|
In regards to the implementation of RFC 3546, in particular
the OCSP extension. When the client does not wish to send any list of
responders, what is the correct sequence to send (as a zero length vector
apparently has a special meaning). It would appear (with my naïve understanding
of RFC 2560) that it would be a list of ResponderID’s (from RFC2560). But
ResponderID’s are CHOICE’s, and I am not versed in my ASN.1 enough
to know if there is a way to write zero of these). So what are the ASN.1 and DER of the correct response for no
list. Thanks. struct { CertificateStatusType status_type; select (status_type) { case ocsp: OCSPStatusRequest; } request; } CertificateStatusRequest; enum { ocsp(1), (255) } CertificateStatusType; struct { ResponderID responder_id_list<0..2^16-1>; Extensions request_extensions; } OCSPStatusRequest; opaque ResponderID<1..2^16-1>; opaque Extensions<0..2^16-1>; In the OCSPStatusRequest, the "ResponderIDs"
provides a list of OCSP responders that the client trusts. A zero-length
"responder_id_list" sequence has the special meaning that the responders are
implicitly known to the server - e.g., by prior arrangement.
"Extensions" is a DER encoding of OCSP request extensions. Both "ResponderID" and "Extensions"
are DER-encoded ASN.1 types as defined in [OCSP]. "Extensions" is imported
from [PKIX]. A zero- length "request_extensions" value means that
there are no extensions (as opposed to a zero-length ASN.1 SEQUENCE, which is not
valid for the "Extensions" type). |
_______________________________________________ TLS mailing list TLS@xxxxxxxxxxxxxx https://www1.ietf.org/mailman/listinfo/tls