ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: I-D ACTION:draft-ietf-smime-escertid-00.txt

2006-03-30 07:49:27
from [Denis Pinkas] [Permanent Link] 

Peter,

You are perfectly right.

My mistake.

Denis


The current ASN.1 in RFC 2634 is:

  ESSCertID ::=  SEQUENCE {
       certHash                 Hash,
       issuerSerial             IssuerSerial OPTIONAL
  }

The proposal from draft-ietf-smime-escertid-00.txt is:

     ESSCertIDEx ::=  SEQUENCE {
          certHash                 Hash,
          hashAlg                  AlgorithmIdentifier DEFAULT {id-sha256},
          issuerSerial             IssuerSerial OPTIONAL
     }

The proposal made on the PKIX mailing list is:

ESSCertIDv2 ::= SEQUENCE {
   certHash         OCTET STRING,
   issuerSerial     IssuerSerial,
   hashAlgorithm    AlgorithmIdentifier DEFAULT { sha-1 }

The advantage of the last proposal is backward compatibility with the
existing structure. 


No it isn't, you've lost the 'OPTIONAL' on issuerSerial, making it non-
backwards-compatible.  If you want it to have the properties you claim it has,
you'd need:

ESSCertIDv2 ::= SEQUENCE {
   certHash         Hash,
   issuerSerial     IssuerSerial OPTIONAL,
   hashAlgorithm    AlgorithmIdentifier DEFAULT { sha-1 }

Peter.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D ACTION:draft-ietf-smime-escertid-00.txt, Peter Gutmann
Next by Date:  Re: I-D ACTION:draft-ietf-smime-escertid-00.txt, Russ Housley
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-escertid-00.txt, Peter Gutmann
Indexes:  [Date] [Thread] [Top] [All Lists]