[cabfpub] Certificate encoding
Peter Bowen
pzb at amzn.com
Sat Mar 4 15:25:32 UTC 2017
I ran across an interesting problem yesterday.
X.509 (10/2012) Section 6.3 (Distinguished encoding of Basic Encoding Rules) says " In order to enable the validation of SIGNED and SIGNATURE types in a distributed environment, a distinguished encoding is required. A distinguished encoding of a SIGNED or SIGNATURE data value shall be obtained by applying the Basic Encoding Rules defined in Rec. ITU-T X.690 | ISO/IEC 8825-1, with the following restrictions[…]” This language has been present since X.509 (11/1988). However RFC 5280 says the the Distinguished Encoding Rules in X.690 (07/2002) must be used.
While "Distinguished encoding of Basic Encoding Rules” and "Distinguished Encoding Rules” sound very similar, they are not the same. I _think_ that DER is a subset of DeoBER, but I’m not 100% sure.
For the purposes of assessing compliance, which rules should be applied?
Thanks,
Peter
More information about the Public
mailing list