OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] disposition of query re DER encoding issue

> I sent a query re the DER encoding issue in the HoK Assertion Profile
> to four external mailing lists.  By far, the best responses were
> received from members of the PKIX Working Group:

They appear to be mostly wrong, however, which is telling. Certificates are
NOT always DER. According to the xml-sec WG, there are in fact CA
certificates that are BER, and that's one of their current arguments for not
requiring DER.

My current response is that making work for the recipient/verifier is not a
good trade-off, and that the sender should bear that effort, but I don't
know how successfully I'm arguing this.

Of late, I'm taking the BER/DER tack and suggesting that since it seems like
some code handles both automatically, the right dividing line is to lump
those two together.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]