[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D ACTION:draft-ietf-pkix-rfc2510bis-03.txt (and rfc2511bis- 01.txt)
Title: RE: I-D ACTION:draft-ietf-pkix-rfc2510bis-03.txt (and rfc2511bis- 01.txt)
Carlisle,
Phil's
items are EDITORIAL bugs in the ASN.1.
A lot
of PKIX (particularly ASN.1 definitions) are cut 'n pasted from
X.509, other X.500-series standards, PKCS standards, etc. There is
little coordination of ASN.1 modules between various standard groups
(PKIX don't IMPORT definitions from X.509, they redefine them in their own
modules). You often want to use PKIX and these other standards together,
but compilers tend not to like duplicate definitions of everything. The
solution is to rearrange the definitions, IMPORTS and modules to fit your own
system. As part of this rearranging process it is natural that
people correct any editorial bugs they create or find: some will report these to
the editor, other assume they are too trivial to worry about.
The rfc2510bis ASN.1 module even explicitly says each
implementer must adjusted the module themselves to IMPORT the
definition of CertificateRequest.
ASN.1
error detected by another compiler in rfc2510bis appendix F:
1. The
IMPORT section is not terminated with a semicolon.
2.
CMP1999(1) & CMP2000(2) identifiers must start with a lowercase
letter
3.
"SEQUENCE of CertStatus": "OF" must be capitalised.
4. Some ASN.1 definitions appear in the text
but not in the module: confirmWaitTime, confirmWaitTimeValue,
implicitConfirm, implicitConfirmValue. All the definitions are invalid
ASN.1.
5.
OIDs should be:
implicitConfirm OBJECT IDENTIFIER
::= {id-it 13}
confirmWaitTime OBJECT IDENTIFIER
::= {id-it 14}
6.
Types must start with a capital letter:
ImplicitConfirmValue ::=
NULL
ConfirmWaitTimeValue ::=
GeneralizedTime - time CA will wait until