On 12/20/2012 11:41 AM, Ben Laurie wrote: > On 20 December 2012 09:50, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: >> - The poison extension: you say it has ASN.1 NULL data, but extensions >> have OCTET STRING syntax. Do you mean an ASN.1 NULL (0x05 0x00) is >> encoded as the value of the OCTET STRING or that the OCTET STRING >> has zero length? This can be fixed after IETF LC, or now, if you >> know what you're code does, but needs fixing. > > Extensions have OCTET STRING containing valid DER syntax :-) > > We mean what we say: ASN.1 NULL data. > > What would you like us to fix?
Explicitly say that the ASN.1 NULL (0x05 0x00) is the value of the OCTET STRING. People have gotten NULL messed up before like that, mainly in AlgorithmIdentifier, but quite a few did it. They assumed because it said "NULL" that meant that nothing is put into the DER encoding. That breaks interop. Now in this case, since you're trying to deliberately break interop for those precerts you could defend the ambiguity I guess, but it makes me hold my nose even so;-) S. > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > > _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey