[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some concerns about last IKEv2 draft

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: some concerns about last IKEv2 draft
From: Nicolas Williams <Nicolas.Williams@sun.com>
Date: Thu, 11 Sep 2003 09:03:24 -0700
Cc: "Theodore Ts'o" <tytso@mit.edu>, ipsec@lists.tislabs.com
In-Reply-To: <200309111321.h8BDLNHN090809@givry.rennes.enst-bretagne.fr>
References: <20030910205120.GI30537@think> <200309111321.h8BDLNHN090809@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.4i

On Thu, Sep 11, 2003 at 03:21:23PM +0200, Francis Dupont wrote:
>    While type-specific tagging might make life easier for the parser, it
>    is not strictly necessary since it is possible to distinguish between
>    certificates and CRL's by the ebedded ASN.1 type information.
>    
> => I disagree: certificates and CRLs are SEQUENCEs so tagging is mandatory
> (cf ITU-T REC X.680 200207 aka ISO/IEC IS 8824-1 2003, 28.3:
> "The Types defined in the "AlternativeTypeList" productions in an
>  "AlternativeTypeLists" shall have distinct tags")

Specifically they are SEQUENCEs that are either both not tagged or are
not tagged with different tags.

"CHOICE { foo, bar }" is ok, provided that foo and bar have distinct
outer tags.

Cheers,

Nico
--

References:
- Re: some concerns about last IKEv2 draft
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: some concerns about last IKEv2 draft
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: some concerns about last IKEv2 draft
Next by Date: Re: some concerns about last IKEv2 draft
Prev by thread: Re: some concerns about last IKEv2 draft
Next by thread: Re: some concerns about last IKEv2 draft
Index(es):
- Date
- Thread