On 3/12/2014 6:14 PM, Wang Weijun wrote: >> > According to Xuelei, BER (that supports indefinite length method) is still >> > a popular format, PKCS#7 is BER based, and JDK accepts PKCS#7 records. I >> > think that's why it needs to support indefinite length. > I don't know about the details in PKCS #7. Does it say a set/sequence can > have indefinite length, but not octet string? > >From PKCS#7: ============ The standard is designed such that the enhanced content types can be prepared defined in a single pass using indefinite-length BER encoding, and processed in a single [RSA78]. pass in any BER encoding.
BTW, X.509 cert and CRL are also not necessary DER fully encoded. See my previous reply in the same thread. Xuelei
