Peter:
Thanks for correcting my syntax. I should have used
"id-sha1-identifier" as the default, which is already defined for
RSA-PSS and RSA-OAEP.
I prefer identifiers before the associated value, but that is just style.
Russ
ESSCertIDv2 ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier DEFAULT id-sha1,
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
I prefer this approach because it is always fewer octets, and it generates
the same ESSCertID output when SHA-1 is used.
Adding new field at the end may be better for ASN.1 parsing
ESSCertIDv2 ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL, hashAlgorithm
[0] AlgorithmIdentifier DEFAULT { algorithm id-sha1 }
}