See the Section on DER encoding at https://en.wikipedia.org/wiki/X.690.
> On Jan 10, 2019, at 5:26 PM, Alberto Leiva <[email protected]> wrote: > > Hello. > > I have a question: > > RFC 6488 section 3.1.l (https://tools.ietf.org/html/rfc6488#section-3) > wants relying parties (RPs) to validate that all RPKI signed objects > are DER-encoded, which (I think) means that they must be BER-encoded > with minimal and unique representations. > > But I have found at least one other requirement that seems to > contradict this: RFC 6482 section 3.3, fourth paragraph, second half, > claims that a ROA (which is a signed object) is allowed to contain > redundant ROAIPAddress elements. > > Furthermore, RFC 3779 (which is meaningfully referenced by the ROA and > RPKI certificate (6487) RFCs) states the following: > > relying parties do > not need to sort the information, or to implement extra code in the > subset checking algorithms to handle several boundary cases > (adjacent, overlapping, or subsumed ranges). > > Which seems to be paraphraseable as "RPs can parse signed objects as > if they were BER-encoded, without worrying about DER." > > In fact, my reading of it is that the entirety of RFC 3779 seems to be > of the mind that IP and AS extension writers are intended to strictly > adhere to DER specifically for the sake of simplifying the task of > RPs. RFC 6488, on the other hand, wants both to be strict. > > So what's the consensus? > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
