Re: [cryptography] preventing protocol failings

[Jeffrey Walton]

On Wed, Jul 6, 2011 at 7:07 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> I wrote:
>
>>BER and DER are actually the safest encodings of the major security protocols
>>I work with.
>
> Based on the following, which just appeared on another list:
>
>  In contrast to RFC 5280,  X.509 does not require DER encoding. It only
>  requires that the signature is generated across a DER encoded certificate,
>  but the itself certificate may be encoded using BER.
>
>  Should we add a sentence somewhere in X.509 and possibly in RFC 5280
>  specifying that when verifying a signature a relying party shall decode and
>  then encode the certificate in DER to verifying the signature?
>
> may I amend my previous statement to insert "if used under correct adult
> supervision" after the words "safest encodings".
Promoting interoperability (write strict/read loose) is a feature!
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography