While working with Bob Jueneman on some S/MIME
certificate issues we ran into the following with
a Verisign issued certificate:
The portion of ASN.1 dump showing the problem:
766 06 11: OBJECT IDENTIFIER
: Verisign certificatePolicy (2 16 840 1 113733 1 7
1 1)
779 30 142: SEQUENCE {
782 30 40: SEQUENCE {
784 06 8: OBJECT IDENTIFIER cps (1 3 6 1 5 5
7 2 1)
794 16 28: IA5String
'https://www.verisign.com/CPS'
: }
824 30 98: SEQUENCE {
826 06 8: OBJECT IDENTIFIER
: unotice (1 3 6 1 5 5 7 2 2)
836 30 86: SEQUENCE {
838 30 21: SEQUENCE {
840 16 14: IA5String 'VeriSign, Inc.'
^^^^^^^^^^^^^^^^^^^^^^^^^^
856 30 3: SEQUENCE {
858 02 1: INTEGER 1
: }
: }
861 1A 61: VisibleString
: 'VeriSign's CPS incorp. by reference liab. ltd. ('
: 'c)97 VeriSign'
: }
: }
: }
Verisign is encoding the DisplayText as IA5 whereas according to
2459 it can be one of Visible, BMP or UTF8 string.
Should we add IA5String to the choice list of DisplayText or treat
this as a error and not support the Verisign certificates?
regards
Amit
------------------------------------------------------
Certificate Authority: http://www.smeme.com
CA root : http://www.smeme.com/faq_operational.html#16
------------------------------------------------------
Attachment:
smime.p7s
Description: application/pkcs7-signature