Hi Erik,According to X.509 clause 7, in a Certificate, AttributeCertificate or CertificateList value, an extension is encoded as an octet string containing the DER encoding of a value of a type EXTENSION.&ExtnType. So the receiver knowns the DER encoding of all the extensions even for unknown extensions.
However, we have a similar problem in AttributeCertificate because the attributes component may contain attributes unknown by the receiver and in that case the receiver cannot compute the DER encoding.
So clarification is needed but it seems not easy to solve this problem and keep compatibility with the previous versions.
It is too late to have a Technical Corrigendum balloted before SG 17 September meeting and incorporate the solution into Edition 6. So we have to submit a defect report (I can prepare it and send it to AFNOR) and prepare a Technical Corrigendum on Edition 6. If you can attend the next next SC 6 meeting we can perhaps solve these clarifications problems.
Best regards, Jean-Paul.
Hi, I am now in 6.1 of X.509:2005.It is my understanding that in a distributed environment (and directory is potentially distributed), the signature is generated based on the DER encoding of the abstract syntax, but the data actually transmitted need not be the strictly DER encoded. If this understanding is not true, thenX.509 is not clear about it. Assuming it is true, the recipient cannot know whether a received message is DER encoded or not, but needs to decode the message and re-encode in DER to check the signature.The last paragraph of 6.1 with the three bullets gives me problems. An implementation cannot easily decode a message if the underlying abstract syntax is not fully known (e.g. it difficult to distinguish between set and set-of). The three last bullets pretend to be the solution to thatproblem.A DUA sends a message to DSA-A and DSA-A chains the message to DSA-B. It must be assumed that the DUA will fully understand the abstract syntaxof the sent message, but assuming that DSA-A does not fully know the underlying abstract syntax, the following rules should then be used:- DSA-A preserves the encoding of the received message, and itis supposed to add it own signature.- DSA-A after having added all its chaining stuff, DER encode the part of the abstract syntax it fully know and keep all unknown datawith preserved encoding (which may not be DER encoded). It then generates the signature. - DSA-B should now just check the signature based on the received encoding. How does DSA-B know that DSA-A is a stupid DSA not knowing the fullyabstract syntax? DSA-B may fully understand the abstract syntax and maytherefore decode the whole thing and re-encode in DER to check the signature. The DSA-A signature may the fail.If it is opposite, the DSA-A is a clever DSA and DSA-B is a stupid DSA,then DSA-B cannot fully decode the message and create its own DER encoding to check DSA-A's signature. Erik Andersen Andersen's L-Service Mobile: +45 20 97 14 90 e-mail: <mailto:era@xxxxxxx> era@xxxxxxx <http://www.x500.eu/> http://www.x500.eu <http://www.x500standard.com/> http://www.x500standard.com/
----- www.x500standard.com: The central source for information on the X.500 Directory Standard.