Jan,
>I performed the following op on Alina's entry, forcing your DSA to return a
PartialOutputQualifier,
>containing a SET OF continuation references:
>
>search -object "@C=GB(_at_)O=University College London(_at_)OU=Computer
Science" -subtree -filter "CN=Alina DaCruz" -type accessControlList -show
-strong -protec
The failed signature on the search result could well be do with the
implementations coding differently the null semantics for each.
The following types from the Directory Abstract Service (1988) are of
the form "SET OF <type-data> OPTIONAL", with similar potential
DER-encoding ambiguity as with the PEM Revocation List.
EntryInformation (fromEntry)
PartialOutcomeQualifier (unexplored)
<DASOP>ArgumentData (extensions)
For SEQUENCE OF:
CertificationPath (theCACertificates)
Also, from DistributedOperations
ChainingResult (info) (For DSP multiple Cross References)
X.400 (1988) MTS Abstract Service looks immune, if std tokens are used. P7
Message
Store Bind is not so fortunate.
(Of course, also consider any attribute syntax for any std/non-std
attribute any provider cares to supply.)
The strategy we adopted here was to always preserve the original statement by
the information service provider, which is not necessarily the signing
DSA when deploying the distributed service. Ie. If the responding DSA
states there are no continuation references, then this is the statement
which it certifies/resigns. If there is no statement, then no bytes
represent the notion.
(PEM leading the system security-interworking field as usual...)