[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DER in ac509prof-03
Russ Housley wrote:
>
> Paul:
>
> Both generate identical bit strings.
Russ, this is simply not true. DER as defined in X.509:1987
is not as rigorously defined as the DER in X.690. Given the
same abstract value these two sets of rules can produce
different encodings.
You may have forgotten this discussion from August 1998
between the ASN.1 standards editor and the Directory
rapporteur on changing the reference in X.509 from their
own definition of DER to that in X.680. After detailing
differences between bit string encodings the ASN.1 editor
stated in part:
>The reason
>that X.509 DER was not adopted verbatim into X.690 was
>that when we started looking at it closely we came across
>deficiencies in the X.509 encoding of REAL, UTCTime,
>GeneralizedTime, GeneralString and BIT STRING which can
>result different encodings for a given value. So we fixed
>what was broken. I have no doubt that X.690 DER simply
>closes the holes in X.509 DER and otherwise introduces
> no incompatibility in X.509.
>
>The X.690 DER spec is very short, as is the X.509 spec.
>Take the time and review the two and you will see that
>X.690 DER is simply a tighter version of X.509 DER.
> This topic has been debated several times,and I do not think we should do
> it again on the list. If you want to have a private discussion about it, I
> will be glad to do so. The bottom line is that ASN.1-1997 does not have
> multiple implementations.
What? Russ this may have been true a few years ago but
it is not so now. While this is not a complete list I'm
sure, and it doesn't take into account at all the many
in house and not for sale tools that companies have, but
among the ASN.1 tools I know of that support ASN.1:1997
are:
http://asn1.elibel.tm.fr/en/tools/index.htm
http://www.oss.com/products/tools.html
http://www.computec.com/en/asn2cxx/index.html
http://www.obj-sys.com/asn1.htm
All of these support both BER and DER. All of these also
support PER, though two of them at present only have beta
test versions of PER tools available. There are two or three
other companies currently building tools to support
ASN.1:1997 as well, but none is complete at this time.
Phil
----
Phillip H. Griffin Griffin Consulting
http://asn-1.com Secure ASN.1 Design & Implementation
+1-919-832-7008 1625 Glenwood Avenue, Five Points
+1-919-832-7390 [fax] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
> Russ
>
> At 12:27 PM 05/10/2000 -0400, Paul Koning wrote:
> > >>>>> "Russ" == Russ Housley <housley@spyrus.com> writes:
> >
> > Russ> I disagree. We are using the ASN.1-1988 documents, not the
> > Russ> 1997 ones.
> >
> > Russ> At 11:43 AM 05/10/2000 +0100, Stephen Farrell wrote:
> >
> > >> "DER is defined in [X.208-88]" -> "DER is defined in [X.690-97]"
> > >> is fine by me, anyone else care?
> >
> >Are the two different? That is, are there bitstrings that conform to
> >one but not the other, or whose meaning changes depending on which
> >spec you use?
> >
> >I think Russ's position is problematic. It's a bit like saying that
> >you continue to use an RFC that has been superseded. Presumably it
> >was superseded for a reason. Also, while old RFCs are still
> >available, 12 year old ITU specs may only exist in antique shops by
> >now. Clearly, it is not acceptable to have an RFC that points to an
> >outside standard unless that outside standard is available.
> >
> > paul