It is what it is, I'm sure, but that definition in RFC5280 is rather tortured and leads to ambiguity as to whether or not the leading 0x00 is. In fact, I would say that it is not part of the integer value but rather an explicit sign flag required by the encoding mechanism.
Wouldn't it have been easier just to say that despite what the ASN.1 INTEGER type says, serial number shall be regarded as an explicitly unsigned integer of up to 20 bytes length, to be represented as a positive integral value? Pragmatically, does anything known break on the extra byte there? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
