Paul Hoffman / IMC wrote:
New versions of the -msg and-cert documents are now available.
S/MIME Version 3 Message Specification:
<http://www.imc.org/draft-ietf-smime-msg>
S/MIME Version 3 Certificate Handling:
<http://www.imc.org/draft-ietf-smime-cert>
As always, you can see links to the most recent documents at
<http://www.imc.org/ietf-smime/>.
--Paul Hoffman, Director
--Internet Mail Consortium
Paul,
Perhaps the wrong version of S/MIME Version 3 Certificate
Handling was placed on the site. The one that I fetched had
a date of November 20, 1997, and contained several errors in
the ASN.1 definitions, as well as valid imperfections of some
note.
5.2.1 Challenge Password
ChallengePassword ::= CHOICE {
PrintableString, T61String }
While this is valid under X.208, the lack of an identifier
on component type PrintableString causes ambiguity for those
who may wish to use the value notation to create test data.
Consider...
testString ChallengePassword ::= "Which string type is it?"
demonstrates a problem corrected in the 1994 standard by
requiring that identifiers be used to name choice alternatives.
A better definition might be
ChallengePassword ::= CHOICE {
p PrintableString, t T61String }
The second definition has never been correct, since when it
was origionally written, type UniversalString did not yet
exist. The authors apparently guessed that the naming convention
for OCTET STRING and BIT STRING would be followed. So,
ChallengePassword ::= CHOICE {
PrintableString, T61String, UNIVERSAL STRING }
is not valid ASN.1 for any version of that standard. For
section 5.2.2 Unstructured Address, the same is true.
A.5 Name Attributes
emailAddress OBJECT IDENTIFIER ::=
{iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) pkcs-9(9) 1}
CountryName OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 6}
StateOrProvinceName OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 8}
CommonName OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 3}
Title OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 12}
Organization OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 10}
OrganizationalUnit OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 11}
StreetAddress OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 9}
Postal Code OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 17}
Phone Number OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) attributeType(4) 20}
The identifiers US, CountryName, and StateOrProvinceName
CommonName, Title, Organization, OrganizationalUnit,
StreetAddress, "Postal Code", "Phone Number" are not
valid ASN.1 identifiers.
A.7 X.509 V3 Certificate Extensions
basicConstraints basicConstraints EXTENSION ::= {
SYNTAX BasicConstraintsSyntax
IDENTIFIED BY { id-ce 19 } }
keyUsage EXTENSION ::= {
SYNTAX KeyUsage
IDENTIFIED BY { id-ce 15 }}
The use of the EXTENSION class definition, and the WITH
SYNTAX notation to define an ASN.1:1994 extension object
is not valid for X.208.
Note that S/MIME Version 3 Message Specification, also dated
11/20/97, also has several ASN.1 errors. I had thought that both
of these documents had been corrected.
Phil
--
Phillip H. Griffin Griffin Consulting
asn1(_at_)mindspring(_dot_)com ASN.1-SET-Java-Security
919.828.7114 1625 Glenwood Avenue
919.832.7008 [mail] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
------------------------------------------------------------