ietf-smime
[Top] [All Lists]

Re: flexibility of the ESSCertID field

2005-11-09 10:28:54

Peter:

Thanks for correcting my syntax. I should have used "id-sha1-identifier" as the default, which is already defined for RSA-PSS and RSA-OAEP.

I prefer identifiers before the associated value, but that is just style.

Russ


   ESSCertIDv2 ::=  SEQUENCE {
        hashAlgorithm AlgorithmIdentifier DEFAULT id-sha1,
        certHash Hash,
        issuerSerial  IssuerSerial OPTIONAL
   }

I prefer this approach because it is always fewer octets, and it generates
the same ESSCertID output when SHA-1 is used.


Adding new field at the end may be better for ASN.1 parsing

ESSCertIDv2 ::=  SEQUENCE {
        certHash Hash,
issuerSerial IssuerSerial OPTIONAL, hashAlgorithm [0] AlgorithmIdentifier DEFAULT { algorithm id-sha1 }
}