[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments to SCVP ID 18
I am not quite sure to understand the motivations and
goals for the ASN.1 changes because the result seems
still somewhat strange.
Either one should use context specific tags in all sequences/choices
or a minimal set
instead of
Query ::= SEQUENCE {
queriedCerts CertReferences,
checks CertChecks,
wantBack WantBack,
validationPolicy ValidationPolicy,
responseFlags ResponseFlags OPTIONAL,
serverContextInfo [2] OCTET STRING OPTIONAL,
validationTime [3] GeneralizedTime OPTIONAL,
intermediateCerts [4] CertBundle OPTIONAL,
revInfos [5] RevocationInfos OPTIONAL,
producedAt [6] GeneralizedTime OPTIONAL,
queryExtensions [7] Extensions OPTIONAL }
Why not starting with [4711] (followed by [48] as you might know)?
one could have
Query ::= SEQUENCE {
queriedCerts CertReferences,
checks CertChecks,
wantBack WantBack,
validationPolicy ValidationPolicy,
responseFlags ResponseFlags OPTIONAL,
serverContextInfo OCTET STRING OPTIONAL,
validationTime GeneralizedTime OPTIONAL,
intermediateCerts [0] CertBundle OPTIONAL,
revInfos [1] RevocationInfos OPTIONAL,
producedAt [2] GeneralizedTime OPTIONAL,
queryExtensions [3] Extensions OPTIONAL }
instead of
CVRequest ::= SEQUENCE {
cvRequestVersion INTEGER DEFAULT 1,
query Query,
requestorRef [0] SEQUENCE SIZE (1..MAX) OF OCTET STRING
requestNonce [1] OCTET STRING OPTIONAL,
requestorName [2] GeneralName OPTIONAL,
reqestExtensions [3] Extensions OPTIONAL }
one could have
CVRequest ::= SEQUENCE {
cvRequestVersion INTEGER DEFAULT 1,
query Query,
requestorRef SEQUENCE SIZE (1..MAX) OF OCTET STRING
requestNonce OCTET STRING OPTIONAL,
requestorName GeneralName OPTIONAL,
reqestExtensions [0] Extensions OPTIONAL }
instead of
CVResponse ::= SEQUENCE {
cvResponseVersion INTEGER,
policyID INTEGER,
producedAt GeneralizedTime,
responseStatus ResponseStatus,
respValidationPolicy [0] RespValidationPolicy OPTIONAL,
requestRef [1] RequestReference OPTIONAL,
requestorRef [2] SEQUENCE SIZE (1..MAX) OF OCTET STRING
OPTIONAL,
requestorName [3] GeneralNames OPTIONAL,
replyObjects [4] ReplyObjects OPTIONAL,
respNonce [5] OCTET STRING OPTIONAL,
serverContextInfo [6] OCTET STRING OPTIONAL,
cvResponseExtensions [7] Extensions OPTIONAL }
one could have
CVResponse ::= SEQUENCE {
cvResponseVersion INTEGER DEFAULT 1,
responseStatus ResponseStatus,
producedAt GeneralizedTime, -- maybe OPTIONAL
policyID INTEGER OPTIONAL,
respValidationPolicy RespValidationPolicy OPTIONAL,
requestRef [0] RequestReference OPTIONAL,
requestorRef [1] SEQUENCE SIZE (1..MAX) OF OCTET STRING
OPTIONAL,
requestorName [2] GeneralNames OPTIONAL,
might be requestorNames
replyObjects [3] ReplyObjects OPTIONAL,
respNonce [4] OCTET STRING OPTIONAL,
serverContextInfo [5] OCTET STRING OPTIONAL,
cvResponseExtensions [6] Extensions OPTIONAL }
here I think the policyID should be optional since in case
of sime internal error the server may not be able to provide
it. (one could argue also for producedAt)
(modulo my request to add simple object addressing peremeters,
i.e. to also have a responderName GeneralNames structure in
both request and response and to change the requesterName in
the request to be GeneralNames, at least the latter)