If only one or a few parsers are broken, they need to be fixed.
If many broken parsers have proliferated due to generators
semi-violating DER by not omitting the empty field, that has become the
new reality that generators must deal with.
PKIX arbitrarily limiting serial numbers to 159 bits has created a
similar unfortunate reality.
On 2021-01-29 03:19, Blumenthal, Uri - 0553 - MITLL wrote:
> “OPTIONAL” means the parser _must_ deal with complete absence, not only
> encoded as ASN.1 NULL.
>
> Broken parsers should be fixed.
>
> --
>
> Regards,
>
> Uri
>
> //
>
> /There are two ways to design a system. One is to make is so simple
> there are obviously no deficiencies./
>
> /The other is to make it so complex there are no obvious deficiencies./
>
> /
> - C. A. R. Hoare/
>
> *From: *openssl-users-bounce <openssl-users-bounces at openssl.org> on
> behalf of openssl-users <openssl-users at openssl.org>
> *Organization: *WiseMo A/S
> *Reply-To: *Jakob Bohm <jb-openssl at wisemo.com>
> *Date: *Thursday, January 28, 2021 at 21:10
> *To: *openssl-users <openssl-users at openssl.org>
> *Subject: *Re: Encoding of AlgorithmIdentifier with NULL parameters
>
> Also note that the official ASN.1 declaration for
> AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
> the parameters field as OPTIONAL, so parsers really should
> accept its absence.
>
> However if broken parsers are common (this thread
> only found one such parser), maybe it would be
> good practice to include the NULL value for compatibility.
>
> AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
> algorithm ALGORITHM.&id({SupportedAlgorithms}),
> parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,
> ... }
>
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded