[Servercert-wg] Ballot SC17 version 3: Alternative registration numbers for EU certificates
Erwann Abalea
Erwann.Abalea at docusign.com
Mon Apr 8 08:00:04 MST 2019
Bonjour,
You’re right, if the module is EXPLICIT-ly or IMPLICIT-ly tagged, then we need to set a tag for any optional element whose type is equal to the type of the element following it.
Your [0] IMPLICIT works wether the module is defined with EXPLICIT or IMPLICIT TAGS and should produce identical results.
Cordialement,
Erwann Abalea
De : Ryan Sleevi <sleevi at google.com>
Date : lundi 8 avril 2019 à 15:27
À : Erwann Abalea <Erwann.Abalea at docusign.com>, CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Cc : Tim Hollebeek <tim.hollebeek at digicert.com>
Objet : Re: [Servercert-wg] Ballot SC17 version 3: Alternative registration numbers for EU certificates
On Fri, Apr 5, 2019 at 3:02 PM Erwann Abalea via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:
EUPSD2AuthorizationNumber ::= SEQUENCE {
registrationSchemeIdentifier PrintableString,
registrationCountry PrintableString,
registrationStateorProvince PrintableString OPTIONAL,
registrationReference PrintableString
}
The optional value should be (implicitly or explicitly) tagged, correct? Otherwise, it seems you won't be able to know whether you're reading a registrationStateorProvince or a registrationReference until you determine whether or not the following element is valid - that is, whether you have three or four elements. Since the point of ASN.1/DER is to avoid these context-dependent parsers, which is inherent in the deliminter-separated string being proposed, I suspect the modification (with implicit tagging) should be
EUPSD2AuthorizationNumber ::= SEQUENCE {
registrationSchemeIdentifier PrintableString,
registrationCountry PrintableString,
registrationStateorProvince [0] IMPLICIT PrintableString OPTIONAL,
registrationReference PrintableString
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190408/9a4580ec/attachment-0001.html>
More information about the Servercert-wg
mailing list