IETF Logo Mail Archive

RE: X.509 Extensions Enhancements

"Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> Wed, 13 June 2001 08:27 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA17455 for <pkix-archive@odin.ietf.org>; Wed, 13 Jun 2001 04:27:44 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5D7j6h19574 for ietf-pkix-bks; Wed, 13 Jun 2001 00:45:06 -0700 (PDT)
Received: from phnxpop5.phnx.uswest.net (pop.phnx.uswest.net [206.80.192.5]) by above.proper.com (8.11.3/8.11.3) with SMTP id f5D7j5J19568 for <ietf-pkix@imc.org>; Wed, 13 Jun 2001 00:45:05 -0700 (PDT)
Received: (qmail 23497 invoked by uid 0); 13 Jun 2001 07:45:04 -0000
Received: from dialupk93.phnx.uswest.net (HELO ?10.0.1.23?) (209.180.136.93) by pop.phnx.uswest.net with SMTP; 13 Jun 2001 07:45:04 -0000
Date: Wed, 13 Jun 2001 00:39:06 -0700
Message-Id: <a05100304b74cc75f422e@[10.0.1.20]>
From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net>
To: ietf-pkix@imc.org
Mime-Version: 1.0
X-Sender: hoytkesterson@mail.earthlink.net
In-Reply-To: <5.1.0.14.2.20010612141554.02c05020@pobox1.bbn.com>
References: <5.0.1.4.2.20010612120440.02009ef8@exna07.securitydynamics.com> <5.1.0.14.2.20010612141554.02c05020@pobox1.bbn.com>
Subject: RE: X.509 Extensions Enhancements
Content-Type: text/html; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

RE: X.509 Extensions Enhancements
    Paragraph 11.2.2 of X.690 states that, for named bit strings (paragra[h 19.7 of X.680) all trailing zero bits must be removed before encoding.  Paragraph 11.2.1, which refers to bit strings of either kind, speaks of unused bits in the final octet being zero.  I believe the specific case for named bit strings trumps the general case.

Charlie Gardiner


from clause x in 509

In order to enable the validation of SIGNED and SIGNATURE types in a distributed environment, a distinguished encoding is required. A distinguished encoding of a SIGNED or SIGNATURE data value shall be obtained by applying the Basic Encoding Rules defined in ITU-T Rec. X.690 (1997) | ISO/IEC 8825 :1998, with the following restrictions: In order to enable the validation of SIGNED and SIGNATURE types in a distributed environment, a distinguished encoding is required. A distinguished encoding of a SIGNED or SIGNATURE data value shall be obtained by applying the Basic Encoding Rules defined in ITU-T Rec. X.690 (1997) | ISO/IEC 8825 :1998, with the following restrictions:

in the list of restrictions is

In order to enable the validation of SIGNED and SIGNATURE types in a distributed environment, a distinguished encoding is required. A distinguished encoding of a SIGNED or SIGNATURE data value shall be obtained by applying the Basic Encoding Rules defined in ITU-T Rec. X.690 (1997) | ISO/IEC 8825 :1998, with the following restrictions:

509 says to encode according to the rules in 509. the x.680 DER rules were written later than those in x.509. in the case of bit string, the rules are different. the rules in x.680 do not permit extensibility in a bit string. the rules in 509 do.

   hoyt



v2.23.0 | Report a Bug | By Email