One of the authors of OCSP once explained that his motivation was that
debugging could be simpler because a parser doesn't need to know the
syntax behind implicit tags. There was no other particular reason.
sravan wrote:
I thank Steven & David for taking their time in explaining the concept
of
t: Friday, 9 September 2005 8:03 AM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
> I guess I just haven't come across a case in practice (other than
> pretty
> printing) where I needed to decode without knowledge of the format of
> the data.
> I guess I just haven't come across a case in practice (other than pretty
> printing) where I needed to decode without knowledge of the format of the
> data.
Pretty printing can be an important part of testing, debugging, and
securing.
> I also feel that there are worse things done with
: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
Is this a concern for real applications, things other than pretty
printers and protocol dumpers?
Yes.
I agree that it makes it difficult to
understand the
content without a format description, but it'
--
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Thursday, 8 September 2005 10:35 PM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
> Is this a concern for real applications, things other than pretty
> printers and protocol
> Is this a concern for real applications, things other than pretty printers
> and protocol dumpers?
Yes.
> I agree that it makes it difficult to
> understand the
> content without a format description, but it's no worse than some
> proprietary encoding. Is translating into XML without
ssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
Hi Steven,
I understood what will be the encoding when we use explicit & implicit
tagging. that is what you explained.
But what i really want to know is - In which context we will use explict
tagging & in which context we wi
rom: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Thursday, 8 September 2005 4:56 PM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
> I understood what will be the encoding when we use explicit & implicit
> tagging.
> I understood what will be the encoding when we use explicit & implicit
> tagging. that is what you explained.
> But what i really want to know is - In which context we will use explict
> tagging & in which context we will use implicit tagging.
If one or the other is specified in a proto
I thank Steven & David for taking their time in explaining the concept
of tagging.
now with david's mail, i am almost near the point(thanks again, david)
if possible please point me to one practical situation(like x509 cert,
ocsp format...) where in this explicit vs implict tagging matters.
let
> By using explicit tagging the underlying object is encoded as it
> would be if
> standalone. Implict tagging avoids adding a wrapper around the object but
> results in the underlying object being slightly altered.
And it results in it being impossible to tell the type of the object
un
tificate }
MyStructImplicit ::= SEQUENCE {
certificate [0] IMPLICIT Certificate }
Is that any clearer?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of sravan
Sent: Thursday, 8 September 2005 3:53 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce
EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of sravan
>Sent: Thursday, 8 September 2005 3:37 PM
>To: openssl-users@openssl.org
>Subject: Re: OCSP, Nonce and the requestExtensions
>
>Hi Steven,
>I am sorry to say that I couldn't get what you have explained in your
September 2005 3:37 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
Hi Steven,
I am sorry to say that I couldn't get what you have explained in your mail.
I don't say that it is a problem in your explaination but I can't understand
this(may be a pr
" an
>implicit tag. Using an explicit tag instead means that the underlying
>object is still a standalone certificate.
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
>Sent: Thursday, 8 September 2005 2:17 P
tead means that the underlying object is
still a standalone certificate.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
Sent: Thursday, 8 September 2005 2:17 PM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
Wh
erlying object is
still a standalone certificate.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
Sent: Thursday, 8 September 2005 2:17 PM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
When working with enco
2005 1:55 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
Hi Steven and others,
i have a doubt regd these tags in ASN1:
when do we use implicit tags & when do we use explicit tags?
i have read the 'layman's guide to a subset of ASN.1, BER & DE
UENCE, or in a CHOICE.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
Sent: Thursday, 8 September 2005 11:07 AM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
Do a search for a document titled "A Lay
eddie
Sent: Thursday, 8 September 2005 11:07 AM
To: openssl-users@openssl.org
Subject: RE: OCSP, Nonce and the requestExtensions
Do a search for a document titled "A Layman's Guide to a Subset of ASN.1,
BER, and DER". The tags in this case, and generally, are used to identify
t
@openssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
ah, okay. thank you!
now i know what's the number for! :)
Steven Reddie schrieb:
>That's the [2] in:
>
>TBSRequest ::= SEQUENCE {
>version [0] EXPLICIT Version DEFAULT v1,
September 2005 11:37 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
well, i do not see the CONTEXT SPECIFIC part in the spec!!!
Sascha.
Dr. Stephen Henson schrieb:
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
no, that's misunderstanding (well
IONAL }
2 being the explicit context-specific tag for requestExtensions.
Regards,
Steven
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sascha Kiefer
Sent: Wednesday, 7 September 2005 11:37 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce an
well, i do not see the CONTEXT SPECIFIC part in the spec!!!
Sascha.
Dr. Stephen Henson schrieb:
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
no, that's misunderstanding (well, my english is not that great);
here is the complete ocsp request generated by openssl (i'm not sure
about the vers
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
> no, that's misunderstanding (well, my english is not that great);
> here is the complete ocsp request generated by openssl (i'm not sure
> about the version; i'm at work and tried it at home):
>
> Offset| Len |LenByte|
> ==+==+===+===
no, that's misunderstanding (well, my english is not that great);
here is the complete ocsp request generated by openssl (i'm not sure
about the version; i'm at work and tried it at home):
Offset| Len |LenByte|
==+==+===+=
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
> Hi list,
>
> openssl makes - for example: OCSP request with nonce - the
> requestExtensions a "context specific" integer.
> Why does it do this? I mean, it works, but is it mandatory?
>
>
Which version of OpenSSL are you using? Some of the older ve
Hi list,
openssl makes - for example: OCSP request with nonce - the
requestExtensions a "context specific" integer.
Why does it do this? I mean, it works, but is it mandatory?
Here the openssl output.
Offset| Len |LenByte|
==+==+===+===
28 matches
Mail list logo
