[cryptography] preventing protocol failings

Jeffrey Walton noloader at gmail.com
Wed Jul 6 07:12:28 EDT 2011


On Wed, Jul 6, 2011 at 7:07 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> I wrote:
>
>>BER and DER are actually the safest encodings of the major security protocols
>>I work with.
>
> Based on the following, which just appeared on another list:
>
>  In contrast to RFC 5280,  X.509 does not require DER encoding. It only
>  requires that the signature is generated across a DER encoded certificate,
>  but the itself certificate may be encoded using BER.
>
>  Should we add a sentence somewhere in X.509 and possibly in RFC 5280
>  specifying that when verifying a signature a relying party shall decode and
>  then encode the certificate in DER to verifying the signature?
>
> may I amend my previous statement to insert "if used under correct adult
> supervision" after the words "safest encodings".
Promoting interoperability (write strict/read loose) is a feature!



More information about the cryptography mailing list