHPHHjMhCy+gJF9FaNMSWmxYXFuSX5pSUFqhYGxXnFlbiIwJpP1kvNz NzEC4/IG1+HPOxh/73E8xCjAwajEw+u41TRYiDWxDKjyEKMEB7OSCG/WRKAQb0piZVVqUX58 UWlOavEhRmkOFiVx3pCPhsFCAumJJanZqakFqUUwWSYOTqkGxrWFvSw1D6xWySpF2UTw799m cr9bSZ7NN7Woal9Z1sndm5eEzv95+MgB8batxes5QjrtlbanVf+ZclPirWVWmMRlPsdoH9mo jVnT975V3Pp6r+KuC7fOZM06wTlTx3qauNovh/Z83aQrJlxN03Vkg7SW1TXM7V82MX6p8rRP coWvUi5Zsbx2VmIpzkg01GIuKk4EAEUQewTHAgAA
Cc: "" <>
Subject: Re: [Trans] RFC6962 BIS Log file encodings.
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Mar 2014 18:00:33 -0000

Thanks, Dave, I'll forward this on. But are you saying that the descriptions in 6962 are precise enough? Would you have any objections to defining structures in 6962 using the same syntax as 5280?


From: David A. Cooper []
Sent: Friday, March 28, 2014 10:55 AM
To: Rick Andrews
Subject: Re: [Trans] RFC6962 BIS Log file encodings.


I haven't read RFC 6962 in detail, but the ASN.1 experts you spoke with may not be familiar with the definition of Extension in certificates. X.509 defines it as:

   Extension ::= SEQUENCE {
            extnId EXTENSION.&id ({ExtensionSet}),
            critical BOOLEAN DEFAULT FALSE,
            extnValue OCTET STRING
   (CONTAINING EXTENSION.&ExtnType({ExtensionSet}{@extnId})
                                                    ENCODED BY der)}

   der OBJECT IDENTIFIER ::= {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}

In RFC 5280 it is:
   Extension  ::=  SEQUENCE  {
        extnID      OBJECT IDENTIFIER,
        critical    BOOLEAN DEFAULT FALSE,
        extnValue   OCTET STRING
                    -- contains the DER encoding of an ASN.1 value
                    -- corresponding to the extension type identified
                    -- by extnID

It is my understanding that the two definitions are based on different versions of ASN.1, but are considered to be equivalent. The important point is that both indicate that the extension value must contain the DER encoding of some ASN.1 value. So, the only way to interpret the RFC 6962 text in a manner that is consistent with X.509 is that the extnValue contains the tag for OCTET STRING followed by a length then a second OCTET STRING tag and a second length and then the (non-ASN.1) encoded SignedCertificateTimestampList structure. Given that the SignedCertificateTimestampList structure is not ASN.1, and so it cannot be DER encoded, this seems the only reasonable way to include it in a certificate.

This is similar to the subjectKeyIdentifier extension. The subjectKeyIdentifier just contains a string of bits, such as the SHA-1 hash of the subject public key. It is defined in RFC 5280 as follows:

     KeyIdentifier ::= OCTET STRING

     -- subject key identifier OID and syntax

     id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }

     SubjectKeyIdentifier ::= KeyIdentifier

and here is an example of an encoded subjectKeyIdentifier extension:
       SEQUENCE {
         SEQUENCE {
           OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
           OCTET STRING, encapsulates {
             OCTET STRING
               08 68 AF 85 33 C8 39 4A 7A F8 82 93 8E 70 6A 4A
               20 84 2C 32

RFC 5912 shows the extensions in the newer ASN.1 syntax.


On 03/28/2014 01:31 PM, Rick Andrews wrote:
In addition, our ASN.1 experts have asked for the syntax to be described in "ASN.1-like" syntax, as is used in RFCs 3280 and 5280.

For example, 3280/5280 defines an Extension like this:

Extension  ::=  SEQUENCE  {
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING  }

so the extnValue is defined as an OCTET STRING, yet 6962 says "...encoding the SignedCertificateTimestampList structure as an ASN.1 OCTET STRING and inserting the resulting data in the TBSCertificate as an X.509v3 certificate extension...". The ASN.1 folks say it's not clear if that means that the Extension contains the OCTET STRING data type (for extnValue) and length followed by another OCTET STRING data type identifier and length of the SCT. Or is the second OCTET STRING identifier redundant?

Those updating existing cert generation code will probably be dealing with ASN.1 compilers, so a precise definition of structures in ASN.1-like syntax will go a long way. In addition, defining OIDs as arc plus extension (like this: id-kp-serverAuth  OBJECT IDENTIFIER ::= { id-kp 1 }) would help.


From: Trans [] On Behalf Of Eran Messeri
Sent: Friday, March 14, 2014 3:01 AM
To: Phillip Hallam-Baker
Cc: Rob Stradling;<>
Subject: Re: [Trans] RFC6962 BIS Log file encodings.

I strongly support clarifying the description of the file format. When I started implementing aspects of RFC6962 (with no background in TLS encoding or ASN.1) it was very unclear.
>From other posts<> on the list it seems this was unclear to others as well.

On Thu, Mar 13, 2014 at 10:50 PM, Phillip Hallam-Baker <<>> wrote:
On Thu, Mar 13, 2014 at 4:20 PM, Rob Stradling <<>> wrote:
(Inspired by RFC5280 Appendix C)

Would it help to include one or more example SCTs in the text?

I think we definitely need that for Proposed. But right now I am trying to see how complete the description is.


Trans mailing list<>


Trans mailing list<>