Re: some concerns about last IKEv2 draft

[Nicolas Williams <Nicolas.Williams@sun.com>]

On Wed, Sep 10, 2003 at 06:15:21PM -0400, Theodore Ts'o wrote:
> The grammatical typo can easily be fixed, either now or during last
> call.
> 
> While you are right that the use of DER or CER is preferred for data
> structures which are digitally signed, as it simplifies certain
> implementations that may decide to decode and then re-encode a
> particular ASN.1 stream, it certainly isn't required.  In this
> particular case, I very much doubt it will cause any real problems to
> an implementation, since the simplest and easiest implementation
> strategy will be to verify the hash immediately after downloading the
> certificate bundle specified by the URL, and before separating it into
> its component certificates and CRL's.  
> 
> Note that certificates and CRL's are themselves self-verifying data,
> so the hash is really more of a sanity check to make sure the correct
> bundle was downloaded as opposed to being seriously needed for the
> security of the protocol.

Good.  I hadn't read the relevant text in the I-D to verify that a
definite encoding was not an issue.

> > Further, it would be preferable to give the ASN.1 syntax for this
> > SEQUENCE, which means getting the tagging right, as you point out.
> 
> As I said earlier, no tagging is really needed.  Explicit tags are
> optional in ASN.1, unless they are needed to create a non-ambiguous
> encoding.  However, with either DER or BER, the types of the
> underlying definition of Certificate and CRL are not ambiguous, which
> means that this is perfectly legal ASN.1:
> 
> 	SEQUENCE OF CHOICE { X509-CERTIFICATE, X509-CRL };

Agreed.

Nico
--