Hi Sahana, > Is there a reason why a new errata was not reported with the 2nd and > 15th byte changed (rightly done as in the current strongswan > identifier/ASN.1 blob) from the rejected errata? > > Just want to know which ASN.1 blob we should use to interop and maybe > standardise/generalise it since the RFC ASN.1 blob (72 byte long) and > the rejected errata are wrong.
Please read Tero's remarks below the erratas ("VERIFIER NOTES"). While as sender you should e.g. not explicitly encode SHA-1 or send the trailerField (i.e. the encoding from the erratas, with corrected length, should be used) a recipient must understand both formats. So the ASN.1 blobs in the RFC are not really wrong (they can be parsed perfectly fine), they are just too explicit. Regards, Tobias