[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRL empty list syntax

To: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Subject: Re: CRL empty list syntax
From: Onimus@xxxxxxxx (Olivier Onimus)
Date: Mon, 20 Oct 1997 10:19:42 +0200
Cc: ietf-pkix@xxxxxxxxxx


The DER-coding rules do NOT specify (X.690) how to encode an empty optional
SEQUENCE OF:
nothing or empty SEQUENCE ?
-> well, what can we do to encode such an element in a unambiguous way ?

IMHO, the encoding of an empty optional SEQUENCE OF should be: nothing
This would be in "accordance" with DER-rules, which specify (among other
things),
that the DEFAULT elements in a SEQUENCE should not be encoded, and that the
length of the
elements should be encoded with the minimum number of octets.


Nevertheless, the best solution would be to define in a recommendation (X.690)
the non ambiguous coding of an empty optional SEQUENCE OF .


Olivier





>
>Both X.509 and PKIX part1-06 define the list part of a CRL as:
>
>
>   revokedCertificates  SEQUENCE OF SEQUENCE {
>       userCertificate     CertificateSerialNumber,
>       revocationDate      Time,
>       crlEntryExtensions  Extensions OPTIONAL
>   } OPTIONAL,
>
>
>This admits the possibility of two encodings of a CRL containing
>no certificate entries: an empty SEQUENCE, or nothing (since
>revokedCertificates is OPTIONAL).
>
>Would it be better to eliminate this ambiguity by constraining
>the list size to contain at least one entry?
>
>    revokedCertificates  SEQUENCE SIZE (1..MAX) OF SEQUENCE {
>
>
>Consider this an "informal defect report" against X.509.
>
>

Prev by Date: unsubscribe
Next by Date: unsubscribe
Previous by thread: Re: CRL empty list syntax
Next by thread: Certificate Authority or Certification Authority ?
Index(es):
- Date
- Thread