[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Testing the ASN.1 in Part 1

Subject: Re: Testing the ASN.1 in Part 1
From: Dean Povey <povey@xxxxxxxxxxxxxxx>
Date: Fri, 18 Sep 1998 15:47:57 +1000
Cc: Paul Hoffman / IMC <phoffman@xxxxxxx>, ietf-pkix@xxxxxxx
In-reply-to: Your message of "Tue, 15 Sep 1998 14:29:01 +1000." <>
Sender: owner-ietf-pkix@xxxxxxx

>
>
>>Anyone who plans to get around to checking the ASN.1 after part 1 becomes
>>an RFC: could you do it now instead? This would be a great help to us all.
>>Thanks!
>>

More bugs in PKIX1ImplictXX

The ASN.1 for PolicyConstraints is incorrect. In both the 88 and 93 versions 
it is specified as a SEQUENCE SIZE(1..MAX) OF SEQUENCE { ... }.  This is 
inconsistent with the X.509 definition and it also doesn't make any sense for 
it to be a SEQUENCE OF.  The definition of PolicyConstraints should  be:

PolicyConstraints ::= SEQUENCE {
	requireExplicitPolicy	[0] SkipCerts OPTIONAL,
	inhibitPolicyMapping	[1] SkipCerts OPTIONAL }

Also the authorityInfoAccess OID is missing in the 88 module, it should be:

id-pe-authorityInfoAccess  OBJECT IDENTIFIER ::= { id-pe 1 }

More as I find 'em :-).


-- 
Dean Povey,         | e-m: povey@dstc.edu.au     | Cryptozilla:
Research Scientist  | ph:  +61 7 3864 5120       |  www.cryptozilla.org/
Security Unit, DSTC | fax: +61 7 3864 1282       | Oscar - PKI Toolkit:
Brisbane, Australia | www: security.dstc.edu.au/ |  oscar.dstc.qut.edu.au/

Follow-Ups:
- Re: Testing the ASN.1 in Part 1
  - From: Russ Housley

References:
- Re: Testing the ASN.1 in Part 1
  - From: Dean Povey

Prev by Date: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by Date: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Previous by thread: Re: Testing the ASN.1 in Part 1
Next by thread: Re: Testing the ASN.1 in Part 1
Index(es):
- Date
- Thread