See comments below:
-----Original Message-----
From: Andrew Farrell [mailto:afarrell(_at_)baltimore(_dot_)ie]
Sent: Tuesday, September 19, 2000 7:42 AM
To: ietf-pkix(_at_)imc(_dot_)org
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Q: Is possible indefinite form of length encoding in DER?
<SNIP/>
On the ridiculous end of this rule is a certificate in which everything
is indefinite length encoded - perfectly valid AFAIK, as long as you
re-encode before verifying.
<KWK>
Further complicating matters is the fact that some commercial products
incorrectly sign the BER encoding. So to validate a signature against a
BER-encoded message, you may have to try validating the with the transmitted
encoding and if that fails try re-coding and validating against the
DER-encoding of the message. (Note that signing BER is flawed if there is a
possibility that an intermediate processor will re-code the BER encoding
into a different but equivalent BER encoding. This usually doesn't happen
with BER, but it is expected to happen with XML-encoded documents. Thus
there is increased emphasis on "canonicalization" procedures for XML digital
signatures.)
</KWK>
<SNIP/>