Hi Erik, Maybe I'm trying to turn back time, but common sense would dictate that the signature should apply to the blob it is attached to, even if that blob doesn't follow the DER rules. The notion that you have a signature to a blob which you don't have, and can't obtain, but for which you have a hint that should enable you to construct that blob, is a bit weird. Also, isn't DER itself underspecified. That is, aren't there situations that are still ambiguous, even in the face of DER. I remember hearing something about it about 10 years ago, but I may be wrong. Ron From: x500standard-bounce@xxxxxxxxxxxxx [mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of Erik Andersen Sent: Wednesday, 6 July 2011 4:35 PM To: Directory list; SG17-Q11; PKIX Subject: [x500standard] DER encoding of certificates Hi folks, In contrast to RFC 5280, X.509 does not require DER encoding. It only requires that the signature is generated across a DER encoded certificate, but the itself certificate may be encoded using BER. Should we add a sentence somewhere in X.509 and possibly in RFC 5280 specifying that when verifying a signature a relying party shall decode and then encode the certificate in DER to verifying the signature? Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ <http://www.x500.eu/> http://www.x500standard.com/ <http://www.x500standard.com/> http://dk.linkedin.com/in/andersenerik <http://dk.linkedin.com/in/andersenerik>