So what I conclude is that any specification which uses OPTIONAL SEQUENCE or
SET elements and fails to specify a meaning for when it is empty or missing
cannot expect a canonical encoding even if it uses DER.
Yes indeed. This is just one of dozens of things you have to watch out for in
ASN.1 specifications; the language is not immune from ambiguities, be they
DER-related or not.
I further conclude
that an application for which a missing or empty set (sequence) is
semantically
identical but wants a canonical encoding should perhaps avoid use of the
OPTIONAL and expect to see the empty set encoded.
Yes indeed. As near as I can tell there are three solutions:
(1) Remove the OPTIONAL. Now the sequences are required but can be empty.
(2) Change the OPTIONAL to DEFAULT {}. Now an empty sequence is declared to
have identical semantics and must be encoded by omitting it entirely (when
DER is used).
(3) Put a lower bound of 1 on the sequence size.
I really like (2) a lot; I think it is the right way to go. I don't know why
the X.400 specifications seem to prefer approach (3) though -- does someone
have a comment to make about that?
Ned