emanjon
commented
4 years ago In that case the int n could be encodes as 3n + crit, where crit= 0,1,2
Closed emanjon closed 4 years ago
emanjon
commented
4 years ago In that case the int n could be encodes as 3n + crit, where crit= 0,1,2
emanjon
commented
4 years ago Reading RFC 5280:
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID }
Implementers should note that the DER encoding of SET or SEQUENCE components whose value is the DEFAULT omit the component from the encoded certificate or CRL.
My understanding reading RFC 5280 is that DER never explicitly send critical = FALSE. So the information can be encoded with a single bit.
gselander
commented
4 years ago No contradiction to this noted.
Or do we need to encode three options