ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ESSSecurityLabel Version Deletion

1998-05-23 13:42:22
from [Jim Schaad (Exchange)] [Permanent Link] 
Once upon a time in the vague recesses of my mind I remember this issue
coming up.  While I agree there are a number of good reasons for not having
the version field anyway (versioning could be done by just using a new OID
if necessary), I though that we had agreed that we were going to fix this by
turning the SET into a SEQUENCE and thus getting the version field first.
We have already made the break with the old encoding of security labels so
there should be no problem with this.

jim


-----Original Message-----
From: jsp(_at_)jgvandyke(_dot_)com [mailto:jsp(_at_)jgvandyke(_dot_)com]
Sent: Friday, May 22, 1998 1:11 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: ESSSecurityLabel Version Deletion


All,

In March, Darren Harter correctly pointed out a problem with the
ESSSecurityLabel syntax (see attached snip of Darren's msg).    The version
number was added to ESSSecurityLabel as an indicator that the syntax is
different than the X.411 securityLabel syntax (i.e. when privacyMark
UTF8String CHOICE is present).  Darren correctly pointed out that when the
ESSSecurityLabel SET is DER encoded, then the version number will appear
after the majority of the fields in the ESSSecurityLabel.  I propose that
the version component should be deleted from the ESSSecurityLabel syntax
because it does not serve a useful purpose because it is not the first field
to appear in the DER-encoded ESSSecurityLabel.  The id-aa-securityLabel OID
identifies the ESSSecurityLabel syntax when it is used in an authenticated
attribute.  If the ESSSecurityLabel syntax is changed after ESS becomes
stable, then a new OID can be assigned to indicate the changed syntax.   

================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================


Darren Harter wrote:


John,

There is a further flaw in the scheme.  Because the ESSSecurityLabel is a
SET, it will be sorted when DER is used.

This means that the set elements will appear in the following order in the

DER

encoding:

When Printable String Used - v1

    Classification - tag 0x02
    PolicyId - tag 0x06
    Privacy - tag 0x13
    Categories - tag 0x30

When UTF8 String Used - v2

    Classification - tag 0x02
    PolicyId - tag 0x06
    Categories - tag 0x30
    Version - 0x80
    Privacy - tag 0x81

<snip>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Questions on Signed Receipts, Jim Schaad (Exchange)
Next by Date:  RE: ESS EquivalentLabel Proposal, Jim Schaad (Exchange)
Previous by Thread:  Re: ESSSecurityLabel Version Deletion, Russ Housley
Next by Thread:  RE: ESSSecurityLabel Version Deletion, John Pawling
Indexes:  [Date] [Thread] [Top] [All Lists]