This is definitely a problem with the definition of DER in X.509. It is not
addressed in X.509 (93) or in ISO 8825-3 (CER and DER) either.
I disagree. Neither DER nor CER are responsible for this problem. In general it
is possible and perfectly legal to assign different semantics to omission of a
sequence versus the presence of an empty sequence. Since these can be used to
mean different things is not the job of the encoding rules to make these
produce the same bits on the wire. In fact, it would be illegal for an encoding
to do this because important semantics could actually be lost.
Note that this does not apply to the use of DEFAULT. The ASN.1 definition of
DEFAULT explicitly says that omitting an element with a DEFAULT value is
semantically identical to having the element there and set to its default
value. As such, the DER and CER have to equate these two at the bit level, and
this is exactly what they do.
RFC 1422
should mandate one of the two encodings, and someone should write a defect
report on the relevant standards. Or RFC 1422 could just drop the "OPTIONAL"
keyword...
This last statement is correct. There is an ambiguity in RFC1422 -- two
different ASN.1 objects can be used to represent the same thing. No amount of
discussion about which one should be used changes the fact that the formal
specification allows both. And this does need to be fixed. I don't particularly
care if the OPTIONAL is dropped or the length of the sequence, if the sequence
is present, is constrained to be greater than 0. Either approach gets rid of
the ambiguity.
Ned