Tolga Acar wrote:
RFC3280 Section 4.1 says (the first paragraph): The X.509 v3 certificate basic syntax is as follows. For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690]. ASN.1 DER encoding is a tag, length, value encoding system for each element. It seems to say clearly that you ought to use DER encoding to get a signed certificate. I'm not sure if that needs to be repeated in the extension definition.
No, it does not. It only says that you need a DER encoding in order a signature.
It does not says that you could transfer or store a certficate in any other form although this is obviously a practical thing to use DER in these cases, at least when one only considers the BER derivates. Since X509 predates XML and it also predates CONTAINING constraints the wordings are quite understandable. --To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature