ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A draft ASN.1 module for Cryptographic Message Syntax

1997-11-20 17:12:07
from [Russ Housley] [Permanent Link] 
Jim:

I am responding to one part of your message (see below).

We can argue all day about the depth we want to go to define the syntax.
But, I strongly encouage the group to avoid this rat hole.  We have
presiousley agreed that backward compatibility with PKCS#7 version 1.5 is
highly desirable.  This aproach is different than PKCS#7 version 1.5.  In
my opinion, this fact should be the end of discussion.

In my opinion, the difference in not very significant in a real
implementation.  In either situation, the output of the ASN.1 decode will
be passed to the crypto routines.  If the format carried in the protocol is
different in any way from the arguments neded by the crypto routines, then
glue code must be written to deal with it.

Russ


I disagree. Embedding an ASN.1 encoding within the value of an OCTET 
STRING or a BIT STRING requires two passes of ASN.1 parsing, unless 
you write special case code. It is much better to define the syntax 
properly to enable it to be parsed in one pass. An Information Object 
Set replaces the now deprecated use of ANY, to give a syntax like:

SignerInfo ::= SEQUENCE {
       version Version,
       issuerAndSerialNumber IssuerAndSerialNumber,
       digestAlgorithm DigestAlgorithmIdentifier,
       authenticatedAttributes [0] Attributes OPTIONAL,
       signatureAlgorithm SignatureAlgorithmIdentifier,
       signature SIGNATURE-VALUE.&Type 
         ({SignatureValueTable}{(_at_)signatureAlgorithm(_dot_)algorithm}),
       unauthenticatedAttributes [1] Attributes OPTIONAL }

SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

SIGNATURE-VALUE ::= CLASS {
       &id  ALGORITHM.&id,
       &Type }
       WITH SYNTAX {&Type IDENTIFIED BY &id }

SignatureValueTable SIGNATURE-VALUE ::= { rsa-signature-value, 
dss-signature-value, x509-signature-value, another-signature-value, 
... }

rsa-signature-value SIGNATURE-VALUE ::= { RSASignatureValue 
 IDENTIFIED BY id-rsa-signature }

RSASignatureValue ::= ENCRYPTED { DigestInfo }

DigestInfo ::= SEQUENCE {
       digestAlgorithm DigestAlgorithmIdentifier,
       digest Digest }

Digest ::= HASHED { CHOICE {
       content CMS-CONTENT-TYPE.&Type ({CMSContentTable}),
       authenticated-attributes [0] EXPLICIT Attributes } }

dss-signature-value SIGNATURE-VALUE ::= { DSSSignatureValue 
 IDENTIFIED BY id-dss-signature }

DSSSignatureValue ::= SEQUENCE {
       r INTEGER,
       s INTEGER }

x509-signature-value SIGNATURE-VALUE ::= { BIT STRING 
 IDENTIFIED BY id-x509-signature }

another-signature-value SIGNATURE-VALUE ::= { OCTET STRING 
 IDENTIFIED BY id-another-signature }
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A draft ASN.1 module for Cryptographic Message Syntax, Jim Craigie
Next by Date:  Re: Comments to CMS-01, John Pawling
Previous by Thread:  Re: A draft ASN.1 module for Cryptographic Message Syntax, Jim Craigie
Next by Thread:  Re(2): A draft ASN.1 module for Cryptographic Message Syntax, Jim Craigie
Indexes:  [Date] [Thread] [Top] [All Lists]