Martin Boßlet wrote on March 05, 2010: > At first I thought the second implementation was wrong, but then again I read > the ITU > specification for DER encodings, > http://www.itu.int/rec/T-REC-X.690-200207-S/en.
The latest version is at: [http://www.itu.int/rec/T-REC-X.690-200811-I/en] > In chapter 11.6 they say: > > " 11.6 Set-of components > The encodings of the component values of a set-of value shall appear in > ascending order, > the encodings being compared as octet strings with the shorter components > being padded > at their trailing end with 0-octets. > NOTE The padding octets are for comparison purposes only and do not appear > in the encodings. It clearly states "the encodings". This is always the complete Tag-Length-Value element which is the base for a compare. So the primary sort is the class-form-tag, then the length, and then the content value. But in deed, this is even more rarely done right than removing named trailing 0 bits. [X.680, 22.7], [X.690, 11.2.2] Peter-Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
