From the discussion on CRL's, as I recall, the decision was made that
absent CRL's were OPTIONAL and therefore just absent, not null in a DER
encoding. Using the same logic I am trying to discover why on a
AlgorithmIdentifier, there is an OBJECT IDENTIFIER followed by a null
since the next field is defined as ANY DEFINED BY algorithm OPTIONAL.
Wouldn't the same logic apply and the null be absent?
I am looking the TIS certificate serial number 1.
Tom,
In the case of MD2_RSA (which was used to sign the certificate),
the parameter is DEFINED to be null and therefore appears in the
encoding. This encoding is defined in PKCS #1.
For DER, a value is omitted iff it has the DEFAULT value. The
agreement that was reached for CRLs was that null would be the
DEFAULT value for the certificateList within a CRL.
I hope this helps,
Paul
---------------------------------
Paul Clark
Trusted Information Systems, Inc.
3060 Washington Road
Glenwood, MD 21738
E-Mail: paul(_at_)tis(_dot_)com
Phone: 301.854.6889
FAX: 301.854.5363
---------------------------------