Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec
On Tue, 2018-01-16 at 19:31 +, Sands, Daniel wrote: > On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote: > > OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE > > OF. Ouch! Will that cause interop problems if we change it? (I > > don’t remember the DER encoding rules) > > > > > > > > Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a > quick reference I found. So that could be an interoperability > concern. > But maybe this is the first actual use of nested safecontents, since > this difference flew under the radar for so long :) Would it be possible to allow for loading the safecontents bag with both correct and incorrect tag? But we should always write the correct one. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec
I think the change is justified. — Regards, Uri > On Jan 16, 2018, at 14:31, Sands, Danielwrote: > > On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote: >> OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE >> OF. Ouch! Will that cause interop problems if we change it? (I >> don’t remember the DER encoding rules) >> >> >> > > Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a > quick reference I found. So that could be an interoperability concern. > But maybe this is the first actual use of nested safecontents, since > this difference flew under the radar for so long :) > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec
On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote: > OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE > OF. Ouch! Will that cause interop problems if we change it? (I > don’t remember the DER encoding rules) > > > Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a quick reference I found. So that could be an interoperability concern. But maybe this is the first actual use of nested safecontents, since this difference flew under the radar for so long :) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev