pk-init-27 comments, part 1

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

pk-init-27 comments, part 1

Love Hörnquist Åstrand

I started with the module itself.

asn.1 module:

l27.1 DomainParameters is imported but never used,
      this is since EC was dropped from -26.

l27.2: TYPED-DATA is imported, but never used in the module, just
       referenced it the text above.

l27.3: in the name of IMPLICIT-hell, PA-PK-AS-REQ.trustedCertifiers
       should be marked as IMPLICIT. I argue that IMPLICIT is evil and
       should just be dropped. Saving two bytes are not worth each of
       them. IMPLICIT dropings int the document seems very random to me.
       This can just be ignored as a rant.


          asChecksum              [1] Checksum,
                  -- Contains the checksum of the AS-REQ
                  -- corresponding to the containing AS-REP.
                  -- The checksum is performed over the type AS-REQ.

        this text is strange, and doesn't tell that encoding is used,
        it a Kerberos type, so DER is implicit. I propose:

          asChecksum              [1] Checksum,
                  -- Contains the checksum over the DER encoded type
                  -- AS-REQ corresponding to the current AS-REP.

        I'm still not happy, but it will do for me, please make it better.

        N.B. PKAuthenticator.paChecksum have the same problem (missing
        encoding type).

l27.5: id-pksan is defined in the document, but in the asn1 module,
        is this since its not in the pk-init arc ?

attachment0 (487 bytes) Download Attachment