[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCVP Draft 17: Summary of changes

To: Seth Hitchings <shitchings@xxxxxxxxxxxxxx>
Subject: Re: SCVP Draft 17: Summary of changes
From: "David A. Cooper" <david.cooper@xxxxxxxx>
Date: Fri, 18 Feb 2005 10:11:03 -0500
Cc: ietf-pkix@xxxxxxx, Tim Polk <tim.polk@xxxxxxxx>
In-reply-to: <E2339D02A340A546998AD2E6251332D60100B314@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <E2339D02A340A546998AD2E6251332D60100B314@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804


Seth Hitchings wrote:

If you do decide to put together another draft to address some of the
aesthetic issues, I'd like to see some of the tagging oddities (skipping
from 4 to 6, for example) addressed.

Several people have now commented stating that they believe it isimportant to modify the ASN.1 in SCVP so that explicit tags aresequential, etc.

So, Tim and I went through the document and made changes to the ASN.1 asfollows:

(1) We renumbered explicit tags wherever there was a gap in the sequencein draft 17.(2) We removed the explicit tagging where it was clear that the explicittagging was not necessary.(3) We defined DEFAULT values for several of the INTEGER and ENUMERATEDvalues when defining a default value could be done without affecting theASN.1 for any other fields.

I plan to submit draft 18 later today. Below is a copy of all of theASN.1 structures that have been changed since draft 17 (at least, Ibelieve that this is all of them).


Dave

-----------------------------------------------------------------------------------


  CVRequest ::= SEQUENCE {
    cvRequestVersion           INTEGER DEFAULT 1,
    query                      Query,
    requestorRef           [0] SEQUENCE SIZE (1..MAX) OF OCTET STRING
                                 OPTIONAL,
    requestNonce           [1] OCTET STRING OPTIONAL,
    requestorName          [2] GeneralName OPTIONAL,
    reqestExtensions       [3] Extensions OPTIONAL }

  ValidationPolicy ::= SEQUENCE {
    validationPolRef           ValidationPolRef,
    validationAlg          [0] ValidationAlg OPTIONAL,
    userPolicySet          [1] SEQUENCE SIZE (1..MAX) OF OBJECT
                                 IDENTIFIER OPTIONAL,
    inhibitPolicyMapping   [2] BOOLEAN OPTIONAL,
    requireExplicitPolicy  [3] BOOLEAN OPTIONAL,
    inhibitAnyPolicy       [4] BOOLEAN OPTIONAL,
    trustAnchors           [5] TrustAnchors OPTIONAL,
    keyUsages              [6] KeyUsages OPTIONAL,
    extendedKeyUsages      [7] SEQUENCE OF KeyPurposeId OPTIONAL }

  CVResponse ::= SEQUENCE {
    cvResponseVersion          INTEGER,
    policyID                   INTEGER,
    producedAt                 GeneralizedTime,
    responseStatus             ResponseStatus,
    respValidationPolicy   [0] RespValidationPolicy OPTIONAL,
    requestRef             [1] RequestReference OPTIONAL,
    requestorRef           [2] SEQUENCE SIZE (1..MAX) OF OCTET STRING
                                 OPTIONAL,
    requestorName          [3] GeneralNames OPTIONAL,
    replyObjects           [4] ReplyObjects OPTIONAL,
    respNonce              [5] OCTET STRING OPTIONAL,
    serverContextInfo      [6] OCTET STRING OPTIONAL,
    cvResponseExtensions   [7] Extensions OPTIONAL }

  ResponseStatus ::= SEQUENCE {
      statusCode               CVStatusCode DEFAULT okay,
      errorMessage             UTF8String OPTIONAL }

  CertReply ::= SEQUENCE {
    cert                       CertReference,
    replyStatus                ReplyStatus DEFAULT success,
    replyValTime               GeneralizedTime,
    replyChecks                ReplyChecks,
    replyWantBacks             ReplyWantBacks,
    validationErrors       [0] SEQUENCE SIZE (1..MAX) OF
                                 OBJECT IDENTIFIER OPTIONAL,
    nextUpdate             [1] GeneralizedTime OPTIONAL,
    certReplyExtensions    [2] Extensions OPTIONAL }

  ReplyCheck ::= SEQUENCE {
    check                      OBJECT IDENTIFIER,
    status                     INTEGER DEFAULT 0 }

  ValPolRequest ::= SEQUENCE {
    vpRequestVersion           INTEGER DEFAULT 1,
    requestNonce               OCTET STRING }

  ValPolResponse ::= SEQUENCE {
    vpResponseVersion                INTEGER,
    maxCVResponseVersion             INTEGER,
    maxVPResponseVersion             INTEGER,
    defaultPolicyID                  INTEGER,
    thisUpdate                       GeneralizedTime,
    nextUpdate                       GeneralizedTime OPTIONAL,
    validationPolices                SEQUENCE OF ValidationPolRef,
    validationAlgs                   SEQUENCE OF OBJECT IDENTIFIER,
    authPolicies                     SEQUENCE OF AuthPolicy,
    responseTypes                    ResponseTypes,
    defaultPolicyValues              RespValidationPolicy,
    revocationInfoTypes              RevocationInfoTypes,
    serverPublicKeys                 SEQUENCE OF KeyAgreePublicKey
                                       OPTIONAL,
    clockSkew                        INTEGER DEFAULT 10,
    requestNonce                     OCTET STRING OPTIONAL }

  AuthPolicy ::= CHOICE {
    authPolRefByOID       OBJECT IDENTIFIER,
    authPolRefByURI       IA5String }

References:
- RE: SCVP Draft 17: Summary of changes
  - From: Seth Hitchings

Prev by Date: RE: PKIX implications of SHA-1 collisions
Next by Date: RE: PKIX implications of SHA-1 collisions
Previous by thread: RE: SCVP Draft 17: Summary of changes
Next by thread: Re: SCVP Draft 17: Summary of changes
Index(es):
- Date
- Thread