[Top] [All Lists]

Re: [smime] New ID of potential interest

2010-08-12 11:27:48

On Aug 10, 2010, at 4:12 PM, Jim Schaad wrote:

On Apr 10, 2010, at 9:07 PM, Jim Schaad wrote:

A couple of questions and comments on this document

1.  Is there a reason not to make the sequence require at least two
for a union and an intersection?

No, there is no reason. And the ASN.1 module can be easily changed to
enforce the
presence of at least two elements in the sequence. But what are the pros
and cons of
doing so? Will anything be gained by requiring that unions and
intersections have at
least two elements?

I see no down side to make this requirement - it avoids the need to parse
and evaluate a node in the tree that contains a union or an intersection of
one node.  This means that the tree is smaller as is the encoded attribute.

Makes sense. I'll change it.

3.  Given that we are discussion SETs.  Are there any reasons not to
some restrictions on those who create SetKetParticipentSet values so
they are not every empty?  Thus an intersection SHOULD NOT result in an
empty result

I fear that might turn out to be an onerous run-time requirement. These
sets might be
represented by community-identifiers, remember. If we wish to enforce that
intersections be non-empty (for example) then we are requiring that
someone go chase
down the membership-lists of all communities. That may be an undesirable
requirement for some settings.

Also, that requirement may not be well-defined, if these communities
change. A set may
be non-empty when generated, but become empty later as come component
change their membership.

But let me ask: what is gained by requiring that generated SETs be

So yes there is a good reason not to require this is the leaf nodes can be
dynamic.  If they are static then doing a pre-evaluation would make things
smaller and faster for all clients to evaluate.

I'll make that clear in the document.

4.  Are there any locations (such as SetMember) where you one should
explicitly state that this field may be expanded at a later date with
additional values that may need to be recognized as being present, even
they are not evaluated.

I'm not sure what you mean here. Can you rephrase?

Are you ever going to want to add additional, currently unknown, items to
the structure SetMember?  If so do you want to require that they be handled
gracefully by people written to the current specification?  Similarly are
you ever going to want to add new operations to the SetKeyParticapantSet in
the future and how should existing clients deal with such items?

Ah, I see what you are asking. Good question. We'd like keep this as extensible 
as possible, and so what you say makes sense. But I don't immediately see what 
it means to 'handle gracefully' the case where one doesn't know how to 
interpret a set. For example, what would it mean to 'handle gracefully' the 
case where the set is 

  Intersection of (set A) and (X)

when you don't know how to interpret X? I suspect the answer depends on the 
intended use of this attribute, which can differ from setting to setting.

Given that we can't define what it means to 'handle gracefully' the case where 
current implementations encounter future extensions, I don't think we should 
require it in the spec. But at the same time, we don't want to rule out future 
extensions. Here's an alternate idea: what if we were to include a version 
number in this attribute? Then we could simply increment this version-number 
when we extend the attribute. Also, implementations would be able to tell right 
away whether or not they would understand the set-representation of the 
attribute. They would then either process the attribute to get the 
so-represented set, or gracefully handle the attribute as they would a 
completely unfamiliar attribute. 

5.  When doing an intersection, does none need to understand the value
SetMember, or can the evaluation be done on the ASN.1 encoding of the
SetMember.   Specifically would one need to understand that a
containing a specific public key be identified EITHER by the pub key
info or
by the issuer/serial?

That's a very good question. I hadn't thought about it. Do you have any

So the first question that comes up is whether you are expecting this to be
evaluated in the context of a specific certificate (or set of certificates)
or is this to be evaluated and this later applied to a set of certificates.

I'm not sure what you mean, but I don't envision that a public key would be 
included in a set-definition between creation and certification. That is, by 
the time a public key gets to the point where it will be used in a set 
definition, then one of the two following statements is true:

1) It has already been put in a certificate, and therefore can be referenced by 
issuer/serial number, or
2) It is an ephemeral/anonymous key, and will *never* be embedded in a 

If this is a reasonable assumption, then we might simply wave the problem away 
by specifying that it is invalid to refer to a key using the 
SubjectPublicKeyInfo form when it could also be referenced using the 
IssuerAndSerialNumber form. But I'm not sure that the underlying assumption is 

I'm trying to think of how this might come up. Suppose that the same key were 
referred to in two different ways-- once using IssuerAndSerialNumber (the 'I' 
form), and once as SubjectPublicKeyInfo (the 'S' form). Lets further suppose 
that implementations believed that the two forms referred to two different 
keys. Then how could things go wrong?

* They could mis-count the number of elements in a set. They could count the 
key twice, for example, believing there to be one more person/key in the set 
than there really is.

* They can also over-count the number of elements in the set if they encounter 
the form "{I} SetDiff {S}". This set should be empty, but the implementation 
may believe that it is actually equivalent to the set {I}. 

* Then again, they might undercount the number of elements in a set if they 
encounter the form "{I} Intersection {S}". This set actually contains the key 
in question, but might be mistaken for empty.

I think what I will propose is that when creating a SetKey attribute, 
implementations that wish to name a certified key SHOULD use the issuer and 
serial number form. However, implementations that receive and process a SetKey 
attribute SHOULD NOT regard different names as always indicating different 
keys.  And that I add a section to the document explaining these pitfalls.

In the second case one cannot say that an issuer serial number and a public
key info refer to the same certificate.  Part of the question can be
addressed as a security consideration and part by expected usage.  That is a
single community might only use a single way of identifying certificates and
thus the question is moot.

For our intended usage, it is the case that a given community would use only 
one way to refer to a certificate.

You might also have some problems from Alexy if you refer to things as
names, but you don't use a name form to store them in.  You might be better
using groupId rather than groupName  (same with participantName).  Note that
you don't currently seem to expect that you can get from a participantName
to a certificate to check for matches so the best rule might be that
different name forms are treated as different identifiers even if they can
later be mapped to the same individual.

Will do.

While you chew on this, I'll go ahead and make the changes described above and 
send the new version to you.

Thanks for your comments.
Jonathan Herzog                                                 voice:  (781) 
Technical Staff                                                 fax:    (781) 
Cyber Systems and Technology Group              email:  
MIT Lincoln Laboratory                                  www:
244 Wood Street    
Lexington, MA 02420-9185

Attachment: smime.p7s
Description: S/MIME cryptographic signature

smime mailing list
<Prev in Thread] Current Thread [Next in Thread>