Bancroft Scott wrote:
Perhaps I should notate the "type" default value thus:
foo1 EXTENSION ::= {
SYNTAX BOOLEAN DEFAULT FALSE
IDENTIFIED BY id-foo1
}
That is invalid syntax. "DEFAULT FALSE" is not allowed
according to the definition of EXTENSION.
I understand this (now), and can see how ASN.1 actually
is designed to prevent such a notion, under any
legal expression. Im very happy; there
must be bytes in the extension's octet-string, as it must be
an ASN.1 type (and ASN.1 seems to guarantee by its
grammar that at least one value exists - in the form
of 2 or more octets when encoded using DER, and we
required to use DER!)
Was this ASN.1 property by design of those who constructed
ASN.1? was its nature a choice of those who
formaulted the EXTENSION definition? I understand
that the EXTENSION class could have been defined to
faciliate specification of default valued (fixed) types,
but did not. Was the above propoerty of requiring
actual bytes explicitely a consideration when choosing how to
formulate the notion of a cert extension class, out of interest!?
Anyone know? Im very impressed at the outcome, as its
the situation Id would actually hope for in a
security protocol!
For us security programmers, I think it means that if one
encounters an X.509 extension's octet string of length 0, it
is an ASN.1 coding error; cert rejected. Similarly, if the
value within the octet-string is not also an ASN.1 value intance,
and coded using DER, also reject. Its these boundary conditions of
such as the zero length octet-string, we have to be so careful of
in the security field.
thanks!
), and
Ok. Lets try again. I udnerstand now that such notation
is not permitted as DEFAULT X in the above context, X refers
to a default type, not a value.
I think I see where you are trying to go, but the syntax does not allow you
to.
Good. (Im actually happy, that one cannot do what Im trying to
express by argued example .. This exercise seeks to ensure we *all*
understand that this notion cannot legally happen, and we dont
therefore have to code for it!)
let me, with my better yet better ASN.1 education now, again reexpress what
I believe we are saying isnt allowed to be expressed (as the notation
grammar prevents it):
foo2 EXTENSION ::= {
SYNTAX PetersBooleanType -- a typereference
IDENTIFIED BY id-foo2
}
PetersBooleanType ::= BOOLEAN DEFAULT False
this is because PeterBooleanType isnt legal notation. a typereference to
"Type" (BOOLEAN) cannot just
arbtraily assign itself with a default value, only component
types can do this. The ASN.1 syntax grammer (happily) prevents
this illegal expression.
Ok next nasty.
foo3 EXTENSION ::= {
SYNTAX PeterSeqOfType -- a typereference
IDENTIFIED BY id-foo3
}
PeterSeqOfType ::= SEQUENCE OF BOOLEAN DEFAULT {}
Bancroft Scott
Open Systems Solutions, Inc.