I believe size constraints only apply to the _abstract_ value. This is suggested by section 11.2.2 of X.690:2002. I believe the only way to specify this constraint on the length of the encoded bitstring would be to somehow utilize the ECN, with which I am not really familiar.
You are correct Tom. See my previous mail.
The DER actually require that trailing zero bits be stripped from an encoding when the NamedBitList notation is used to define the type. Section 21.7 of X.680:2002 allows encoding rules to add or remove an arbitrary number of trailing zero bits when NamedBitList notation is used, and further states that applications using the NamedBitList notation should not attach semantic differences to bitstring values that differ only in the number of trailing zero bits.
I completly agree with your analysis - like to join the ASN.1 development group?
This problem has caused interoperability problems for us in the Kerberos protocol, which used the NamedBitList notation for several types, and which some implementations were encoding incorrectly.
As for the example value, I believe the encoding cited is incorrect for DER, but permitted under BER. Under DER, the encoding would be
03 02 07 80
rather than
03 02 00 80
in order to indicate that there are no trailing zero bits, but the original post didn't indicate that the DER were being used.
Again, I have no disagreements with your analysis at all.
(I hope that does not sound patronising - it was not intended to be.)
John L
