Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Peter Sylvester <Peter.Sylvester at edelweb.fr>
Date: Tue, 07 Oct 2008 17:54:42 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081007151008.DCA7750846 at romeo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <E1KnDKN-0005hN-Q8 at wintermute01.cs.auckland.ac.nz> <48EB745B.9050403 at edelweb.fr> <20081007151008.DCA7750846 at romeo.rtfm.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 1.5.0.9 (X11/20061206)

I don't think I understand the question: this isn't any kind ofASN.1 structure. It's a TLS vector DER-encoded certs.I.e.

ouups; right.

Is ASN.1Cert defined in the text.
It does not says that you have a DER encoded cert.
It could be BER, CER, DER, at least partially. But
not XER and not PEM.

Anyway, no big deal.

24-bit length field = Y
   24-bit length field = X  \ cert 1
   encoded cert (length X)  /
   24-bit length field = W  \ cert 2
   encoded cert (length W)  /

-Ekr



--

<http://www.edelweb.fr>
*Edel/W/eb* 	Peter SYLVESTER
Consultant Sécurité des Systèmes d'Information
-----------------------------------------------------------
EdelWeb - Groupe ON-X
15, quai de Dion-Bouton
F-92816 Puteaux Cedex
Tel : +33.1.40.99.14.14 / Fax : +33.1.40.99.99.58
www.edelweb.fr <http://www.edelweb.fr> / www.on-x.com <http://www.on-x.com>
-----------------------------------------------------------

To verify the message signature, see edelpki.edelweb.fr<http://edelpki.edelweb.fr/>Cela vous permet de charger le certificat de l'autorité de racine<http://edelpki.edelweb.fr/cacerts/EdelPKI-ca.der>;

die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Sylvester
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.