[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[IETF-PKIX] PKIX ASN.1
Apologies if this has already been discussed.
The current drafts of the PKIX ASN.1 contain invalid syntax.
The ASN.1 defintions mix ASN.1:1988/90 and the current standard,
ASN.1:1994. By my reading, the current standard states that the two
can not be mixed in X.680, section A.2, "Mixing ASN.1-88/90 and
current ASN.1 notation":
"Both the ASN.1-88/90 and the current ASN.1 notation specify a
top-level syntactic construct which is an ASN.1 module. A user of
ASN.1 writes a collection of ASN.1 modules, and may import
definitions from other ASN.1 modules."
[snip PHG]
"Where a module conforms to the ASN.1-88/90 notation, type and value
references may be imported from a module that was defined using the
current notation. Such types and values must be associated with types
that can be defined using only the ASN.1-88/90 notation. For example,
a module written using the ASN.1-88/90 notation cannot import a value
of type UniversalString, since this type is defined in the current
notation but not in ASN.1-88/90; it can, however, import values whose
types are, for example, INTEGER, IA5String, etc."
Both BMPString and UniversalString are types defined only in the
current standard, ASN.1:1994. PKIX uses BMPString in code that uses
the superceded ANY DEFINED BY, which is described in Annex I of the
current standards, but is not an integral part of the ASN.1 standards.
X.208 does not define type BMPString. Such ASN.1 usage will certainly
break tools that correctly implement the ASN.1 standards.
Phil
--
Phillip H. Griffin Griffin Consulting
asn1@mindspring.com ASN.1-SET-Java-Security
919.828.7114 1625 Glenwood Avenue
919.832.7008 [mail] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
------------------------------------------------------------