[Top] [All Lists]

Re: Authenticated Attributes DER vs BER

1998-04-17 08:25:31
dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil (David P. Kemp) writes:

From: "Blake Ramsdell" <BlakeR(_at_)deming(_dot_)com>

In the spirit of "being liberal in what you accept" and
interoperability, I think some language is needed.  How about "receiving
agents SHOULD NOT reorder the SET OF according to DER"?

"being liberal in what you accept" leads to the position that receiving
agents SHOULD reorder the SET OF, in order to accept the widest variety
of input.
Not necessarily. Let's assume that you receive a message where the
SET OF IS misordered. There are two possibilities:
1. The data that was signed is the DER ordered data (I.e. NOT the
data that was transmitted).
2. The data that was signed is the data that was transmitted.

In my experience, (2) is the far more likely event. 

I appreciate that this defeats the entire purpose of using DER
but in practice we're not dealing with intermediate
systems that are likely to reorder DER in transit. However,
the probability that end systems will (mistakenly) sign BER
seems a lot higher.


[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."