CRLNumber definition and MAX

[Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>]

Hi,

RFC 5280 contains the following definitions for a CRLNumber

CRLNumber ::= INTEGER (0..MAX)

I think that as an analogy with CertficateSerialNumber the
constraint (0..MAX) should be removed, cf also appendix B:

  "As noted in Section 4.1.2.2, serial numbers can be expected to
   contain long integers.  Certificate users MUST be able to handle
   serialNumber values up to 20 octets in length.  Conforming CAs MUST
   NOT use serialNumber values longer than 20 octets.

   As noted in Section 5.2.3, CRL numbers can be expected to contain
   long integers.  CRL validators MUST be able to handle cRLNumber
   values up to 20 octets in length.  Conforming CRL issuers MUST NOT
   use cRLNumber values longer than 20 octets."


The ASN.1 appendix (B) also ontains

   "The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
   constructs.  A valid ASN.1 sequence will have zero or more entries.
   The SIZE (1..MAX) construct constrains the sequence to have at least
   one entry.  MAX indicates that the upper bound is unspecified.
   Implementations are free to choose an upper bound that suits their
   environment."

but nothing similar concerning INTEGER (0..MAX)

Is there someone who sees an important problem if we would require
that MAX MUST be smaller that 2**31 in order to be conformant
to the profile.

The construct occurs in 4 types, the three others being
  pathLenConstraints
  BaseDistance
  SkipCerts
I haven't checked other Extensions defined in X.509.

Peter Sylvester