Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Peter Sylvester <Peter.Sylvester at edelweb.fr>
Date: Tue, 07 Oct 2008 16:38:19 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <E1KnDKN-0005hN-Q8 at wintermute01.cs.auckland.ac.nz>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <E1KnDKN-0005hN-Q8 at wintermute01.cs.auckland.ac.nz>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 1.5.0.9 (X11/20061206)

I am not sure that the following structure is properly defined:


Structure of this message:

     opaque ASN.1Cert<1..2^24-1>;

     struct {
         ASN.1Cert certificate_list<0..2^24-1>;
     } Certificate;

  certificate_list

This is a sequence (chain) of certificates.A little bit later:

Also, PKCS #7 defines a SET rather than a SEQUENCE, making the task

of parsing the list more difficult.

Still, there is no thing that indicates D|B|XER encoding of

something like SEQUENCE OF Certificate"

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Eric Rescorla

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.