Bancroft Scott wrote:
Peter Williams <peter(_at_)verisign(_dot_)com> wrote:
If I defined an X.509 v3 extension:
foo EXTENSION ::= {
SYNTAX BOOLEAN : FALSE
IDENTIFIED BY id-foo
}
The DER-coding of a "false" boolean value for the extension
would presumably not exist in the byte stream, under DER
default coding rules.
That is, the octet-string of the extension identified
by id-foo would have no content octets, and thus be of
length 0.
Anyone disagree?
The definition of "foo" is invalid because what follows
"SYNTAX" must be a type, not a value. So you need to drop the
": FALSE" to arrive at valid syntax.
Ok.
Perhaps I should notate the "type" default value thus:
foo1 EXTENSION ::= {
SYNTAX BOOLEAN DEFAULT FALSE
IDENTIFIED BY id-foo1
}
Do you still think that
the DER-encoding does not exist in the byte stream? My reading
is that it always will exist, but I am not 100% certain because
I am away from the office and don't have ready access to X.509v3.
For the above corrected notation, Im still assuming
nothing is coded for the boolean value of false. The containing
octet string thus will have zero length and no content
octets. Im also now assuming the above defn. "foo1" is now
a legal ASN.1 type definition.
Remembering one of the X.509 DAMs formalises that EXTENSION is a notion which
wraps a DER-coded (Must be DER) value of the defined syntax in an octet-string,
as
its content octets, amongst other matters.
I think the outcome is such that an extension of identified by oid "foo1"
could have its value implied (by definition) by an octet-string
of no content.
Bancroft Scott
Open Systems Solutions, Inc.