> Jeff,
>
> My copy of the RFC specifies the revokedCertificates element as OPTIONAL.
> This means that if there are no entries then there is no encoding and
> therefore the NULL does not belong.
>
> John
>
This is an interesting interpretation. One might also argue that
"optional" implies that either form (with and without the NULL)
is correct, and that the decoding routine should be smart enough
to handle both cases.
Since both crls and certs have a well defined structure, we
chose to encode with the null and eliminate ambiguity in the
general case where an oid might appear more than once within
an encoded object.
At this point I guess I would be interested to get Steve Kent's
interpretation...
Paul
---------------------------------
Paul Clark
Trusted Information Systems, Inc.
3060 Washington Road
Glenwood, MD 21738
E-Mail: paul(_at_)tis(_dot_)com
Phone: 301.854.6889
FAX: 301.854.5363
---------------------------------