Hi,
On Jul 15, 2015, at 6:52 AM, Richard Hansen <rhansen(_at_)bbn(_dot_)com>
wrote:
3. Require line breaks in the Base64 string. For example, change
Section 2.1 item #3 from:
3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509],
encoded in Base64 (see Section 4 of [RFC4648].
to:
3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509],
encoded in Base64 (see Section 4 of [RFC4648]). To avoid
long lines, a <CRLF> or <LF> line break MUST be inserted into
the Base64 encoded string every 75 or fewer characters.
I prefer option #3. If I understand correctly, OpenSSL's Base64 BIO
filter has two modes: no newlines permitted or newlines must be
inserted every 79 or fewer characters.
I am fine with this option. I agree that it's better to have this explicit. De
facto this is what everyone is doing now, and I see no issues with our running
code (both trust anchor code producing TALs, and validator code parsing this).
Regards
Tim Bruijnzeels
(RIPE NCC)