jn Fri, Mar 13, 2015 at 02:58:32PM -0400, Russ Housley wrote: > I strongly disagree with this technical decision. The content of > certificate extensions should be OCTET STRING wrapped ASN.1 > structures, and I pointed out the text in RFC 2459 (that remains in > RFC 5280) during this discussion. I am quite concerned with (4) > listed below. I hope you will revisit this decision.
Indeed. The fact that Certificate includes TBSCertificate without wrapping it in an OCTET STRING has caused problems before. Typed holes should always include an OCTET STRING wrapper in ASN.1-based protocols. Nico -- _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
