A follow-up question below: > 4 bits is not sufficient to represent non-empty ordered subsets > > of 4 elements. One needs at least 6 bits for that. > > > > However, one could fit the thing in 4 bits by noting that combining > > id-kp-OCSPSigning with anything else is Bad Idea. And non-empty > > ordered subset of mutually exclusive sets of 3+1 elements does > > fit in 4 bits (A, B, C, AB, AC, BA, BC, CA, CB, ABC, ACB, BAC, BCA, > > CAB, CBA, Z). > > Yes, a SET OF would have defined an order, but it does not help the > relying party, who only cares about whether a particular OID is in the > SEQUENCE or not. > > Putting them in the same order as SET OF would work for new certificates, > but it will not help with existing ones. > > We read Ilari's proposal as a way to uniquely order the relevant EKU combinations, in which case the encoding would work with both existing and new certificates. Can you please clarify which situation you are referring to?
Best Regards Joel Höglund <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
