Hi,
The encoding of the challengePassword in RFC 9148 seems undefined, or?
My understanding is that the ANS.1 type for challengePassword is
DirectoryString, which according to RFC 5280 is
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
RFC 9148 takes 32 bytes from the TLS exporter but does not seem to specify how
to encode the 32 bytes as a ASN.1 text string.
Looking at one of the examples in RFC 9148, it seems like the challengePassword
is a 37-byte UTF8String:
196 115: [0] {
198 52: SEQUENCE {
200 9: OBJECT IDENTIFIER challengePassword (1 2 840 113549 1 9 7)
211 39: SET {
213 37: UTF8String 'vCv0)*&JKJ;/><.,=knv43##@= Nx~`'
: }
: }
I don't understand how this the 32 bytes gets encoded into the 37 byte UTF8
text string. This is not Base64 or hex and general byte strings are not valid
utf8.
Is the bytestring to textstring encoding specified in some other document or is
is just undefined? Maybe it is ok that the encoding to be unspecified in this
case as long the encoding is the same everytime it is used.
The reason I wonder is that we would like to make an optimal C509 encoding for
this, but we cannot make that unless the encoding is specified and we
understand it….
Cheers,
John
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
