[xmlsec] Problem with some cert which has a negative serial number

Michael Mi Hao.Mi at Sun.COM
Mon Feb 21 19:57:40 PST 2005



Andrew Fan wrote:

> Aleksey Sanin wrote:
>
>>> Can a bn like "00 00 01" can be a legal serial number? 
>>
>>
>> Yes. It is equal to "1".
>>
> No, it is not a legal serial number. decimal "01", "0001", "1" must be 
> represent as "01" in serial number. 

Why not? Can you show us any standard forbiding that?

Michael

>
>
> -Andrew
>
>>> If so  (*assumption #1*), I think the leading zero should be 
>>> reserved in string format, this can guarantee when converting back 
>>> to a bn, it is "00 00 01" again.
>>
>>
>> Not necessary. "00 00 01" and "01" both represent the same bn. The
>> functions that searches for a certificate MUST understand this.
>>
>> Aleksey
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec




More information about the xmlsec mailing list