What I am looking at doing the associations for is the data structures not
the data themselves. Thus for example, I have several different tables in
my system that say what the different structures are that are associated
with each algorithm OID. The ability to encode this in the ASN.1 module,
and thus potentially to have the data transferred to my program, seems to me
to be a good thing.
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Kemp, David P.
Sent: Monday, July 30, 2007 9:10 PM
Subject: RE: Algorithm Class Data
What is the purpose of "associating" information in an ASN.1 module?
Since ASN.1 describes the syntax of (for example) a signature as
transmitted between systems (OID, Parameters, and Signature Value),
I'm not sure what a compiler would do with other data associated
with a signature. The public key used to validate a signature is
not contained in the same data object as the signature value itself
(certificate vs. signed object), a private key might not appear
in any ASN.1 module at all, and the data over which a signature is
computed may be external.
Since ASN.1 is not a procedural language, it's not clear how an
association between a private key and a signature could even be
expressed. The private key used to generate a signature is
buried somewhere behind a PKCS#11 call.
Wouldn't you want to simply associate a specific data type with
the algorithm OID that selects it, just as an attribute OID
selects the syntax of the attribute value?
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Jim
Sent: Monday, July 30, 2007 11:56 AM
Subject: Algorithm Class Data
At the face-to-face meeting I presented the fact that Paul Hoffman and
currently working on a 2002 freeware ASN.1 compiler. As part of this
we are requested to do re-writes of the core IETF ASN.1 modules to
them. This message is looking at one portion of the update that we are
The current ITU definition of ALGORITHM contains just an OID and an
type. From my point of view this seems to be missing a lot of data
should be associated together. So the first question would be what
information exists that COULD be associated together. This meta data
generally collected somewhere, but is not associated in the current
The following information what I think could be associated. I would
start by seeing if this is a complete set of data that could be
OID, Parameters, Signature Value, Public Key, Private Key
OID, Parameters, EncryptedKey (contents of OCTET STRING ?), Public
Key Agree Encryption
OID, Parameter, EncryptedKey (contents of OCTET STRING ?), Public
Private Key, OtherKeyAttributes Set
Symmetric Key Encryption
OID, Parameters, S/MIME Parameters
OID, Parameters, OtherKeyAttibutes Set
Key Derivation Algorithm
OID, Parameters, input format?