Ryan Sleevi <r...@sleevi.com> wrote: > > >> It would be easier to understand if this is true if the proposed text >> cited the RFCs, like RFC 4055, that actually impose the requirements that >> result in the given encodings. >> > > Could you clarify, do you just mean adding references to each of the > example encodings (such as the above example, for the SPKI encoding)? >
Exactly. That way, it is clear that the given encodings are not imposing a new requirement, and it would be clear which standard is being used to determine to correct encoding. I realize that determining the encoding from each of these cited specs would require understanding more specifications, including in particular how ASN.1 DER requires DEFAULT values to be encoded. I would advise against calling out all of these details individually less people get confused by inevitable omissions. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy