Title:                               SV8 - Tagging in SV8 ASN.1 module

PDR Reference:                       M2100005             

Originator Reference:                

SARPs Document Reference:            Sub-Volume VIII 8.4 and 8.7, Sub-Volume IV 4.8,
				     and Sub-volume IX 9.2

Status:                              ACCEPTED

Impact:                              A

PDR Revision Date:                   08 Oct 2002 (Initial Draft)
				     29 Oct 2002 (Submitted)
				     06 Nov 2002 (Accepted)

Submitting State/Organization:       FAA

Submitting Author Name:              Simon Blake-Wilson

Submitting Author E-mail Address:    sblakewilson@bcisse.com

Submitting Author Supplemental Contact Information: 
				     phone - (+1) (416) 214-5961

SARPs Date:                          Doc 9705 Ed 3 (Jul 02)

P/OICS Date:                         -

SARPs Language:                      English

Summary of Defect:

SV8 currently uses AUTOMATIC TAGS in its ASN.1 module. This differs from other
PKI standards from ISO, ITU, and IETF which specify the use of EXPLICIT TAGS. 
The result is an incompatibility between encoding of, for example, ECDSA 
signatures according to SV8 and encoding of ECDSA signatures according to other 
standards when DER encoding is used (eg. for uncompressed certificates) which 
should be corrected.

Simultaneously, the opportunity should be taken to clarify:

- the difference between the "parameters" field in a certificate, and the 
  "Parameters" syntax defined to express ellpitic curve parameters. It is
  suggested to follow the PKIX approach, and rename "Parameters" as
  "EcpkParameters".

- the presence of the "serialNumber" and "validity" fields in ATN certificates.

- the use of UTCTime until 2050, and the use of GeneralizedTime after 2050 in
  accordance with X.509.


Assigned SME:                        Sub-Volume VIII SME

Proposed SARPs amendment:

1/ 4.8.4.1.1: Update note 2 below this clause to read:

"Note 2. - The Object Identifiers atnPKI, atnPKI-explicit, and securityExchanges 
 are defined and assigned values in 9.2.1.3."

2/ 4.8.4.1.1: Change the SV8 import in the ATNSecurityExchanges module from:

"atnPKI FROM
	ATNObjectIdentifiers {iso(1) identified-organization(3)
		icao(27) atn(0) objectIdentifiers(0) } -- Defined in 9.2.1.3

 ATNCertificates, ATNSecurityDateTime, ECDSA-Sig-Value FROM
	ATN-PKI atnPKI			-- Defined in Sub-volume VIII"

 to:

"atnPKI, atnPKI-explicit FROM
	ATNObjectIdentifiers {iso(1) identified-organization(3)
		icao(27) atn(0) objectIdentifiers(0) } -- Defined in 9.2.1.3

 ATNCertificates, ATNSecurityDateTime FROM
	ATN-PKI atnPKI				-- Defined in Sub-volume VIII

 ECDSA-Sig-Value FROM
	ATN-PKI-Explicit atnPKI-explicit	-- Defined in Sub-volume VIII"

3/ 8.4.3.1.2.1: Add a note after this clause (and immediately before 8.4.3.1.2.1.1), 
reading:

"Note. - When algorithm contains ecdsa-with-SHA1, parameters contains simply NULL, 
 not an encoding of EcpkParameters with value NULL. Specifically the use of
 AlgorithmIdentifier within ATN certificates can be specified by the following
 syntax, which replaces the definition from X.509 in AuthenticationFramework:

 SupportedAlgorithms ::=
 {
	{Parameters IDENTIFIED BY id-ecPublicKey} |
	{NULL IDENTIFIED BY ecdsa-with-SHA1 },
	...
 }"

4/ 8.4.3.1.3.1: Add a new clause and a note below this clause, reading:

"8.4.3.1.3.1.bis  The serialNumber field shall indicate the certificate serial number,
 which may be any integer value.

 Note. - The use of short serial numbers is encouraged to reduce the size of
 ATN certificates."

5/ 8.4.3.1.3.4: Replace the existing clause with the following:

"8.4.3.1.3.4  validity field

 8.4.3.1.3.4.1  The validity field shall represent times using the universal time type 
 UTCTime when the year represented is 2049 or earlier.
 
 8.4.3.1.3.4.2 The validity field shall represent times using the generalized time type 
 GeneralizedTime when the year represented is 2050 or later."

6/ 8.4.3.1.3.6: Replace the note immediately below this clause with the following:

"Note. - The subjectPublicKeyInfo field contains information about the public key 
 of the subject being certified. subjectPublicKeyInfo is of ASN.1 type 
 SubjectPublicKeyInfo, which is a sequence of AlgorithmIdentifier and the subject's 
 public key. AlgorithmIdentifier in turn is a sequence of an OID algorithm and 
 algorithm-specific parameters." 

7/ 8.4.3.1.3.6.2: replace this clause and all that follows it (including the note and
all ASN.1 productions) with the following:

"8.4.3.1.3.6.2  The  parameters field shall contain a value of the type EcpkParameters 
 as defined in ASN.1 module ATN-PKI-Explicit in 8.7.

 Note. - The syntax for EcpkParameters is based on the Parameters type specified in 
 ANSI X9.62 and SEC 1 with the type for ecParameters changed to NULL since only the 
 namedCurve choice is used for ATN certificates."

8/ 8.7: replace the existing ASN.1 module with the following:

"8.7.1  The abstract syntax used by the SSO and the ATN PKI shall comply with the description 
 contained in the ASN.1 modules ATN-PKI and ATN-PKI-Explicit (conforming to ITU-T Rec X.680), 
 as defined here.

 ATN-PKI { iso(1) identified-organization(3) icao(27)
	atn-security-requirements(5) modules(1) atnPKI(3) }

 DEFINITIONS AUTOMATIC TAGS ::= BEGIN

 -- EXPORTS ALL --

 IMPORTS

	AlgorithmIdentifier, Certificate, CertificateSerialNumber FROM
	AuthenticationFramework { joint-iso-ccitt ds(5) module(1)
		authenticationFramework(7) 3 }

	KeyUsage FROM
	CertificateExtensions { joint-iso-ccitt ds(5) module(1)
		certificateExtensions(26) 0 }

	securityExchanges FROM
	ATNObjectIdentifiers { iso(1) identified-organization(3)
		icao(27) atn(0) objectIdentifiers(0) }

	ATNAppendix FROM
	ATNSecurityExchanges securityExchanges

	;


 --
 -- Compressed Certificates
 --

 ATNCertificates ::= SEQUENCE
 {
	compressedUserCertificate	CompressedUserCertificate,
	certificatePath			ForwardCertificatePath OPTIONAL
 }

 CompressedUserCertificate ::= SEQUENCE
 {
	serialNumber		CertificateSerialNumber,
	algorithmIdentifier	AlgorithmIdentifier OPTIONAL,
	validity		ATNValidity,
	subjectPublicKey	BIT STRING,
	subjectAltName		ATNPeerId,
	issuerAltName		ATNPeerId,
	keyUsage		KeyUsage,
	encrypted		BIT STRING,
	...
 }

 ForwardCertificatePath ::= SEQUENCE OF CACertificates

 CACertificates ::= SEQUENCE OF CompressedUserCertificate


 --
 -- Entity Identifications
 --

 ATNPeerId ::= CHOICE
 {
	atn-ats-es-id	ATN-es-id,	-- required for ATS app entities
	atn-is-id	ATN-is-id,
					-- required for all intermediate systems
	atn-ca-id	ATN-ca-id,	-- required for all ATN CAs
	atn-other-id	ATN-other-id,	-- available for any non-ATS use
					-- AOC can put PSAPs here
	...
 }

 -- ATN ATS End Systems are defined by their AP-title as defined in
 -- Sub-volume IV.
 ATN-es-id ::= CHOICE
 {
	rel-air-ap-title	RELATIVE-OID,
			-- relative to { iso(1) identified-organization(3)
			-- icao(27) atn-end-system-air(1) }
	rel-ground-ap-title	RELATIVE-OID
			-- relative to { iso(1) identified-organization(3)
			-- icao(27) atn-end-system-ground(2) }
 }

 -- ATN Intermediate Systems are identified by their Network Entity
 -- Title, a 20-octet address.  The first 3 octets of this address are
 -- fixed to decimal 470027.  The RDF is the 8th octet of the NET and
 -- is fixed to the value 0.  The type below takes advantage of these
 -- facts and uses only 16 octets rather than the full 20.
 ATN-is-id ::= OCTET STRING (SIZE (16))


 ATN-ca-id ::= RELATIVE-OID
	-- relative to { iso(1) identified-organization(3) icao(27)
	-- atn-ca(6) }
	-- Note: this is one OID sub-identifier

 ATN-other-id ::= OCTET STRING

 --
 -- Supporting Types
 --

 ATNValidity ::= SEQUENCE
 {
	notBefore	ATNSecurityDateTime,
	notAfter	ATNSecurityDateTime
 }

 ATNSecurityDateTime ::= SEQUENCE
 {
	date	ATNSecurityDate,
	time	ATNSecurityTime
 }

 ATNSecurityDate ::= SEQUENCE
 {
	year	Year,
	month	Month,
	day	Day
 }

 Day ::= INTEGER (1..31)
 -- unit = Day, Range (1..31), resolution = 1

 Month ::= INTEGER (1..12)
 -- unit = Month, Range (1..12), resolution = 1

 ATNSecurityTime ::= SEQUENCE
 {
	hours	Timehours,
	minutes	Timeminutes,
	seconds	Timeseconds
 }

 Timehours ::= INTEGER (0..23)
 -- units = hour, range (0..23), resolution = 1

 Timeminutes ::= INTEGER (0..59)
 -- units = minutes, range (0..59, resolution = 1

 Timeseconds ::= INTEGER (0..59)
 -- units = seconds, range (0..59), resolution = 1

 Year ::= INTEGER (1996..2095)
 -- unit = Year, Range (1996..2095), resolution = 1

 NET ::= OCTET STRING (SIZE (20))


 --
 -- SSO Data Types
 --

 MacData ::= SEQUENCE
 {
	sourcePeerId	ATNPeerId,
	destPeerId	ATNPeerId,
	counter		INTEGER (0..MAX),
	userData	OCTET STRING OPTIONAL,
	random		INTEGER (0..4294967295) OPTIONAL,
			-- 32-bit unsigned integer
	atnSignature	ATNAppendix OPTIONAL
 }

 SignData ::= SEQUENCE
 {
	sourcePeerId	ATNPeerId,
	destPeerId	ATNPeerId,
	timeField	ATNSecurityDateTime,
	userData	OCTET STRING OPTIONAL
 }


 END -- ATN-PKI --


 --
 -- ASN.1 module containing supporting ASN.1 types that require the use of an
 -- explicit tagging environment.  Most of these definitions are reproduced
 -- from supporting standards (e.g., ANSI-X9-62 and SEC2).
 --

 ATN-PKI-Explicit { iso(1) identified-organization(3) icao(27)
	atn-security-requirements(5) modules(1) atnPKI-explicit(4) }

 DEFINITIONS EXPLICIT TAGS ::= BEGIN

 -- EXPORTS ALL --

 -- IMPORTS Nothing --

 --
 -- From ANSI X9.62
 --

 --
 -- The ECDSA-Sig-Value type is used for all ATN Signature values.
 --
 ECDSA-Sig-Value ::= SEQUENCE
 {
	r	INTEGER,
	s	INTEGER
 }
 
 --
 -- The EcpkParameters type is used in the subjectPublicKeyInfo field of ATN
 -- Certificates.  See 8.4.3.1.3.6.
 --
 EcpkParameters ::= CHOICE {
	ecParameters	[0] NULL, -- Not used in ATN, tag and type changed
	namedCurve	CURVES.&id ({CurveNames}),
	implicitCA	NULL -- Not used in ATN
 }

 --
 -- The ECPoint type is used for all ATN public keys.  See 8.4.3.1.3.6.3.
 -- 
 ECPoint ::= OCTET STRING

 --
 -- The OID ecdsa-with-SHA1 is used to identify the signature algorithm used
 -- by the ATN Signature Primitive.  See 8.4.3.1.2.1.
 --
 ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { 1 2 840 10045 4 1 }

 --
 -- The OID id-ecPublicKey is used in the subjectPublicKeyInfo field of ATN
 -- Certificates.  See 8.4.3.1.3.6.
 --
 id-ecPublicKey OBJECT IDENTIFIER ::= { 1 2 840 10045 2 1 } 

 --
 -- The CURVES type is an Information Object Class that is used to constrain
 -- the set of valid elliptic curves.  This Information Object Class is used
 -- below in the CurveNames Information Object Set to identify the elliptic
 -- curves that are used for the ATN.
 -- 
 CURVES ::= CLASS {
	&id	OBJECT IDENTIFIER UNIQUE
 }
 WITH SYNTAX { ID &id }

 --
 -- End From ANSI X9.62
 --


 --
 -- From SEC2
 --

 --
 -- The OID sect163r2 implicitly identifies the ATN user (standard strength)
 -- elliptic curve domain parameters.  See 8.4.3.1.3.6.2.1.
 --
 sect163r2 OBJECT IDENTIFIER ::= { 1 3 132 0 15 }

 --
 -- The OID sect233r1 implicitly identifies the ATN Certificate Authority
 -- (CA strength) elliptic curve domain parameters.  See 8.4.3.1.3.6.2.2.
 --
 sect233r1 OBJECT IDENTIFIER ::= { 1 3 132 0 27 }

 --
 -- End From SEC2
 --


 --
 -- CurveNames is the table (Information Object Set) of valid ATN curves.
 -- This Information Object Set replaces the CurveNames table in ANSI X9.62
 -- for the ATN.
 --
 CurveNames CURVES ::= {
	{ ID sect163r2 } |
	{ ID sect233r1 },
	...
 }


 END -- ATN-PKI-Explicit --"

9/ 9.2.1.3: Add the atnPKI-Explicit module OID to the ATNObjectIdentifiers module.
Insert the following immediately before the final line "END -- ATN OID definitions":

"atnPKI-explicit	OBJECT-IDENTIFIER ::= {modules 4 }"

Proposed CCB ASN.1 archive amendment:

Updated ASN.1 files for the CCB ASN.1 archive are attached. If this PDR is accepted, 
the CCB ASN.1 archive should be updated with these files.


Impact on interoperability: All implementations must implement this PDR since it 
includes changes to the ASN.1.

PDR Validation Status: The updated SV8 ASN.1 modules have been verified using a 
commercial ASN.1 compiler. This combined with inspection should be sufficient.

SME Recommendation to CCB:

CCB Decision: