[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC 3029 update

To: ietf-pkix@xxxxxxx
Subject: RFC 3029 update
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Tue, 12 Mar 2002 18:51:17 +0100 (MET)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Hi,

several people has informed the authors of RFC 3029 that
the document contains some errors in the ASN.1 definitions. 

Indeed, some nice bugs have not been caught even in pilot
implementations. 

in order to avoid that other implementors hit the
same problems, here a summary :

Current text has:

     PathProcInput ::= SEQUENCE {
        acceptablePolicySet          SEQUENCE SIZE (1..MAX) OF
                                        PolicyInformation,
        inhibitPolicyMapping         BOOLEAN DEFAULT FALSE,
        explicitPolicyReqd           BOOLEAN DEFAULT FALSE }

This should be:

     PathProcInput ::= SEQUENCE {
        acceptablePolicySet          SEQUENCE SIZE (1..MAX) OF
                                        PolicyInformation,
        inhibitPolicyMapping         BOOLEAN DEFAULT FALSE,
        explicitPolicyReqd           [0] BOOLEAN DEFAULT FALSE ,    
        inhibitAnyPolicy             [1] BOOLEAN DEFAULT FALSE }

Current text has: 

   Data ::= CHOICE {
         message           OCTET STRING ,
         messageImprint    DigestInfo,
         certs             SEQUENCE SIZE (1..MAX) OF
                               TargetEtcChain
   }

This should be:

   Data ::= CHOICE {
         message           OCTET STRING ,
         messageImprint    DigestInfo,
         certs             [0] SEQUENCE SIZE (1..MAX) OF
                               TargetEtcChain
   }

Current text has: 

   CertEtcToken ::= CHOICE {

        certificate                  [0] IMPLICIT Certificate ,
        esscertid                    [1] ESSCertId ,
        pkistatus                    [2] IMPLICIT PKIStatusInfo ,
        assertion                    [3] ContentInfo ,
        crl                          [4] IMPLICIT CertificateList,
        ocspcertstatus               [5] IMPLICIT CertStatus,
        oscpcertid                   [6] IMPLICIT CertId ,
        oscpresponse                 [7] IMPLICIT OCSPResponse,
        capabilities                 [8] SMIMECapabilities,
        extension                    Extension }

This should be:

   CertEtcToken ::= CHOICE {

        certificate                  [0] IMPLICIT Certificate ,
        esscertid                    [1] ESSCertId ,
        pkistatus                    [2] IMPLICIT PKIStatusInfo ,
        assertion                    [3] ContentInfo ,
        crl                          [4] IMPLICIT CertificateList,
        ocspcertstatus               [5] CertStatus,
        oscpcertid                   [6] IMPLICIT CertID ,
        oscpresponse                 [7] IMPLICIT OCSPResponse,
        capabilities                 [8] SMIMECapabilities,
        extension                    Extension }


Correcting the errors and missing parts in the IMPORTS list are
left as an exercise to the friendly implementors.

I am using the occasion to remind also that I consider the

   - Validation of Public Key Certificates (vpkc).

(also incorrectly identified as cpkc)

as a candidate protocol for DPV/DPD. 

I have been saying this since long time for DPV. 
The differences between this part DVCS and another candidate 
are getting smaller and smaller, I would say at least 90% 
overlap. 

Peter Sylvester

Prev by Date: Re: Attribute Certificate Policy??
Next by Date: RE: Attribute Certificate Policy??
Previous by thread: draft-ietf-pkix-pr-tsa-00.txt
Next by thread: Agenda for 53rd IETF
Index(es):
- Date
- Thread