Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Peter Sylvester <Peter.Sylvester at edelweb.fr>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 07 Oct 2008 08:10:08 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <48EB745B.9050403 at edelweb.fr>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <E1KnDKN-0005hN-Q8 at wintermute01.cs.auckland.ac.nz> <48EB745B.9050403 at edelweb.fr>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 07 Oct 2008 16:38:19 +0200,
Peter Sylvester wrote:
> 
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; ISO-8859-1 (7bit)>]
> I am not sure that the following structure is properly defined:
> 
> 
> Structure of this message:
> 
>       opaque ASN.1Cert<1..2^24-1>;
> 
>       struct {
>           ASN.1Cert certificate_list<0..2^24-1>;
>       } Certificate;
> 
>    certificate_list
>       This is a sequence (chain) of certificates. 
> 
> A little bit later: 
> 
> Also, PKCS #7 defines a SET rather than a SEQUENCE, making the task
>    of parsing the list more difficult. 
> 
> Still, there is no thing that indicates D|B|XER encoding of
> something like  SEQUENCE OF Certificate" 

I don't think I understand the question: this isn't any kind of 
ASN.1 structure. It's a TLS vector DER-encoded certs. 
I.e.

24-bit length field = Y
   24-bit length field = X  \ cert 1
   encoded cert (length X)  /
   24-bit length field = W  \ cert 2
   encoded cert (length W)  /

-Ekr

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Sylvester

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Sylvester

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.