[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CMP Spec

To: ietf-pkix@xxxxxxxxxx (pkix)
Subject: CMP Spec
From: amit@xxxxxxxxxx (Amit Kapoor)
Date: Wed, 25 Jun 1997 13:00:46 -0700 (PDT)

Hi,

Is is too late to request changes to the basic
pdu structure in the CMP (draft 02.txt)?

Anyways I think it might help if the structure
of the PKIMessage is simplified a little more.
Here is my proposal and reasons:

	PKIMessage ::= SEQUENCE {
		info		PKIMessageInfo,
		protection [0]	Protection OPTIONAL,
		extraCerts [1]  SEQUENCE OF Certificate OPTIONAL
	}

	PKIMessageInfo ::= SEQUENCE {
		header		PKIHeader,
		body		PKIBody
	}

	Protection ::= SEQUENCE {
		algId		AlgorithmIdentifier,
		signature	BIT STRING
	}


	PKIHeader remains the same except for removal
	of protectionAlg which has been moved to Protection as
	algId.

	My reasons are as follows:

1.	To calculate the signature on the current construct,
	an implementor will have to create a new structure
	SEQUENCE { PKIHeader, PKIBody } and then discard it.
	Instead in the above case the structure is created
	only once and used in the message itself.

2.	The check for signature is done only via one structure
	instead of thru two (PKIHeader.protectionAlg & protection),
	making it much easier.

	I have not understood the use of extraCerts yet and that
	is why I have left them the way they are, otherwise it
	also can be moved inside PKIMessageInfo.  I am looking at
	this from an implementation point of view and this does
	not change the semantics.

	A question:

1.	Does the module have IMPLICIT tags as defined for
	part1?


	Thanks.

Amit

Prev by Date: Re: basic constraints?
Next by Date: More stuff on ipki3cmp-02.txt
Previous by thread: basic constraints?
Next by thread: More stuff on ipki3cmp-02.txt
Index(es):
- Date
- Thread