[cabfpub] ASN.1 Default Values
Enric Castillo
enric.castillo at anf.es
Fri Apr 4 10:12:09 UTC 2014
Hi,
We've received recently a bug from one of our partners, about a bad
encoding of our CRL, specifically the value onlyContainsCACerts that is
set "false", that has the same default value.
/ IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE,
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
-- at most one of onlyContainsUserCerts, onlyContainsCACerts,
-- and onlyContainsAttributeCerts may be set to TRUE./
I've read the ASN.1 Encoding Rules (
http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf ):
/11.5 Set and sequence components with default value
The encoding of a set value or sequence value shall not
include an encoding for any component value which is equal to its
default value.
/
Then, our CRL is wrong.
Also I've saw that a recent bugzila (
https://bugzilla.mozilla.org/show_bug.cgi?id=988633 ) was opened to
discuss a similar trouble, in terms that also affect ANF AC, because the
basic constraints are being malformated also. It seems that is a common
badformating, both certificates and CRL of many CA/B Forum members.
The reason why we included this fields is to emphasize some field that
we think that are important.
What position takes CA/B Forum?
Thanks,
Enric
--
ANF Autoridad de Certificación
*Enric Castillo*
Departamento de Ingeniería
ANF Autoridad de Certificación
enric.castillo at anf.es <mailto:enric.castillo at anf.es>
www.anf.es <https://www.anf.es>
*Aviso*
Este mensaje se dirige exclusivamente a su destinatario y puede contener
información privilegiada o confidencial y/o datos de carácter personal,
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y
la Ley de Servicios de la Sociedad de la Información. Si usted no es el
destinatario indicado (o el responsable de la entrega al mismo), no debe
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha
recibido este mensaje por error o lo ha conseguido por otros medios, le
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda
a su eliminación irreversible. Las opiniones, conclusiones y demás
informaciones incluidas en este mensaje que no estén relacionadas con
asuntos profesionales de ANF Autoridad de Certificación no están
respaldadas por la empresa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-anf.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4389 bytes
Desc: Firma criptogr??fica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140404/c2d66072/attachment.p7s>
More information about the Public
mailing list