pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proper way to represent a NULL (no entries) CRL?

1993-06-23 09:45:00
from [Wolfgang Schneider] [Permanent Link] 
The revokedCertificates in the CRL is a {SEQUENCE ... OPTIONAL},
i.e. in the BER code of a CRL must either appear a '30' tag
(for SEQUENCE) or nothing at this place. To code an ASN.1 NULL
with the '05' tag is clearly wrong.

Charles Gardiner's idea to code a SEQUENCE with zero length
brings up an interesting question. It is not very obvious to
me to do such a coding, but I don't remember that this is
ruled out by ISO 8825. If so, the distinguished encoding rules
(X.509, OIW Stable Agreements) should exclude such a coding
for optional elements; otherwise you would have a problem with 
signed objects (which is the case with CRLs). I guess this
is a defect of DER, or do I miss something?

Wolfgang Schneider
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Proper way to represent a NULL (no entries) CRL?, Paul C. Clark
Next by Date:  Re: Proper way to represent a NULL (no entries) CRL?, John Lowry
Previous by Thread:  Re: Proper way to represent a NULL (no entries) CRL?, Steve Kent
Next by Thread:  Re: Proper way to represent a NULL (no entries) CRL?, John Lowry
Indexes:  [Date] [Thread] [Top] [All Lists]