Peter,
You are perfectly right.
My mistake.
Denis
The current ASN.1 in RFC 2634 is:
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
The proposal from draft-ietf-smime-escertid-00.txt is:
ESSCertIDEx ::= SEQUENCE {
certHash Hash,
hashAlg AlgorithmIdentifier DEFAULT {id-sha256},
issuerSerial IssuerSerial OPTIONAL
}
The proposal made on the PKIX mailing list is:
ESSCertIDv2 ::= SEQUENCE {
certHash OCTET STRING,
issuerSerial IssuerSerial,
hashAlgorithm AlgorithmIdentifier DEFAULT { sha-1 }
The advantage of the last proposal is backward compatibility with the
existing structure.
No it isn't, you've lost the 'OPTIONAL' on issuerSerial, making it non-
backwards-compatible. If you want it to have the properties you claim it has,
you'd need:
ESSCertIDv2 ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL,
hashAlgorithm AlgorithmIdentifier DEFAULT { sha-1 }
Peter.