Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for InitialAuthentication in Kerberos

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [Jeffrey Hutzelman] LAST CALL - Public Key Cryptography for InitialAuthentication in Kerberos

Peter Sylvester-3
BTW:

Since SNACC is mentioned. There is one application thta uses SNACC, and in
order to decode soem data encapsulated in an OCTET STRING the author
has changed the syntax to something like

[UNIVERSAL 4] IMPLICIT SEQUENCE {data TheType}

and then changed in the generated code the generation/parsing of the
constructed
bit by hand. If the syntax would not have the addition OCTET STRING
encapsulation
such a hack wouldn't be necessary.

Steven Legg wrote:

>
> Olivier Dubuisson wrote:
>
>> The right syntax is:
>> subjectName [0] IMPLICIT OCTET STRING(CONTAINING Name) OPTIONAL
>>
>> It would be even better to add an "ENCODED BY oid" after "CONTAINING
>> Name" with 'oid' being the OID of the binary encoding rules used to
>> encode 'Name'.
>>
>> But I can already hear some people saying: This is not supported by
>> Snacc :(
>
>
> Since the constraint does not change the bits on the wire for BER the
> simple retort is: "If your ASN.1 compiler does not support
> CONTAINING constraints then comment them out". The hardship caused to
> users of dumber ASN.1 toolkits is negligible in a case like this.
>
> Regards,
> Steven
>
>

--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment