Re: OCSP, Nonce and the requestExtensions

Wed, 07 Sep 2005 06:30:43 -0700 

On Wed, Sep 07, 2005, Sascha Kiefer wrote:

> no, that's misunderstanding (well, my english is not that great);
> here is the complete ocsp request generated by openssl (i'm not sure 
> about the version; i'm at work and tried it at home):
> 
> Offset| Len  |LenByte|
> ======+======+=======+==============================================================
>     0|   102|      1| SEQUENCE :
>     2|   100|      1|    SEQUENCE :
>     4|    77|      1|       SEQUENCE :
>     6|    75|      1|          SEQUENCE :
>     8|    73|      1|             SEQUENCE :
>    10|     9|      1|                SEQUENCE :
>    12|     5|      1|                   OBJECT IDENTIFIER :  sha1 
> [1.3.14.3.2.26]
>    19|     0|      1|                   NULL :
>    21|    20|      1|                OCTET STRING :
>      |      |       |                   
> C0FE0278FC99188891B3F212E9C7E1B21AB7BFC0
>    43|    20|      1|                OCTET STRING :
>      |      |       |                   
> 0DFC1DF0A9E0F01CE7F2B213177E6F8D157CD4F6
>    65|    16|      1|                INTEGER :
>      |      |       |                   4302AB26321D1C8AA2B54FEE5F8335A5
>    83|    19|      1|       CONTEXT SPECIFIC (2) :
>    85|    17|      1|          SEQUENCE :
>    87|    15|      1|             SEQUENCE :
>    89|     9|      1|                OBJECT IDENTIFIER :  
> [1.3.6.1.5.5.7.48.1.2]
>   100|     2|      1|                OCTET STRING :
>   102|    16|      1|                   OCTET STRING :
>      |      |       |                      7F6B115E2A42DCE810F762B1E389A610
> 
> Here the RFC2560:
> 
> OCSPRequest     ::=     SEQUENCE {
>    tbsRequest                  TBSRequest,
>    optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
> 
> TBSRequest      ::=     SEQUENCE {
>    version             [0] EXPLICIT Version DEFAULT v1,
>    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
>    requestList             SEQUENCE OF Request,
>    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
> 
> So, as you can see: the CONTEXT SPECIFIC part is actually the 
> requestExtensions part
> But why is it context specifiy and not just the sequences?
> 

I'm not sure what you are asking here.

>From an ASN1 point of view several of those tags are unnecessary and it could
have been written without them, but as its in the spec we have to do it.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to