[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

encoding an X.509 certificate

To: pkix <ietf-pkix@xxxxxxx>
Subject: encoding an X.509 certificate
From: "Tom Scavo" <trscavo@xxxxxxxxx>
Date: Thu, 6 Nov 2008 12:49:10 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=hsFbyvJ/ofHHt7s/wDRnTKrj2+kh/oHwaF3E/svtQfo=; b=R0CMGizc1TnV5cf5Sa8/YHcdgOGZhmPkyud6t+4mwe7EmrW++PRH6ijxtNYuJv6y6W QxdOjhEihMQffDhBhS9QeERFRHLYD+wNl2Fum6WB2xjS7otirueI/INhWWiWREJrJqsg dnGWb8+DGoCQAihdf31PMBV60qKB283VN+ECo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=BQ/LM8GIvczW8mD8X817Wt6+egce5vAuSbhsvdBO4SfPhh9khCe85QS4KaUA2Tsj0E M5jDNPt9ygHU5rCZ4teC19kuouegOFqliF1OrdeOOxAQuFkpW+b2cRzl5KOVpKEU4jDD BTS1aSQ9HlUezPfAQt3ONvldwzL0/J16mGPjc=
In-reply-to: <ea2af9bd0811050548v545182cew3827a95b007dc466@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <ea2af9bd0811050548v545182cew3827a95b007dc466@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

I've asked the following question in a number of forums with no luck.
I'm hoping someone with intimate knowledge of ASN.1 encodings can help
me out here.  Many thanks in advance.

Currently there are three profiles before the OASIS Security Services
Technical Committee (SSTC) that rely on XML elements of the form:

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:X509Data>
   <ds:X509Certificate>
MII...
   </ds:X509Certificate>
 </ds:X509Data>
</ds:KeyInfo>

Interestingly, the above element has sparked a vigorous debate within
the SSTC, which has since spread to the W3C XML Signature WG.  The
issue involves the ASN.1 encoding of the underlying certificate (which
is base64 encoded in the XML).  Specifically, should the certificate
be DER-encoded or should the encoding be left unspecified?

So my question is:  If you were given an X.509 certificate of unknown
encoding, could you determine the encoding by simply inspecting the
bytes?  Does your favorite ASN.1 library support such a function?

Thanks for shedding some light on this issue.

Tom Scavo
NCSA

Follow-Ups:
- Re: encoding an X.509 certificate
  - From: Ben Laurie
- RE: encoding an X.509 certificate
  - From: Kemp, David P.
- Re: encoding an X.509 certificate
  - From: Perez, Aram
- Re: encoding an X.509 certificate
  - From: Anders Rundgren
- RE: encoding an X.509 certificate
  - From: Santosh Chokhani

Prev by Date: RE: FINAL CALL: Call for agenda items, Minneapolis IETF
Next by Date: RE: encoding an X.509 certificate
Previous by thread: serialNumber in Subject
Next by thread: RE: encoding an X.509 certificate
Index(es):
- Date
- Thread