[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] disposition of query re DER encoding issue
> I sent a query re the DER encoding issue in the HoK Assertion Profile > to four external mailing lists. By far, the best responses were > received from members of the PKIX Working Group: They appear to be mostly wrong, however, which is telling. Certificates are NOT always DER. According to the xml-sec WG, there are in fact CA certificates that are BER, and that's one of their current arguments for not requiring DER. My current response is that making work for the recipient/verifier is not a good trade-off, and that the sender should bear that effort, but I don't know how successfully I'm arguing this. Of late, I'm taking the BER/DER tack and suggesting that since it seems like some code handles both automatically, the right dividing line is to lump those two together. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]