> On Jul 27, 2020, at 12:09 PM, Joel Höglund <[email protected]> wrote: > > A follow-up question below: > > > 4 bits is not sufficient to represent non-empty ordered subsets > > of 4 elements. One needs at least 6 bits for that. > > > > However, one could fit the thing in 4 bits by noting that combining > > id-kp-OCSPSigning with anything else is Bad Idea. And non-empty > > ordered subset of mutually exclusive sets of 3+1 elements does > > fit in 4 bits (A, B, C, AB, AC, BA, BC, CA, CB, ABC, ACB, BAC, BCA, > > CAB, CBA, Z). > > Yes, a SET OF would have defined an order, but it does not help the relying > party, who only cares about whether a particular OID is in the SEQUENCE or > not. > > Putting them in the same order as SET OF would work for new certificates, but > it will not help with existing ones. > > > We read Ilari's proposal as a way to uniquely order the relevant EKU > combinations, in which case the encoding would work with both existing and > new certificates. Can you please clarify which situation you are referring to?
The ASN.1 DER encoding of SET OF specifies the order. The encoding of SEQUENCE OF allows the sender to pick the order. I suggest we not pick another ordering. Russ
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
