[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-legg-ldap-gser-abnf-06.txt and friends

To: Russ Housley <housley@vigilsec.com>, Bill Fenner <fenner@research.att.com>
Subject: Re: draft-legg-ldap-gser-abnf-06.txt and friends
From: hardie@qualcomm.com
Date: Wed, 28 May 2003 14:19:27 -0700
Cc: iesg@ietf.org
In-reply-to: <5.2.0.9.2.20030528155748.03c1db98@mail.binhost.com>
References: <200305252024.h4PKOOJ29268@windsor.research.att.com><200305231912.PAA21277@ietf.org> <p06001211baf4789c3a9c@[129.46.227.161]><200305252024.h4PKOOJ29268@windsor.research.att.com><5.2.0.9.2.20030528155748.03c1db98@mail.binhost.com>

Russ,
	Okay.  My reading of Jeff's original discuss is
that there is a concern that DER-->GSER is essentially
a one way transform (i.e. no way to get back to
the DER form in a way that doesn't break integrity
checks).  I believe the response by the authors to the discuss was
essentially to say that this is a known problem and
to increase the visibility of it in the Security Considerations
in draft-legg-ldap-gser-03.txt:


   The Generic String Encoding Rules do not define a canonical encoding.
   That is, a transformation from a GSER encoding into some other
   encoding (e.g. BER) and back into GSER will not necessarily reproduce
   exactly the original GSER octet encoding.  Therefore GSER SHOULD NOT
   be used where a canonical encoding is needed.

   Furthermore, GSER does not necessarily enable the exact octet
   encoding of values of the TeletexString, VideotexString,
   GraphicString or GeneralString types to be reconstructed, so a
   transformation from DER to GSER and back to DER may not reproduce the
   original DER encoding.  Therefore GSER SHOULD NOT be used where
   reversibility to DER is needed, e.g. for the verification of digital
   signatures.  Instead, DER or a DER-reversible encoding should be
   used.

	If this is not the current issue a pointer before the
call would be valuable to me, so that I can check through
the real issue.  If this is the issue, and we need to talk about
its appropriateness or the language in which it is stated,
then handling it tomorrow seems fine.
		thanks,
			Ted
At 3:59 PM -0400 5/28/03, Russ Housley wrote:

Ted:

Yes, I hold Jeff's discuss. And, I had an email exchange with him about it today. I was planning to discuss it on the telechat tomorrow. The way forward is not obvious to me.

Russ
At 12:47 PM 5/28/2003 -0700, hardie@qualcomm.com wrote:
Hi Bill,
        In reverse order:  No, the questions will never end.  Yes, you are
introducing a post-facto DISCUSS on a document (two, in fact!).  Since
...snip...
section"?  Am I attempting to retroactively apply a DISCUSS on a
document?  Will the questions never end?)

  Bill

Follow-Ups:
- Re: draft-legg-ldap-gser-abnf-06.txt and friends
  - From: Russ Housley <housley@vigilsec.com>

References:
- Re: draft-legg-ldap-gser-abnf-06.txt and friends
  - From: Bill Fenner <fenner@research.att.com>
- Agenda and Package for May 29, 2003 Telechat
  - From: Michael Lee <mlee@foretec.com>
- Re: Agenda and Package for May 29, 2003 Telechat
  - From: hardie@qualcomm.com
- Re: draft-legg-ldap-gser-abnf-06.txt and friends
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: draft-aromanov-snmp-hiqa-04
Next by Date: RE: draft-aromanov-snmp-hiqa-04
Previous by thread: Re: draft-legg-ldap-gser-abnf-06.txt and friends
Next by thread: Re: draft-legg-ldap-gser-abnf-06.txt and friends
Index(es):
- Date
- Thread