[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos

To: Love Hörnquist Åstrand <lha@xxxxxx>
Subject: Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
From: Steven Legg <steven.legg@xxxxxxxxxxx>
Date: Thu, 03 Nov 2005 10:37:43 +1100
Cc: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>, Tom Gindin <tgindin@xxxxxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, ietf-pkix@xxxxxxx, jhutz@xxxxxxx, ietf-krb-wg@xxxxxxx
In-reply-to: <m2ek5yrflj.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <OF4418E07D.316DA9AC-ON852570A8.0071203C-852570AC.004AB30B@xxxxxxxxxx> <4367B0BC.6090601@xxxxxxxxxx> <m2ek5yrflj.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319



Love, et al,

Love Hörnquist Åstrand wrote:

Peter Sylvester <Peter.Sylvester@xxxxxxxxxx> writes:

The first one can be replaced by

       subjectName            [0] IMPLICIT OCTET STRING OPTIONAL CONTAINING Name


The correct syntax here is:

         subjectName   [0] IMPLICIT OCTET STRING (CONTAINING Name) OPTIONAL



Lets take another example:

       PA-PK-AS-REQ ::= SEQUENCE {
          signedAuthPack          [0] IMPLICIT OCTET STRING,
                   -- Contains a CMS type ContentInfo encoded
                   -- according to [RFC3852].
                   -- The contentType field of the type ContentInfo
                   -- is id-signedData (1.2.840.113549.1.7.2),
                   -- and the content field is a SignedData.

With you syntax this should be

	signedAuthPack IMPLICIT OCTET STRING OPTIONAL CONTAINING ContentInfo

Now, ContentInfo in a CMS type, and is allowed to be encoded in BER.
Kerberos datatypes uses DER.

How is that expressed in a formal way ?


signedAuthPack IMPLICIT OCTET STRING
                  (CONTAINING ContentInfo
                   ENCODED BY {joint-iso-itu-t asn(1) ber-derived(2) distinguished-encoding(1)})
                  OPTIONAL

The OID after the "ENCODED BY" is the OID that identifies DER.


Just saying IMPORT and CONTANING and expect the right thing to happen when
given to a compiler seems very naive.


There's a better chance that the compiler can do something useful than if
the requirements are expressed informally as a comment.

Regards,
Steven


Love

Follow-Ups:
- Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
  - From: Peter Sylvester

References:
- Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
  - From: Tom Gindin
- Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
  - From: Peter Sylvester
- Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
  - From: Love Hörnquist Åstrand

Prev by Date: Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
Next by Date: Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
Previous by thread: Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
Next by thread: Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for Initial Authentication in Kerberos
Index(es):
- Date
- Thread