[Servercert-wg] Ballot SC17 version 3: Alternative registration numbers for EU certificates

Erwann Abalea Erwann.Abalea at docusign.com
Mon Apr 8 08:00:04 MST 2019 

Bonjour,

You’re right, if the module is EXPLICIT-ly or IMPLICIT-ly tagged, then we need to set a tag for any optional element whose type is equal to the type of the element following it.
Your [0] IMPLICIT works wether the module is defined with EXPLICIT or IMPLICIT TAGS and should produce identical results.

Cordialement,
Erwann Abalea


De : Ryan Sleevi <sleevi at google.com>
Date : lundi 8 avril 2019 à 15:27
À : Erwann Abalea <Erwann.Abalea at docusign.com>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Cc : Tim Hollebeek <tim.hollebeek at digicert.com>
Objet : Re: [Servercert-wg] Ballot SC17 version 3: Alternative registration numbers for EU certificates



On Fri, Apr 5, 2019 at 3:02 PM Erwann Abalea via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:
EUPSD2AuthorizationNumber ::= SEQUENCE {
  registrationSchemeIdentifier   PrintableString,
  registrationCountry            PrintableString,
  registrationStateorProvince    PrintableString OPTIONAL,
  registrationReference          PrintableString
}

The optional value should be (implicitly or explicitly) tagged, correct? Otherwise, it seems you won't be able to know whether you're reading a registrationStateorProvince or a registrationReference until you determine whether or not the following element is valid - that is, whether you have three or four elements.  Since the point of ASN.1/DER is to avoid these context-dependent parsers, which is inherent in the deliminter-separated string being proposed, I suspect the modification (with implicit tagging) should be

EUPSD2AuthorizationNumber ::= SEQUENCE {
  registrationSchemeIdentifier   PrintableString,
  registrationCountry            PrintableString,
  registrationStateorProvince    [0] IMPLICIT PrintableString OPTIONAL,
  registrationReference          PrintableString
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190408/9a4580ec/attachment-0001.html>

More information about the Servercert-wg mailing list