On Tue, Sep 9, 2014 at 12:56 PM, Brian Smith <[email protected]> wrote: > where the internal syntax of ASN.1Precert is (in ASN.1): > > ASN1Precert ::= SEQUENCE { > precertSigningCert [0] EXPLICIT OptionalCertificate, > tbsCertificate TBSCertificate, > signatureAlgorithm AlgorithmIdentifier, > signatureValue BIT STRING } > > OptionalCertificate ::= certificate Certificate OPTIONAL; > > In other words, ASN1Precert is exactly an X.509 Certificate except > that it starts with an explicitly-tagged, possibly-empty > precertSigningCert field.
...and where signatureValue covers both precertSigningCert and tbsCertificate, instead of just tbsCertificate. (This would have been more clear if I would have wrapped precertSigningCert and tbsCertificate in a SEQUENCE.) Cheers, Brian _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
