Re: X509SerialNumber schema from Thomas Maslen on 2001-03-16 (w3c-ietf-xmldsig@w3.org from January to March 2001)

From: Thomas Maslen <maslen@dstc.edu.au>
Date: Fri, 16 Mar 2001 20:24:57 +1000
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
cc: w3c-ietf-xmldsig@w3.org
Message-Id: <200103161024.f2GAOMJ21749@piglet.dstc.edu.au>

> X.509v3 defines CertificateSerialNumber as INTEGER.  

Right.

A number (no pun intended) of other ASN.1 INTEGER values from X.509 are also 
mapped into xmldsig constructs, including:

    6.4.1:  DSAKeyValue P, Q, G, Y, J, Seed and PgenCounter are all Base64

    6.4.2:  PKCS#1 SignatureValue.

    6.4.2:  RSAKeyValue Modulus and Exponent are both Base64

Section 6.4.2 also contains a paragraph that reads:

        Arbitrary-length integers (e.g. "bignums" such as RSA modulii) are 
        represented in XML as octet strings.  The integer value is first 
        converted to a "big endian" bitstring. The bitstring is then padded 
        with leading zero bits so that the total number of bits == 0 mod 8 
        (so that there are an even number of bytes). If the bitstring 
        contains entire leading bytes that are zero, these are removed (so 
        the high-order byte is always non-zero). This octet string is then 
        base64 [MIME] encoded. (The conversion from integer to octet string
        is equivalent to IEEE 1363's I2OSP [1363] with minimal length).

Given this, encoding the X509SerialNumber element as an xml-schema integer 
seems pretty inconsistent with the rest of the xmldsig spec.

> But it isn't our fault that instead of just numbering their certificates 
> 1, 2, 3, ... as was presumably the original concept, some CA's seem to want 
> to encode lots of private extension information and the kitchen sink into 
> this field or use a hash or whatever.

We may not like it, but for better or worse it is an arbitrary-length integer
and has to be treated as one.

> We need feedback from implementors.

An xmldsig implementation already needs code to handle Base64 (simple);
requiring (more complex) bignum-to-decimal and decimal-to-bignum code as well,
just to make small-integer certificate serial numbers look nice in the XML,
would be unfortunate.  Not a big deal on a desktop machine, where code bloat
is the order of the day, but possibly the last straw for trying to make 
xmldsig useful on a PDA.

By the way, is that paragraph from section 6.4.2 intended to apply to all 
bignums, e.g. the DSA ones in section 6.4.1?

Thomas Maslen
DSTC

Received on Friday, 16 March 2001 05:25:14 UTC