Re: DER in ac509prof-03

["Phillip H. Griffin" <phil.griffin@xxxxxxxxx>]

Tom,

Comments below.

tgindin@us.ibm.com wrote:
> 
>      In practice, what we mean by "1988 syntax", as far as I can tell, is
> pretty much the following:
> 
> 1 -  Avoiding the following three types first defined in post-1988
> versions: Instance-of, Embedded-pdv, and Unrestricted character string, and
> adding explicit definitions for the Unicode string types which are copied
> from X.680.
> 2 -  Continuing to use "ANY DEFINED BY", as defined in X.208 section 27 and
> X.680 appendix H.3, rather than using constructs with similar meaning first
> defined in 1993-4, such as information object classes and their fields.
> 3 -  Avoiding the use of either macros (legal in 1988) or information
> object classes (legal after 1993-4).
> 
>      The only part of this which seems even questionable is point 2, but
> X.680 still contains support for ANY DEFINED BY, although it is deprecated.
> I was not at Adelaide, which partly accounts for my suggestion of 1993
> support in AC509Prof.

No version of X.680 contains support for ANY DEFINED BY.
In the 1994 version, ANY DEFINED BY was discussed as 
deprecated notation in an *informative* annex, and was
not part of any *normative* text in that standard. 

During the last revision of X.680, both of the normative
sections describing ANY DEFINED BY and the MACRO notation
were removed, and the section you refer to no longer exists
in the most recent publication of the standard, ITU-T Rec. 
X.680:1997 | ISO/IEC 8824-1 (1998).

>      I don't think that the bits on the line change for BER between
> X.209(1988) and X.690(1994) if the ASN.1 is legal 1988 syntax.  Does
> anybody know of changes specific to DER?
>

You are correct that the bits on the line did not change
for BER between the X.209:1988 and X.680:1997 publications.
However, the same can not be said for X.509:1987 DER. The
set of restrictions defined at that time were only intended
for use in the Directory specification at that time, long
before version 3 certificates. 

It wasn't until the added complexity of X.509v3 extensions
came about that these 1987 rules became insufficient. They
were probably designed only to be correct at that time for
limited use within the Directory ASN.1. They were not 
designed to cover all possible uses of ASN.1.


>           Tom Gindin
> 
> Paul Koning <pkoning@xedia.com> on 05/10/2000 12:27:54 PM
> 
> To:   housley@spyrus.com
> cc:   stephen.farrell@baltimore.ie, phil.griffin@asn-1.com,
>       ietf-pkix@imc.org
> Subject:  Re: DER in ac509prof-03
> 
> >>>>> "Russ" == Russ Housley <housley@spyrus.com> writes:
> 
>  Russ> I disagree.  We are using the ASN.1-1988 documents, not the
>  Russ> 1997 ones.
> 
>  Russ> At 11:43 AM 05/10/2000 +0100, Stephen Farrell wrote:
> 
>  >> "DER is defined in [X.208-88]" -> "DER is defined in [X.690-97]"
>  >> is fine by me, anyone else care?
> 
> Are the two different?  That is, are there bitstrings that conform to
> one but not the other, or whose meaning changes depending on which
> spec you use?
> 
> I think Russ's position is problematic.  It's a bit like saying that
> you continue to use an RFC that has been superseded.  Presumably it
> was superseded for a reason.  Also, while old RFCs are still
> available, 12 year old ITU specs may only exist in antique shops by
> now.   Clearly, it is not acceptable to have an RFC that points to an
> outside standard unless that outside standard is available.
> 
>      paul

Phil
----
Phillip H. Griffin      Griffin Consulting
http://asn-1.com        Secure ASN.1 Design & Implementation
+1-919-832-7008         1625 Glenwood Avenue, Five Points
+1-919-832-7390 [fax]   Raleigh, North Carolina  27608  USA
------------------------------------------------------------