[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xcbf] Discussion document on XCBF spec
> If we are saying that some (random) types have to be CXER-encoded and > others can be XER, then the "clearly" bit gets quite problematic. > (There will be border issues, for example on white-space where the two > encoding rules change over. But maybe we accept the presence of bugs > until an interworking problem arises, in the interests of getting this > stuff out of the door.) I have no problems with the potential bugs because it is standard practice today to mix BER and DER in messages and I would think its parallel (XER and CXER) would be no different. I guess it is up to Tyky if we have a NetMeeting or phone conference. I personally would prefer a conference call as I think NetMeeting is too buggy (dropped connections and the like). Ed ----- Original Message ----- From: "John Larmouth" <j.larmouth@salford.ac.uk> To: "Ed Day" <eday@obj-sys.com> Cc: "xcbf" <xcbf@lists.oasis-open.org> Sent: Thursday, May 08, 2003 9:29 AM Subject: Re: [xcbf] Discussion document on XCBF spec > Ed Day wrote: > > I don't know that any open types are involved. When I follow the chain down > > from BiometricSyntax through IntegrityObjects to SignedData, I see the > > certificate options as OCTET STRINGS. > > > > Perhaps outer-level encoding is not the right way to say this. If you look > > at the sample encodings in the back, they show complete messages encoded in > > XER and CXER form. I think all we are saying is that the CXER form can't be > > used if the integrityObject option of the CHOICE is used and it contains one > > of the Base64 encoded certificate options. > > I am not sure I understand this. Is there a typo with the last CXER > above - should be XER???? > > One of the problems is with: > > DigitalSignature ::= SEQUENCE { > back algorithmID SignatureAlgorithmIdentifier, > signature OCTET STRING > ( CONSTRAINED BY { -- signature on a value of -- > EncodedBiometricObjects }) > } > > Signature "on a value of" is misleading, but other text makes it clear > that the signature OCTET STRING contains an encryption transform > (identified by the SignatureAlgorithmIdentifier) of the *C*XER encodig > of EncodedBiometricObjects, which is an Open Type containing > BiometricObjects (as in my previous e-mail). Note that this formally > means that the signature is applied to the XER wrapper round > BiometricObjects, not just to the content. I suspect this was an error, > but I do not intend to try to correct it, and I have noticed similar > "error"s in other earlier pieces of Phil's specs, so we will let that lie. > > > Granted this is a deviation from standard XER encoding, but we have already > > established that to be the case. > > I guess I still need clarity on what encodings we want to apply to what > parts of the spec, and whether we are prepared to DEVIATE from the ASN.1 > encoding rules, or just (as was agreed in the telecon) merely to > ANTICIPATE them. > > I think doing something which neither conforms to the current ASN.1 text > NOR to the expected text for EXTENDED-XER would be a very BAD idea, and > is not what was agreed. > > But I suppose that if we can't keep everyone happy without defining our > own deviations, then we can in theory do that, but we must do it openly, > clearly, and honestly. > > If we are saying that some (random) types have to be CXER-encoded and > others can be XER, then the "clearly" bit gets quite problematic. > (There will be border issues, for example on white-space where the two > encoding rules change over. But maybe we accept the presence of bugs > until an interworking problem arises, in the interests of getting this > stuff out of the door.) > > I don't know if we are really serious about an application that starts > off with an XML encoding and goes to a relay (that knows only the ASN.1 > spec) which converts to PER, and then to another that also knows only > the ASN.1 spec and converts to a new XML encoding, but if we ARE serious > about that application, we have to be very careful about changing > encoding rules in a non-formal way. > > I fear that the more we discuss this stuff, the less clear I get on > where we are heading. > > Ed, you seem to be saying "Let's treat the examples as normative, and > try to fix the formal spec to fit them." We can try to do that, but I > am not sure it will be easy, and it will probably raise the same > questions we have above about deviation rather than anticipation. > > I guess I want to repeat my suggestion of a NetMeeting. At present, I > am not sure we are converging. > > John L > > > > > > Ed > > > > ----- Original Message ----- > > From: "John Larmouth" <j.larmouth@salford.ac.uk> > > To: "Ed Day" <eday@obj-sys.com> > > Cc: "xcbf" <xcbf@lists.oasis-open.org> > > Sent: Wednesday, May 07, 2003 3:55 PM > > Subject: Re: [xcbf] Discussion document on XCBF spec > > > > > > > >>I take your point on not using BASIC-XER, although I would prefer to use > >> "basic XER" if you are agreeable, to avoid confusion. > >> > >>But your point b) unfortunately is not possible unless the Open Type is > >>changed to an OCTET STRING. Open types are *always* (in all encoding > >>rules) encoded according to the same encoding as the outer-level encoding. > >> > >>So even if you start with a CXER encoding (which indeed *is* a valid > >>basic XER encoding), going through a PER relay can produce a non-CXER > >>encoding (some other basic XER encoding, as there is no formal knowledge > >>that it should be CXER), so the receiving application will need to > >>decode and re-encode with CXER in order to check the signature etc. But > >>provided that is understood and clearly spelled out, this is a workable > >>solution. > >> > >>John L > >> > >> > >>Ed Day wrote: > >> > >>>The combination we were closest to at the end was: > >>> > >>>a) BASE64 for the CertificateSet and CertificateRevocationList OCTET > >>>STRING's > >>> > >>>b) XER for the outer level encoding and CXER for the BiometricObjects > >> > > (note: > > > >>>for the purpose of this document, the term "BASIC-XER" is not recognized > >>>because it does not exist in any published standard). > >>> > >>>Regards, > >>> > >>>Ed > >>> > >>> > >>>----- Original Message ----- > >>>From: "John Larmouth" <j.larmouth@salford.ac.uk> > >>>To: "Ed Day" <eday@obj-sys.com> > >>>Cc: "xcbf" <xcbf@lists.oasis-open.org> > >>>Sent: Wednesday, May 07, 2003 2:23 PM > >>>Subject: Re: [xcbf] Discussion document on XCBF spec > >>> > >>> > >>> > >>> > >>>>A further reply: > >>>> > >>>>We have four options now (combinations of a) and b) below): > >>>> > >>>>a) Use of BASE64 or not for the DER encodings in the OCTET STRINGs > >>>> > >>>>b) Use of CXER or BASIC-XER as the outer-level encoding. > >>>> > >>>>It is my honest belief that clear conformant text can be produced for > >>>>all four combinations (but with very different imlications for the > >>>>complexity of implementations, particularly if relaying in and out of > >>>>PER is being envisaged - see an earlier e-mail). I am prepared to > >>>>produce draft text for **any two** out of the four, but not for all > >>>>four! You can then decide which you like best. > >>>> > >>>>Let me know which two you want text for. (Noting that BASE64 is > >>>>currently in, but that the current text is ambiguous/inconsistent on b) > >>>>above.) > >>>> > >>>>Would a NetMeeting, once Paul is back from holiday and can host it, be a > >>>>useful way of resolving this, or do you want to try to settle it sooner > >>>>by e-mail? > >>>> > >>>>John L > >>>> > >>>> > >>>>Ed Day wrote: > >>>> > >>>> > >>>>>It was my understanding from Phil that CXER could not be used for the > >>>> > >>>entire > >>> > >>> > >>>>>message because the Base-64 encoded DER components would violate the > >>>> > >>>CXER > >>> > >>> > >>>>>rules for OCTET STRING encodings. > >>>>> > >>>>>Regards, > >>>>> > >>>>>Ed > >>>>> > >>>>>----- Original Message ----- > >>>>>From: "John Larmouth" <j.larmouth@salford.ac.uk> > >>>>>To: "Ed Day" <eday@obj-sys.com> > >>>>>Cc: "xcbf" <xcbf@lists.oasis-open.org> > >>>>>Sent: Wednesday, May 07, 2003 12:52 PM > >>>>>Subject: Re: [xcbf] Discussion document on XCBF spec > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>The document is currently inconsistent, Ed. Do we intend CXER > >>>>> > > encoding > > > >>>>>>for everything excpet DER, or use of basic XER at the outer-level? > >>>>>> > >>>>>>I think minimum changes mean we do everything with CXER (and DER), and > >>>>>>remove any text that implies the opposite - probably only a sentence > >>>>> > > or > > > >>>>>>two, at most. > >>>>>> > >>>>>>I will produce a document to that effect in the next few days. > >>>>>> > >>>>>>John L > >>>>>> > >>>>>>Ed Day wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>>I think given this late date that changes should be kept to a > >>>>>> > > minimum. > > > >>>>>What > >>>>> > >>>>> > >>>>> > >>>>>>>is there has already been approved for the most part. Only a few > >>>>>> > >>>tweaks > >>> > >>> > >>>>>>>describing how the Base64 encoding is to be accomplished should be > >>>>>>>necessary. I think any big changes need to be deferred to the next > >>>>>> > >>>>>version. > >>>>> > >>>>> > >>>>> > >>>>>>>Regards, > >>>>>>> > >>>>>>>Ed Day > >>>>>>> > >>>>>>> > >>>>>>>----- Original Message ----- > >>>>>>>From: "John Larmouth" <j.larmouth@salford.ac.uk> > >>>>>>>To: <j.larmouth@salford.ac.uk> > >>>>>>>Cc: "xcbf" <xcbf@lists.oasis-open.org> > >>>>>>>Sent: Sunday, May 04, 2003 4:26 PM > >>>>>>>Subject: Re: [xcbf] Discussion document on XCBF spec > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>To reply to my own message: > >>>>>>>> > >>>>>>>>John Larmouth wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>I understand that you should be getting notification of that upload > >>>>>>>>>automatically, but it has not come back to *me* yet. > >>>>>>>> > >>>>>>>>It still has not come (but I understand that others have got it). > >>>>>>> > >>>Maybe > >>> > >>> > >>>>>>>>the person posting the document does not get the noticiation? But > >>>>>>> > >>>this > >>> > >>> > >>>>>>>>is not the first time that OASIS mailings have taken a couple of > >>>>>>> > > days > > > >>>to > >>> > >>> > >>>>>>>>reach me when others have got them (don't know why - guess the > >>>>>>> > > server > > > >>>is > >>> > >>> > >>>>>>>>anti-English!). > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>(There is no formal mechanism - even with Amendment 1 in place - to > >>>>>>>>>formally forbid a HEX encoding. You can allow a BASE64 encoding as > >>>>>>>> > >>>an > >>> > >>> > >>>>>>>>>encoder's option, but you cannot express formally that you require > >>>>>>>>>(only) that to be used instead of HEX. > >>>>>>>> > >>>>>>>>I got this wrong - getting too old! The BASE64 encoding instruction > >>>>>>>>*does* prohibit use of HEX (otherwise we would have ambiguous > >>>>>>>>encodings), but it does NOT mandate BASE64 - use of XML mark-up for > >>>>>>> > >>>the > >>> > >>> > >>>>>>>>contents is still allowed as an encoders option. > >>>>>>>> > >>>>>>>>Sorry for the wrong information. > >>>>>>>> > >>>>>>>>(I don't think this affects the main discussion on what we want for > >>>>>>> > >>>>>XCBF.) > >>>>> > >>>>> > >>>>> > >>>>>>>>John L > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>-- > >>>>>>PLEASE NOTE - As an anti-SPAM measure, e-mails will shortly > >>>>>>not be accepted by my machine from an unknown sender unless > >>>>>>the subject contains the phrase "Hi John". > >>>>>> > >>>>>>If you pass my e-mail address to others (which I am very happy > >>>>>>for you to do) please tell them to include this phrase in the > >>>>>>subject line of their first mailing to me. Thanks. > >>>>>> > >>>>>> Prof John Larmouth > >>>>>> Larmouth T&PDS Ltd > >>>>>> (Training and Protocol Development Services Ltd) > >>>>>> 1 Blueberry Road > >>>>>> Bowdon j.larmouth@salford.ac.uk > >>>>>> Cheshire WA14 3LS (put "Hi John" in subject) > >>>>>> England > >>>>>> Tel: +44 161 928 1605 Fax: +44 161 928 8069 > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>-- > >>>>PLEASE NOTE - As an anti-SPAM measure, e-mails will shortly > >>>>not be accepted by my machine from an unknown sender unless > >>>>the subject contains the phrase "Hi John". > >>>> > >>>>If you pass my e-mail address to others (which I am very happy > >>>>for you to do) please tell them to include this phrase in the > >>>>subject line of their first mailing to me. Thanks. > >>>> > >>>> Prof John Larmouth > >>>> Larmouth T&PDS Ltd > >>>> (Training and Protocol Development Services Ltd) > >>>> 1 Blueberry Road > >>>> Bowdon j.larmouth@salford.ac.uk > >>>> Cheshire WA14 3LS (put "Hi John" in subject) > >>>> England > >>>> Tel: +44 161 928 1605 Fax: +44 161 928 8069 > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >>-- > >>PLEASE NOTE - As an anti-SPAM measure, e-mails will shortly > >>not be accepted by my machine from an unknown sender unless > >>the subject contains the phrase "Hi John". > >> > >>If you pass my e-mail address to others (which I am very happy > >>for you to do) please tell them to include this phrase in the > >>subject line of their first mailing to me. Thanks. > >> > >> Prof John Larmouth > >> Larmouth T&PDS Ltd > >> (Training and Protocol Development Services Ltd) > >> 1 Blueberry Road > >> Bowdon j.larmouth@salford.ac.uk > >> Cheshire WA14 3LS (put "Hi John" in subject) > >> England > >> Tel: +44 161 928 1605 Fax: +44 161 928 8069 > >> > >> > > > > > > > > > > > -- > PLEASE NOTE - As an anti-SPAM measure, e-mails will shortly > not be accepted by my machine from an unknown sender unless > the subject contains the phrase "Hi John". > > If you pass my e-mail address to others (which I am very happy > for you to do) please tell them to include this phrase in the > subject line of their first mailing to me. Thanks. > > Prof John Larmouth > Larmouth T&PDS Ltd > (Training and Protocol Development Services Ltd) > 1 Blueberry Road > Bowdon j.larmouth@salford.ac.uk > Cheshire WA14 3LS (put "Hi John" in subject) > England > Tel: +44 161 928 1605 Fax: +44 161 928 8069 > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]