From jlowry(_at_)bbn(_dot_)com Wed Jun 23 19:12:56 1993
From: "John Lowry" <jlowry(_at_)bbn(_dot_)com>
Date: Wed, 23 Jun 93 13:13:52 EDT
To: schneiw
Subject: Re: Proper way to represent a NULL (no entries) CRL?
Cc: pem-dev(_at_)tis(_dot_)com
From: Wolfgang Schneider <schneiw(_at_)darmstadt(_dot_)gmd(_dot_)de>
To: pem-dev(_at_)tis(_dot_)com
The revokedCertificates in the CRL is a {SEQUENCE ... OPTIONAL},
The definition I have makes revokedCertificates look more like {SEQUENCE ...}
OPTIONAL
Yes, that's what I meant; I mistyped it.
Charlie is correct that a SEQUENCE containing OPTIONAL elements, all
of which have no value would be encoded as a SEQUENCE of zero length.
This is not ambiguous. However, this condition does not arise for PEM CRLs
...
I agree with your example which is not ambiguous. What I thought was that a
{SEQUENCE OF ...} OPTIONAL could also be encoded as SEQUENCE with zero length
in the case that the dots have no value. This may be wrong, but I don't see it
from the ISO 8825 text why it should be ruled out. 8825 clause 15.2 about the
encoding of a SEQUENCE OF value says:
The contents octets shall consist of zero, one or more complete encodings
of data values from the type listed in the ASN.1 definition.
From this I read that the code of revokedCertificates could be both absent
or present with zero length in the case of an empty CRL. This would be ambiguous
and, therefore, should be ruled out through distinguished encoding rules.
John
Wolfgang