Re: [Rescert] Draft of signed manifest design

To: Rob Austein <sra@hactrn.net>
Subject: Re: [Rescert] Draft of signed manifest design
From: Stephen Kent <kent@bbn.com>
Date: Mon, 4 Jun 2007 22:42:55 -0400
Cc: Resource Cert List <rescert@apnic.net>
In-reply-to: <20070530155312.1A63E22827@thrintun.hactrn.net>
List-archive: <http://www.apnic.net/mailing-lists/rescert>
List-help: <mailto:rescert-request@apnic.net?subject=help>
List-id: rescert.apnic.net
List-post: <mailto:rescert@apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/rescert>, <mailto:rescert-request@apnic.net?subject=unsubscribe>
References: <20070529221610.45A4E22827@thrintun.hactrn.net> <465CAF8B.8040702@apnic.net> <465CBB3F.5080502@apnic.net> <20070530000947.0F06C22827@thrintun.hactrn.net> <p06240505c2832e2746fe@[172.16.2.76]> <20070530155312.1A63E22827@thrintun.hactrn.net>

At 11:53 AM -0400 5/30/07, Rob Austein wrote:

Thanks, Steve.

One point where my writeup apparently was not clear:

 The only differences I see are:

	- you list a file name and a hash of the file name, whereas I
         list URIs.


My pseudocode was meant to indicate a hash of the file content, not a
hash of the filename.  The intent was to provide some protection
against replay of old copies of objects listed in the manifest.


OK, got it. That makes sense.

I don't have an issue with filenames vs full URIs, I was assuming that
the base portion of the URI was known and that I could thus cut the
size of the manifest a bit by listing only the filenames, but I doubt
it makes a great deal of difference either way.

I've revised the ASN.1 to make the file entries ordered pairs (filename and hash) and to include the file content hash alg ID. I keptmultiple lists, grouping certs vs. CRLs vs. ROAs. (Your example wasan undifferentiated list.) We probably need to establish a conventionthat the EE cert used to validate a manifest must be issued by the CAthat signed the certs and CRLs that are in the enumerated files, andthat the ROAs have to be signed by E certs that are issued by thesame CA.


Also, I'm not sure we need the "MAX" qualifiers here.

Steve
------

Manifest ::=    SEQUENCE {
        version         INTEGER DEFAULT 0, -- to allow for future versions

manifestNumber INTEGER, -- to identify manifests issuedbetween scheduled

				 -- issuance dates

thisUpdate GeneralizedTime, -- date and time thismanifest was issuednextUpdate GeneralizedTime, -- date and time of nextscheduled manifestfileHashAlg OID -- algorithm used to generate filecontent hash values

        certfiles       SEQUENCE (SIZE (1..MAX)) OF FileAndHash,

-- list of one of more cert file URIs andcontent hashes

        cRLfiles        SEQUENCE (SIZE (1..MAX)) OF FileAndHash,

-- list of one or CRL file URIs andcontent hashes

	rOAfiles        SEQUENCE (SIZE (1..MAX)) OF FileAndHash OPTIONAL

-- list of one or more ROA file URIsand content hashes

                        }

FileAndHash ::=	SEQUENCE {
	file		IA5String -- file name
	hash		(SIZE (1..MAX)) BIT STRING
			}

Prev by Date: Re: [Rescert] Another attempt to round off the IR-ISP protocol
Next by Date: [Rescert] revised (final?) manifest syntax
Previous by thread: [Rescert] (no subject)
Next by thread: [Rescert] revised (final?) manifest syntax
Index(es):
- Date
- Thread