"Pavel V. Smirnov" <spv(_at_)CryptoPro(_dot_)ru> writes:
Julien mentioned a point considered in Note 3: "Unless DER is used
throughout, it is recommended that the binary encoding of the ASN.1
structures being time-stamped be preserved when being archived to ensure
that the recalculation of the data hash is consistent".
Oh, I'm surprised this isn't the default for everything - are implementors
really trying to decode and re-encode data and expecting the signature to
still validate? Doing this violates the primary enoding rule, "There is only
one (re-)encoding mechanism and memcpy() is its name".