[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some concerns about last IKEv2 draft
In your previous mail you wrote:
> That said, there are at least to problems here: a) the first sentence of
> the paragraph you quote is grammatically incorrect and b) it should use
> DER or CER instead of BER (since there's multiple ways to encode an ASN.1
> SEQUENCE in BER, but one should generally use a definite encoding to
> encode inputs to hash functions).
The grammatical typo can easily be fixed, either now or during last
call.
=> please help the poor (:-) editor: propose a new wording asap!
While you are right that the use of DER or CER is preferred for data
structures which are digitally signed, as it simplifies certain
implementations that may decide to decode and then re-encode a
particular ASN.1 stream, it certainly isn't required. In this
particular case, I very much doubt it will cause any real problems to
an implementation, since the simplest and easiest implementation
strategy will be to verify the hash immediately after downloading the
certificate bundle specified by the URL, and before separating it into
its component certificates and CRL's.
Note that certificates and CRL's are themselves self-verifying data,
so the hash is really more of a sanity check to make sure the correct
bundle was downloaded as opposed to being seriously needed for the
security of the protocol.
=> I agree: DER will be common but we have not to mandate it.
> Further, it would be preferable to give the ASN.1 syntax for this
> SEQUENCE, which means getting the tagging right, as you point out.
As I said earlier, no tagging is really needed.
=> tagging IS needed.
Explicit tags are
optional in ASN.1, unless they are needed to create a non-ambiguous
encoding.
=> tags (of any kind) are needed when the encoding is ambiguous,
and it is the case here (a CHOICE between two SEQUENCEs).
However, with either DER or BER, the types of the
underlying definition of Certificate and CRL are not ambiguous,
=> there are not ambiguous but they are the SAME.
which means that this is perfectly legal ASN.1:
SEQUENCE OF CHOICE { X509-CERTIFICATE, X509-CRL };
=> this is legal ASN.1 only when automatic tagging is selected.
As it is not the case (automatic tagging is not the default),
some kind of tagging (explicit, implicit or automatic) is needed.
Perhaps some ASN.1 geeks would feel that this is clearer than the
current English that is there now, but personally, I'm not at all
convinced.
=> I can send to you *privately* the last ASN.1 documents (my telecom
engineer school is a member of the ITU, I even have a minitel on my
desk :-). But the current document is just a bit underspecified
and we have to fix it. My proposal is designed to be as small as
possible: ", respectively with implicit tags 0 and 1".
P.S. This confusion over the use of ASN.1 simply reinforces my
personal bias that "friends shouldn't let friends use ASN.1",
=> so you should share my idea to introduce as little as possible ASN.1 (:-)!
For instance I implicitly translate the English word "and" into the ASN.1
CHOICE.
but it's
far too late in the process to be making changes that basically boil
down to arguments over preferred ("bits on the wire") packet formats.
Thanks
Francis.Dupont@enst-bretagne.fr