Hi Sahana,
> Is there a reason why a new errata was not reported with the 2nd and
> 15th byte changed (rightly done as in the current strongswan
> identifier/ASN.1 blob) from the rejected errata?
>
> Just want to know which ASN.1 blob we should use to interop and maybe
> standardise/generalise it since the RFC ASN.1 blob (72 byte long) and
> the rejected errata are wrong.
Please read Tero's remarks below the erratas ("VERIFIER NOTES"). While
as sender you should e.g. not explicitly encode SHA-1 or send the
trailerField (i.e. the encoding from the erratas, with corrected length,
should be used) a recipient must understand both formats. So the ASN.1
blobs in the RFC are not really wrong (they can be parsed perfectly
fine), they are just too explicit.
Regards,
Tobias
