On Wed, 2011-07-06 at 16:48 +1000, Ramsay, Ron wrote: > > Maybe I’m trying to turn back time, but common sense would dictate > that the signature should apply to the blob it is attached to, even if > that blob doesn’t follow the DER rules. The notion that you have a > signature to a blob which you don’t have, and can’t obtain, but for > which you have a hint that should enable you to construct that blob, > is a bit weird. Actually, that is precisely what X.509 says. At the end of the section for SIGNED: "The Directory shall follow these rules: – It shall preserve the encoding of received information whose abstract syntax it does not fully know and which it expects to subsequently sign; – When signing data for sending, it shall send data whose syntax it fully knows with a distinguished encoding and any other data with its preserved encoding, and shall sign the actual encoding it sends; – When checking signatures in received data, it shall check the signature against the actual data received rather than its conversion of the received data to a distinguished encoding." So, the signer should be as strict as possible, but the verifier does not re-encode. (Also, this section does not specify DER, but a restricted BER. This has fewer constraints than DER. The need in DER to have a canonical form of the data within ISO 2022 encoded character strings is an example.) David ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.