pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Proper way to represent a NULL (no entries) CRL?

1993-06-24 09:37:00
from [Jeff Thompson] [Permanent Link] 


The question then is what should be generated. For generality
I would prefer the encoded null sequence. If the group at
large does not concur then we will modify our software accordingly.

              Paul


The question is "What is the DER encoding".  Software like ours always
recodes any incoming certificates or CRLs into what we understand to
be the distinguished encoding.  We always remove a certificate version
if is specifies the DEFAULT v1988.  And as John Lowry says, along with
the rest of the concensus we found, we remove an empty SEQUENCE of CRL
entries.

If your CRl signature is not computed on the DER encoding, you may
have interoprability problems.  I can sure tell you our current RFC
1424 CRL storage service will reject a CRL with an empty SEQUENCE of
CRL entries.

- Jeff
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Proper way to represent a NULL (no entries) CRL?, John Lowry
Next by Date:  Re: Proper way to represent a NULL (no entries) CRL?, Steve Kent
Previous by Thread:  Re: Proper way to represent a NULL (no entries) CRL?, Paul C. Clark
Next by Thread:  Re: Proper way to represent a NULL (no entries) CRL?, John Lowry
Indexes:  [Date] [Thread] [Top] [All Lists]