Peter, > Tagging is a matter of ket's say "taste", in fact, it is a matter of > implementation > experience. ASN.1 after many years has come with AUTOMATIC tags > allowing automatically unambiguous and non-excessive explicit tagging. The excessive amount of tagging seems like minor nit, its bloaty, sure, its like rest of the Kerberos protocol. > Wrapping: Strong boundaries would make sense if you don't have to > cross them > > Interoperability note: Some implementations may not be able to decode > wrapped CMS objects encoded with BER but not DER; specifically, they > may not be able to decode infinite length encodings. > > > > something that seems to be necessary according to the previous citation. > > As soon as you have the data structure that you wrap, > you can also encode them in DER. I doubt that you just have the > octet string contents only available as blobs. The CMS implemtetion might use another asn1-package then then Kerberos implemetation, I think today that this is the common case. You call CMS package, get back blob, and you have no clue about the encoding it used used. Love
Attachment:
pgpLfJHH0GIb5.pgp
Description: PGP signature