(inserted missed word; off to get coffee now)

On Mon, Aug 7, 2017 at 7:54 AM, Peter Bowen <pzbo...@gmail.com> wrote:
> On Mon, Aug 7, 2017 at 12:53 AM, Franck Leroy via dev-security-policy
> <dev-security-policy@lists.mozilla.org> wrote:
>> Hello
>>
>> I checked only one but I think they are all the same.
>>
>> The integer value of the serial number is 20 octets, but when encoded into 
>> DER a starting 00 may be necessary to mark the integer as a positive value :
>>
>>    0 1606: SEQUENCE {
>>    4 1070:   SEQUENCE {
>>    8    3:     [0] {
>>   10    1:       INTEGER 2
>>          :       }
>>   13   21:     INTEGER
>>          :       00 A5 45 35 99 1C E2 8B 6D D9 BC 1E 94 48 CC 86
>>          :       7C 6B 59 9E B3
>>
>> So the serialNumber (integer) value is 20 octets long but lenght can be more 
>> depending on the encoding representation.
>>
>> Here is ASCII (common representation when stored into a database: 
>> "A54535991CE28B6DD9BC1E9448CC867C6B599EB3" it is 40 octets long, VARCHAR(40) 
>> is needed.
>
> The text from 5280 says:
>
> " CAs MUST force the serialNumber to be a non-negative integer, that
>    is, the sign bit in the DER encoding of the INTEGER value MUST be
>    zero.  This can be done by adding a leading (leftmost) `00'H octet if
>    necessary.  This removes a potential ambiguity in mapping between a
>    string of octets and an integer value.
>
>    As noted in Section 4.1.2.2, serial numbers can be expected to
>    contain long integers.  Certificate users MUST be able to handle
>    serialNumber values up to 20 octets in length.  Conforming CAs MUST
>    NOT use serialNumber values longer than 20 octets."
>
> This makes it somewhat unclear whether the `00'H octet is to be included in
> the 20 octet limit or not. While I can see how one might view it
> differently, I think the correct interpretation is to include the
> leading `00'H octet in the count.  This is because
> CertificateSerialNumber is defined as being an INTEGER, which means
> "octet" is not applicable.  If it was defined as OCTET STRING, similar
> to how KeyIdentifier is defined, then octet could be seen as applying
> to the unencoded value.  However, given this is an INTEGER, the only
> way to get octets is to encode and this requires the leading bit to be
> zero for non-negative values.
>
> That being said, I think that it is reasonable to add "DER encoding of
> Serial must be 20 octets or less including any leading 00 octets" to
> the list of ambiguities that CAs must fix by date X, rather than
> something that requires revocation.
>
> Thanks,
> Peter
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to