[Top] [All Lists]

RE: Algorithm Class Data

2007-08-03 14:23:38


What I am looking at doing the associations for is the data structures not
the data themselves.  Thus for example, I have several different tables in
my system that say what the different structures are that are associated
with each algorithm OID.  The ability to encode this in the ASN.1 module,
and thus potentially to have the data transferred to my program, seems to me
to be a good thing.


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Kemp, David P.
Sent: Monday, July 30, 2007 9:10 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Algorithm Class Data


What is the purpose of "associating" information in an ASN.1 module?
Since ASN.1 describes the syntax of (for example) a signature as
transmitted between systems (OID, Parameters, and Signature Value),
I'm not sure what a compiler would do with other data associated
with a signature.  The public key used to validate a signature is
not contained in the same data object as the signature value itself
(certificate vs. signed object), a private key might not appear
in any ASN.1 module at all, and the data over which a signature is
computed may be external.

Since ASN.1 is not a procedural language, it's not clear how an
association between a private key and a signature could even be
expressed.  The private key used to generate a signature is
buried somewhere behind a PKCS#11 call.

Wouldn't you want to simply associate a specific data type with
the algorithm OID that selects it, just as an attribute OID
selects the syntax of the attribute value?


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Jim 
Sent: Monday, July 30, 2007 11:56 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Algorithm Class Data

At the face-to-face meeting I presented the fact that Paul Hoffman and
currently working on a 2002 freeware ASN.1 compiler.  As part of this
we are requested to do re-writes of the core IETF ASN.1 modules to
them.  This message is looking at one portion of the update that we are

The current ITU definition of ALGORITHM contains just an OID and an
type.  From my point of view this seems to be missing a lot of data
should be associated together.  So the first question would be what
information exists that COULD be associated together.  This meta data
generally collected somewhere, but is not associated in the current

The following information what I think could be associated.  I would
like to
start by seeing if this is a complete set of data that could be

    OID, Parameters, Signature Value, Public Key, Private Key

Transport Encryption
    OID, Parameters, EncryptedKey (contents of OCTET STRING ?), Public
Private Key

Key Agree Encryption
   OID, Parameter, EncryptedKey (contents of OCTET STRING ?), Public
Private Key, OtherKeyAttributes Set

Symmetric Key Encryption
   OID, Parameters, S/MIME Parameters

KEK Encryption
   OID, Parameters, OtherKeyAttibutes Set

Key Derivation Algorithm
   OID, Parameters, input format?

Digest Algorithm
   OID, Parameters

MAC Algorithm
   OID, Parameters


<Prev in Thread] Current Thread [Next in Thread>