[cabfpub] ASN.1 Default Values

Enric Castillo enric.castillo at anf.es
Fri Apr 4 03:12:09 MST 2014 

Hi,

We've received recently a bug from one of our partners, about a bad 
encoding of our CRL, specifically the value onlyContainsCACerts that is 
set "false", that has the same default value.

/   IssuingDistributionPoint ::= SEQUENCE {
         distributionPoint          [0] DistributionPointName OPTIONAL,
         onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
         onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
         onlySomeReasons            [3] ReasonFlags OPTIONAL,
         indirectCRL                [4] BOOLEAN DEFAULT FALSE,
         onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }

         -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
         -- and onlyContainsAttributeCerts may be set to TRUE./

I've read the ASN.1 Encoding Rules ( 
http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf ):
/11.5 Set and sequence components with default value
             The encoding of a set value or sequence value shall not 
include an encoding for any component value which is equal to its 
default value.
/

Then, our CRL is wrong.

Also I've saw that a recent bugzila ( 
https://bugzilla.mozilla.org/show_bug.cgi?id=988633 ) was opened to 
discuss a similar trouble, in terms that also affect ANF AC, because the 
basic constraints are being malformated also. It seems that is a common 
badformating, both certificates and CRL of many CA/B Forum members.


The reason why we included this fields is to emphasize some field that 
we think that are important.

What position takes CA/B Forum?


Thanks,
Enric
-- 

ANF Autoridad de Certificación

*Enric Castillo*
Departamento de Ingeniería
ANF Autoridad de Certificación
enric.castillo at anf.es <mailto:enric.castillo at anf.es>
www.anf.es <https://www.anf.es>

*Aviso*

Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial y/o datos de carácter personal, 
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y 
la Ley de Servicios de la Sociedad de la Información. Si usted no es el 
destinatario indicado (o el responsable de la entrega al mismo), no debe 
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha 
recibido este mensaje por error o lo ha conseguido por otros medios, le 
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda 
a su eliminación irreversible. Las opiniones, conclusiones y demás 
informaciones incluidas en este mensaje que no estén relacionadas con 
asuntos profesionales de ANF Autoridad de Certificación no están 
respaldadas por la empresa.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4389 bytes
Desc: Firma criptogr??fica S/MIME
Url : https://cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment.bin

More information about the Public mailing list