"Reality" ought not be defined this way.
On 29/01/2021 02:38, Jakob Bohm via openssl-users wrote:
If only one or a few parsers are broken, they need to be fixed.
If many broken parsers have proliferated due to generators
semi-violating DER by not omitting the empty field, that has become the
new reality that generators must deal with.
PKIX arbitrarily limiting serial numbers to 159 bits has created a
similar unfortunate reality.
On 2021-01-29 03:19, Blumenthal, Uri - 0553 - MITLL wrote:
“OPTIONAL” means the parser _must_ deal with complete absence, not
only encoded as ASN.1 NULL.
Broken parsers should be fixed.
--
Regards,
Uri
//
/There are two ways to design a system. One is to make is so simple
there are obviously no deficiencies./
/The other is to make it so complex there are no obvious deficiencies./
/
-
C. A. R. Hoare/
*From: *openssl-users-bounce <openssl-users-bounces@xxxxxxxxxxx> on
behalf of openssl-users <openssl-users@xxxxxxxxxxx>
*Organization: *WiseMo A/S
*Reply-To: *Jakob Bohm <jb-openssl@xxxxxxxxxx>
*Date: *Thursday, January 28, 2021 at 21:10
*To: *openssl-users <openssl-users@xxxxxxxxxxx>
*Subject: *Re: Encoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
accept its absence.
However if broken parsers are common (this thread
only found one such parser), maybe it would be
good practice to include the NULL value for compatibility.
AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
algorithm ALGORITHM.&id({SupportedAlgorithms}),
parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm})
OPTIONAL,
... }
Enjoy
Jakob