Re: [TLS] Verifying X.509 Certificate Chains out of order

To: martin.rex at sap.com
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 08 Oct 2008 03:14:19 +1300
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200810071409.m97E9GBd024151 at fs4113.wdf.sap.corp>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

Martin Rex <Martin.Rex at sap.com> writes:

>Would a zero-length ASN.1 SEQUENCE not require that DistinguishedName have a
>zero length?

A zero-length BER encoding of a SEQUENCE would be 30 81 00, which meets the
minimum-length requirements of 3 bytes.

(I'd always assumed that the limit of 3 bytes was specifically to allow this
encoding of an empty DN, since it's not possible to get a DN that fits into 3
bytes).

Peter.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Martin Rex
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Sylvester

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Martin Rex

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.