subject:"Re\: \[openssl\-dev\] \[EXTERNAL\] Re\: PKCS12 safecontents bag type deviation from spec"

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

2018-01-17 Thread Tomas Mraz

On Tue, 2018-01-16 at 19:31 +, Sands, Daniel wrote:
> On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote:
> > OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE
> > OF.  Ouch!  Will that cause interop problems if we change it?  (I
> > don’t remember the DER encoding rules)
> > 
> > 
> > 
> 
> Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a
> quick reference I found.  So that could be an interoperability
> concern.
>  But maybe this is the first actual use of nested safecontents, since
> this difference flew under the radar for so long :)

Would it be possible to allow for loading the safecontents bag with
both correct and incorrect tag? But we should always write the correct
one.

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

2018-01-16 Thread Blumenthal, Uri - 0553 - MITLL

I think the change is justified.
—
Regards,
Uri

> On Jan 16, 2018, at 14:31, Sands, Daniel  wrote:
> 
> On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote:
>> OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE
>> OF.  Ouch!  Will that cause interop problems if we change it?  (I
>> don’t remember the DER encoding rules)
>> 
>> 
>> 
> 
> Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a
> quick reference I found.  So that could be an interoperability concern.
> But maybe this is the first actual use of nested safecontents, since
> this difference flew under the radar for so long :)
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

2018-01-16 Thread Sands, Daniel

On Tue, 2018-01-16 at 14:50 +, Salz, Rich via openssl-dev wrote:
> OpenSSL defines it as a SET OF and the spec says it’s a SEQUENCE
> OF.  Ouch!  Will that cause interop problems if we change it?  (I
> don’t remember the DER encoding rules)
> 
> 
> 

Well, a SEQUENCE uses tag 16 while a SET uses tag 17, according to a
quick reference I found.  So that could be an interoperability concern.
 But maybe this is the first actual use of nested safecontents, since
this difference flew under the radar for so long :)
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

Re: [openssl-dev] [EXTERNAL] Re: PKCS12 safecontents bag type deviation from spec

3 matches

Site Navigation

Mail list logo

Footer information