From: Wolfgang Schneider <schneiw(_at_)darmstadt(_dot_)gmd(_dot_)de>
To: pem-dev(_at_)tis(_dot_)com
The revokedCertificates in the CRL is a {SEQUENCE ... OPTIONAL},
The definition I have makes revokedCertificates look more like {SEQUENCE ...}
OPTIONAL
This means that the encoding for revokedCertificates is absent..
i.e. in the BER code of a CRL must either appear a '30' tag
(for SEQUENCE) or nothing at this place. To code an ASN.1 NULL
with the '05' tag is clearly wrong.
Charles Gardiner's idea to code a SEQUENCE with zero length
brings up an interesting question. It is not very obvious to
me to do such a coding, but I don't remember that this is
ruled out by ISO 8825. If so, the distinguished encoding rules
(X.509, OIW Stable Agreements) should exclude such a coding
for optional elements; otherwise you would have a problem with
signed objects (which is the case with CRLs). I guess this
is a defect of DER, or do I miss something?
Wolfgang Schneider
Charlie is correct that a SEQUENCE containing OPTIONAL elements, all
of which have no value would be encoded as a SEQUENCE of zero length.
This is not ambiguous. However, this condition does not arise for PEM CRLs ...
John