[Servercert-wg] Ballot SC17 version 3: Alternative registration numbers for EU certificates
Ryan Sleevi
sleevi at google.com
Mon Apr 8 06:26:46 MST 2019
On Fri, Apr 5, 2019 at 3:02 PM Erwann Abalea via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> EUPSD2AuthorizationNumber ::= SEQUENCE {
>
> registrationSchemeIdentifier PrintableString,
>
> registrationCountry PrintableString,
>
> registrationStateorProvince PrintableString OPTIONAL,
>
> registrationReference PrintableString
>
> }
>
The optional value should be (implicitly or explicitly) tagged, correct?
Otherwise, it seems you won't be able to know whether you're reading a
registrationStateorProvince or a registrationReference until you determine
whether or not the following element is valid - that is, whether you have
three or four elements. Since the point of ASN.1/DER is to avoid these
context-dependent parsers, which is inherent in the deliminter-separated
string being proposed, I suspect the modification (with implicit tagging)
should be
EUPSD2AuthorizationNumber ::= SEQUENCE {
registrationSchemeIdentifier PrintableString,
registrationCountry PrintableString,
registrationStateorProvince [0] IMPLICIT PrintableString OPTIONAL,
registrationReference PrintableString
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190408/eda5d8dc/attachment.html>
More information about the Servercert-wg
mailing list