I should clarify that tags aren't blindly used to identify members of structured types, only when there would otherwise be ambiguity such as with optional members in a SEQUENCE, or in a CHOICE.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie Sent: Thursday, 8 September 2005 11:07 AM To: openssl-users@openssl.org Subject: RE: OCSP, Nonce and the requestExtensions Do a search for a document titled "A Layman's Guide to a Subset of ASN.1, BER, and DER". The tags in this case, and generally, are used to identify the components in the structure. Since the last two members are optional it is necessary to encode the structure so that it is possible to tell which of the optional components is present. I don't know why the version has an explicit tag -- it seems redundant. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Kiefer Sent: Thursday, 8 September 2005 1:45 AM To: openssl-users@openssl.org Subject: Re: OCSP, Nonce and the requestExtensions ah, okay. thank you! now i know what's the number for! :) Steven Reddie schrieb: >That's the [2] in: > > TBSRequest ::= SEQUENCE { > version [0] EXPLICIT Version DEFAULT v1, > requestorName [1] EXPLICIT GeneralName OPTIONAL, > requestList SEQUENCE OF Request, > requestExtensions [2] EXPLICIT Extensions OPTIONAL } > >2 being the explicit context-specific tag for requestExtensions. > >Regards, > >Steven > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Sascha Kiefer >Sent: Wednesday, 7 September 2005 11:37 PM >To: openssl-users@openssl.org >Subject: Re: OCSP, Nonce and the requestExtensions > >well, i do not see the CONTEXT SPECIFIC part in the spec!!! > >Sascha. > >Dr. Stephen Henson schrieb: > > > >>On Wed, Sep 07, 2005, Sascha Kiefer wrote: >> >> >> >> >> >>>no, that's misunderstanding (well, my english is not that great); >>>here is the complete ocsp request generated by openssl (i'm not sure >>>about the version; i'm at work and tried it at home): >>> >>>Offset| Len |LenByte| >>>======+======+=======+=============================================== >>>===== >>> >>> >========== > > >>> 0| 102| 1| SEQUENCE : >>> 2| 100| 1| SEQUENCE : >>> 4| 77| 1| SEQUENCE : >>> 6| 75| 1| SEQUENCE : >>> 8| 73| 1| SEQUENCE : >>> 10| 9| 1| SEQUENCE : >>> 12| 5| 1| OBJECT IDENTIFIER : sha1 >>>[1.3.14.3.2.26] >>> 19| 0| 1| NULL : >>> 21| 20| 1| OCTET STRING : >>> | | | >>>C0FE0278FC99188891B3F212E9C7E1B21AB7BFC0 >>> 43| 20| 1| OCTET STRING : >>> | | | >>>0DFC1DF0A9E0F01CE7F2B213177E6F8D157CD4F6 >>> 65| 16| 1| INTEGER : >>> | | | 4302AB26321D1C8AA2B54FEE5F8335A5 >>> 83| 19| 1| CONTEXT SPECIFIC (2) : >>> 85| 17| 1| SEQUENCE : >>> 87| 15| 1| SEQUENCE : >>> 89| 9| 1| OBJECT IDENTIFIER : >>>[1.3.6.1.5.5.7.48.1.2] >>> 100| 2| 1| OCTET STRING : >>> 102| 16| 1| OCTET STRING : >>> | | | >>> >>> >7F6B115E2A42DCE810F762B1E389A610 > > >>>Here the RFC2560: >>> >>>OCSPRequest ::= SEQUENCE { >>> tbsRequest TBSRequest, >>> optionalSignature [0] EXPLICIT Signature OPTIONAL } >>> >>>TBSRequest ::= SEQUENCE { >>> version [0] EXPLICIT Version DEFAULT v1, >>> requestorName [1] EXPLICIT GeneralName OPTIONAL, >>> requestList SEQUENCE OF Request, >>> requestExtensions [2] EXPLICIT Extensions OPTIONAL } >>> >>>So, as you can see: the CONTEXT SPECIFIC part is actually the >>>requestExtensions part But why is it context specifiy and not just >>>the sequences? >>> >>> >>> >>> >>> >>I'm not sure what you are asking here. >> >>>From an ASN1 point of view several of those tags are unnecessary and >> >> >>>it could >>> >>> >>have been written without them, but as its in the spec we have to do it. >> >>Steve. >>-- >>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL >>project core developer and freelance consultant. >>Funding needed! Details on homepage. >>Homepage: http://www.drh-consultancy.demon.co.uk >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] >> >> >> >> >> >> > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
