John Larmouth writes: > The answer is unlimited, AND that BER ***CAN**** encode all values.
Thanks, but, um... > I guess the question is "Why do you think BER encodes it as a single > octet?" RSA's "A Layman's Guide to a Subset of ASN.1, BER, and DER", <http://www.columbia.edu/~ariel/ssleay/layman.html>, says: 5.9 OBJECT IDENTIFIER BER encoding. 1. The first octet has value 40 * value1 + value2. ^^^^^ A limit of 40 = approx 128/3 for 0.* and 1.* also seems to fit a decision to also limit 2.* to one octet. Maybe that was the original intent, and 2.* was expanded later? > Here is the text - notice the "one or more": > > 8.19.2 Each subidentifier is represented as a series of (one or more) > octets. True, but that's X.690, not X.660. It might simply be how to encode one of those integer values once one has got it. If X.660 does limit the 2nd value, there is no need to mention it as a special of the encoding. I really should have asked in an X.660 mailinglist, but I had no idea where to find one. But now that I think of it, maybe it would be better to mimic X.690 in any case. What I'm actually after is a better grammar for the textual representation of OIDs in LDAP ("1.23.456.7890"), and LDAP is supposed to mimic X.500 in this. -- Hallvard
