Paul --
Just a clarification on your use of the term "null":
md2WithRSAEncryption defines the parameter to have ASN.1 type NULL, which is
encoded in DER as 05 00. As you observe, md2WithRSAEncryption requires the
parameter field; it cannot be absent.
The certificate list field of a CRL is an optional field. If the field is
present, there must be certificates in the list. By recent agreement, if there
are no certificates in the list, the list must be omitted. But in no case
would
this involve the ASN.1 type NULL; in no case would there be an 05 00 encoding.
Is this on the mark?
-- Burt
From the discussion on CRL's, as I recall, the decision was made that
absent CRL's were OPTIONAL and therefore just absent, not null in a DER
encoding. Using the same logic I am trying to discover why on a
AlgorithmIdentifier, there is an OBJECT IDENTIFIER followed by a null
since the next field is defined as ANY DEFINED BY algorithm OPTIONAL.
Wouldn't the same logic apply and the null be absent?
I am looking the TIS certificate serial number 1.
Tom,
In the case of MD2_RSA (which was used to sign the certificate),
the parameter is DEFINED to be null and therefore appears in the
encoding. This encoding is defined in PKCS #1.
For DER, a value is omitted iff it has the DEFAULT value. The
agreement that was reached for CRLs was that null would be the
DEFAULT value for the certificateList within a CRL.
I hope this helps,
Paul
---------------------------------
Paul Clark
Trusted Information Systems, Inc.
3060 Washington Road
Glenwood, MD 21738
E-Mail: paul(_at_)tis(_dot_)com
Phone: 301.854.6889
FAX: 301.854.5363
---------------------------------