Rick McGuire wrote, On 8/31/2005 5:15 AM:
I've been digging through the code trying to understand how/why the
asn1 code is getting used. It appears the BC code is just being used
to encode/decode X509 names for transport-level security. This is
done in two places:
1) the mech_oid field in the SECIOP_SEC_TRANS structure, and
2) SAS_ContextSec supported_naming_mechanisms array.
These fields are just defined as opaque byte[] items, so I suspect any
encoding is acceptable as long as it is used symmetrically.
Any encoding is fine so long as it's ASN DER. I interpret your
statement to mean that any implementation is fine.
The BC asn1 support has APIs for encoding/decoding X509 names, so it
was convenient to use here. There does not appear to be any crypto
engine involvement in this process.
It appears the need here is not for asn1 support, but rather the
ability to consistently encode OIDs which are in an X509 name format.
Nope, one must use ASN1 DER.
Dain's got the right idea. Let's use Trifork's code for the encoding work.
Regards,
Alan
