>>>>> "eday" == Ed Day <[EMAIL PROTECTED]> writes:
eday> It is my opinion that the size constraint in this case must be eday> respected; otherwise, it has no meaning. Clearly, the person eday> who wrote this definition wanted the bit string to be between 15 eday> and 32 bits in length, otherwise the size constraint would not eday> have been added. As to precise language in the standards eday> stating this, I could not find any. I believe size constraints only apply to the _abstract_ value. This is suggested by section 11.2.2 of X.690:2002. I believe the only way to specify this constraint on the length of the encoded bitstring would be to somehow utilize the ECN, with which I am not really familiar. The DER actually require that trailing zero bits be stripped from an encoding when the NamedBitList notation is used to define the type. Section 21.7 of X.680:2002 allows encoding rules to add or remove an arbitrary number of trailing zero bits when NamedBitList notation is used, and further states that applications using the NamedBitList notation should not attach semantic differences to bitstring values that differ only in the number of trailing zero bits. This problem has caused interoperability problems for us in the Kerberos protocol, which used the NamedBitList notation for several types, and which some implementations were encoding incorrectly. As for the example value, I believe the encoding cited is incorrect for DER, but permitted under BER. Under DER, the encoding would be 03 02 07 80 rather than 03 02 00 80 in order to indicate that there are no trailing zero bits, but the original post didn't indicate that the DER were being used. ---Tom
