ietf-smime
[Top] [All Lists]

Re: Comments To ESS-00 - SET OF

1997-11-04 18:17:57
The type defined as

  SecurityCategories ::= SET SIZE (1..ub-security-categories) OF
                             SecurityCategory

requires sorting under DER that would not be required if the
type were defined as a SEQUENCE OF. 

X.690, which defines DER restrictions in section 11, "Restrictions 
on BER employed by both CER and DER", states that for components of
type SET OF, "The encodings of the component values of a set-of 
value shall appear in ascending order, the encodings being compared
as octet strings."

Under DER, with SEQUENCE OF, the sender can control the order
of components, but with SET OF, the final sort requirement rules,
and sometimes may add unanticipated overhead to message processing.
It was primarily for this reason, the the SET specification is
based on PKCS #7 v1.6, and not v1.5. SET needed to use PKCS #7
types like

  Certificates ::= SEQUENCE OF Certificate

and avoid sorting what (hopefully) might be efficiently
organized certificate chains in SignedData. Same for the CRLs
and Attributes definitions.

Phil
-- 
Phillip H. Griffin         
ASN.1-SET-Java-Security    Griffin Consulting
asn1(_at_)mindspring(_dot_)com        1625 Glenwood Avenue
919.828.7114               Raleigh, North Carolina 27608 USA
------------------------------------------------------------
          Visit  http://www.fivepointsfestival.com
------------------------------------------------------------