Hi, I stand corrected (for the syntax). For the rest, I am not sure whether I could have given an explanation as precisely as Steve. :-) Peter Steven Legg wrote:
Love, et al, Love Hörnquist Åstrand wrote:Peter Sylvester <Peter.Sylvester@xxxxxxxxxx> writes:The first one can be replaced bysubjectName [0] IMPLICIT OCTET STRING OPTIONAL CONTAINING NameThe correct syntax here is:subjectName [0] IMPLICIT OCTET STRING (CONTAINING Name) OPTIONALLets take another example: PA-PK-AS-REQ ::= SEQUENCE { signedAuthPack [0] IMPLICIT OCTET STRING, -- Contains a CMS type ContentInfo encoded -- according to [RFC3852]. -- The contentType field of the type ContentInfo -- is id-signedData (1.2.840.113549.1.7.2), -- and the content field is a SignedData. With you syntax this should be signedAuthPack IMPLICIT OCTET STRING OPTIONAL CONTAINING ContentInfo Now, ContentInfo in a CMS type, and is allowed to be encoded in BER. Kerberos datatypes uses DER. How is that expressed in a formal way ?signedAuthPack IMPLICIT OCTET STRING (CONTAINING ContentInfoENCODED BY {joint-iso-itu-t asn(1) ber-derived(2) distinguished-encoding(1)})OPTIONAL The OID after the "ENCODED BY" is the OID that identifies DER.Just saying IMPORT and CONTANING and expect the right thing to happen whengiven to a compiler seems very naive.There's a better chance that the compiler can do something useful than if the requirements are expressed informally as a comment. Regards, StevenLove
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature