Hi, > On Jul 15, 2015, at 6:52 AM, Richard Hansen <rhansen@xxxxxxx> wrote: > > 3. Require line breaks in the Base64 string. For example, change > Section 2.1 item #3 from: > > 3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509], > encoded in Base64 (see Section 4 of [RFC4648]. > > to: > > 3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509], > encoded in Base64 (see Section 4 of [RFC4648]). To avoid > long lines, a <CRLF> or <LF> line break MUST be inserted into > the Base64 encoded string every 75 or fewer characters. > > I prefer option #3. If I understand correctly, OpenSSL's Base64 BIO > filter has two modes: no newlines permitted or newlines must be > inserted every 79 or fewer characters. I am fine with this option. I agree that it's better to have this explicit. De facto this is what everyone is doing now, and I see no issues with our running code (both trust anchor code producing TALs, and validator code parsing this). Regards Tim Bruijnzeels (RIPE NCC)