Hi,In X.509, we have a comment in the definitions of HASH and ENCRYPTED-HASH which specifies that the hash function applies to the DER encoding of the parameter. We can add a sentence to explain how to check the signature.
Regards Jean-Paul.
Hi folks,In contrast to RFC 5280, X.509 does not require DER encoding. It only requires that the signature is generated across a DER encoded certificate,but the itself certificate may be encoded using BER. Should we add a sentence somewhere in X.509 and possibly in RFC 5280specifying that when verifying a signature a relying party shall decode and then encode the certificate in DER to verifying the signature?Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik <http://www.x500.eu/> http://www.x500.eu/ <http://www.x500standard.com/> http://www.x500standard.com/ <http://dk.linkedin.com/in/andersenerik> http://dk.linkedin.com/in/andersenerik
----- www.x500standard.com: The central source for information on the X.500 Directory Standard.