[x500standard] Re: Another lack of clarity in X.509

  • From: "Jean-Paul LEMAIRE" <jean-paul.lemaire@xxxxxxxxxxxxxxxxxxxxx>
  • To: x500standard@xxxxxxxxxxxxx
  • Date: Thu, 26 Jun 2008 08:35:01 +0200

Hi Erik,
According to X.509 clause 7, in a Certificate, AttributeCertificate or CertificateList value, an extension is encoded as an octet string containing the DER encoding of a value of a type EXTENSION.&ExtnType. So the receiver knowns the DER encoding of all the extensions even for unknown extensions.
However, we have a similar problem in AttributeCertificate because the attributes component may contain attributes unknown by the receiver and in that case the receiver cannot compute the DER encoding.
So clarification is needed but it seems not easy to solve this problem and keep compatibility with the previous versions.
It is too late to have a Technical Corrigendum balloted before SG 17 September meeting and incorporate the solution into Edition 6. So we have to submit a defect report (I can prepare it and send it to AFNOR) and prepare a Technical Corrigendum on Edition 6. If you can attend the next next SC 6 meeting we can perhaps solve these clarifications problems. 

Best regards,

Jean-Paul.



Hi,

I am now in 6.1 of X.509:2005.
It is my understanding that in a distributed environment (and directory is potentially distributed), the signature is generated based on the DER encoding of the abstract syntax, but the data actually transmitted need not be the strictly DER encoded. If this understanding is not true, then 
X.509 is not clear about it.

Assuming it is true, the recipient cannot know whether a received
message is DER encoded or not, but needs to decode the message and
re-encode in DER to check the signature.
The last paragraph of 6.1 with the three bullets gives me problems. An implementation cannot easily decode a message if the underlying abstract syntax is not fully known (e.g. it difficult to distinguish between set and set-of). The three last bullets pretend to be the solution to that 
problem.
A DUA sends a message to DSA-A and DSA-A chains the message to DSA-B. It must be assumed that the DUA will fully understand the abstract syntax 
of the sent message, but assuming that DSA-A does not fully know the
underlying abstract syntax, the following rules should then be used:
- DSA-A preserves the encoding of the received message, and it 
is supposed to add it own signature.
- DSA-A after having added all its chaining stuff, DER encode the part of the abstract syntax it fully know and keep all unknown data 
with preserved encoding (which may not be DER encoded). It then
generates the signature.
-          DSA-B should now just check the signature based on the
received encoding.

How does DSA-B know that DSA-A is a stupid DSA not knowing the fully
abstract syntax? DSA-B may fully understand the abstract syntax and may 
therefore decode the whole thing and re-encode in DER to check the
signature. The DSA-A signature may the fail.
If it is opposite, the DSA-A is a clever DSA and DSA-B is a stupid DSA, 
then DSA-B cannot fully decode the message and create its own DER
encoding to check DSA-A's signature.


Erik Andersen
Andersen's L-Service
Mobile: +45 20 97 14 90
e-mail:  <mailto:era@xxxxxxx> era@xxxxxxx
<http://www.x500.eu/> http://www.x500.eu
<http://www.x500standard.com/> http://www.x500standard.com/



-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

Other related posts:

  1. Home
  2. x500standard
  3. Archive
  4. 06-2008