[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLNumber definition and MAX

To: "Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>
Subject: Re: CRLNumber definition and MAX
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Tue, 09 Jun 2009 16:24:47 +0200
Cc: pkix <ietf-pkix@xxxxxxx>
In-reply-to: <20090609131835.1D4DD70@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <4A2E455A.70208@xxxxxxxxxx> <20090609131835.1D4DD70@xxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20061206)


Kemp, David P. wrote:

I'm not sure I understand the rationale for removing the constraint on
serial numbers - why would you want to encourage (or at least permit)
negative serial numbers?  The explanation for a SIZE(1..MAX) constraint
on SET/SEQUENCE is helpful but is not particularly relevant to range
constraints on INTEGER values.

Does anyone see a problem with continuing to restrict CRLNumber (and
CertificateSerialNumber) to being non-negative?

I believe there would be a problem with restricting serial number range
to 0..2^^31-1, since (if I recall correctly) some currently-issued
certificates have 16 octet serial number values (0..2^^127-1).


Thanks for the answer. To be sure I was not asking to
restrict serialNumbers or CRlNumbers. in fact, the definition
of CRLNumber is ok. It requires positive values and no limit
for the maximum value (in the syntax).

References:
- CRLNumber definition and MAX
  - From: Peter Sylvester

Prev by Date: RE: CRLNumber definition and MAX
Next by Date: Re: CRLNumber definition and MAX
Previous by thread: RE: CRLNumber definition and MAX
Next by thread: Re: CRLNumber definition and MAX
Index(es):
- Date
- Thread