[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encoding of INTEGER fields in PKIX certs

To: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Subject: Re: Encoding of INTEGER fields in PKIX certs
From: "Charles W. Gardiner" <gardiner@xxxxxxx>
Date: Mon, 08 Dec 1997 10:49:11 -0500
Cc: IETF-PKIX@xxxxxxxxxxxxxxxx, gardiner@xxxxxxxxxxxxxxxxxx
In-reply-to: Your message of "Fri, 05 Dec 1997 16:54:37 EST." <>

    I think it is better to stick with the ASN.1 rule that the most significant
bit of an INTEGER is the sign.  Since p, q, g, x, and y are positive numbers,
they should have the extra null byte if the high bit is set -- as it always is
with p and q.  Note also that some values, particularly the r part of a
signature may have a null byte in the high position and not have the next lower
bit set.  In that case the proper encoding -- even with BER -- is of a 19-byte
string, e.g. 0x0033445566.... becomes 0x021333445566....  Consequently
applications must be able to handle instances where the INTEGERS are of
different sizes from the parameters.

    To make an exception for "big numbers" (how big is big?) seems to me to be a
mistake.

Charlie Gardiner

References:
- Encoding of INTEGER fields in PKIX certs
  - From: David P. Kemp

Prev by Date: subscribe
Next by Date: Re: OCSP Considerations
Previous by thread: Re: Encoding of INTEGER fields in PKIX certs
Next by thread: Re: Encoding of INTEGER fields in PKIX certs
Index(es):
- Date
- Thread