[cryptography] preventing protocol failings
noloader at gmail.com
Wed Jul 6 07:12:28 EDT 2011
On Wed, Jul 6, 2011 at 7:07 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> I wrote:
>>BER and DER are actually the safest encodings of the major security protocols
>>I work with.
> Based on the following, which just appeared on another list:
> In contrast to RFC 5280, X.509 does not require DER encoding. It only
> requires that the signature is generated across a DER encoded certificate,
> but the itself certificate may be encoded using BER.
> Should we add a sentence somewhere in X.509 and possibly in RFC 5280
> specifying that when verifying a signature a relying party shall decode and
> then encode the certificate in DER to verifying the signature?
> may I amend my previous statement to insert "if used under correct adult
> supervision" after the words "safest encodings".
Promoting interoperability (write strict/read loose) is a feature!
More information about the cryptography