Dave,
What I am looking at doing the associations for is the data structures not
the data themselves. Thus for example, I have several different tables in
my system that say what the different structures are that are associated
with each algorithm OID. The ability to encode this in the ASN.1 module,
and thus potentially to have the data transferred to my program, seems to me
to be a good thing.
Jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Kemp, David P.
Sent: Monday, July 30, 2007 9:10 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Algorithm Class Data
Jim,
What is the purpose of "associating" information in an ASN.1 module?
Since ASN.1 describes the syntax of (for example) a signature as
transmitted between systems (OID, Parameters, and Signature Value),
I'm not sure what a compiler would do with other data associated
with a signature. The public key used to validate a signature is
not contained in the same data object as the signature value itself
(certificate vs. signed object), a private key might not appear
in any ASN.1 module at all, and the data over which a signature is
computed may be external.
Since ASN.1 is not a procedural language, it's not clear how an
association between a private key and a signature could even be
expressed. The private key used to generate a signature is
buried somewhere behind a PKCS#11 call.
Wouldn't you want to simply associate a specific data type with
the algorithm OID that selects it, just as an attribute OID
selects the syntax of the attribute value?
Dave
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Jim
Schaad
Sent: Monday, July 30, 2007 11:56 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Algorithm Class Data
At the face-to-face meeting I presented the fact that Paul Hoffman and
I
are
currently working on a 2002 freeware ASN.1 compiler. As part of this
work
we are requested to do re-writes of the core IETF ASN.1 modules to
update
them. This message is looking at one portion of the update that we are
contemplating.
The current ITU definition of ALGORITHM contains just an OID and an
open
type. From my point of view this seems to be missing a lot of data
that
should be associated together. So the first question would be what
information exists that COULD be associated together. This meta data
is
generally collected somewhere, but is not associated in the current
ASN.1
file.
The following information what I think could be associated. I would
like to
start by seeing if this is a complete set of data that could be
associated.
Signature
OID, Parameters, Signature Value, Public Key, Private Key
Transport Encryption
OID, Parameters, EncryptedKey (contents of OCTET STRING ?), Public
Key,
Private Key
Key Agree Encryption
OID, Parameter, EncryptedKey (contents of OCTET STRING ?), Public
Key,
Private Key, OtherKeyAttributes Set
Symmetric Key Encryption
OID, Parameters, S/MIME Parameters
KEK Encryption
OID, Parameters, OtherKeyAttibutes Set
Key Derivation Algorithm
OID, Parameters, input format?
Digest Algorithm
OID, Parameters
MAC Algorithm
OID, Parameters
Jim