[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] X.509, RFC4523, RFC3641, big Ints

To: Ldapext <ldapext@ietf.org>
Subject: [ldapext] X.509, RFC4523, RFC3641, big Ints
From: Howard Chu <hyc@highlandsun.com>
Date: Mon, 24 Sep 2007 19:12:45 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre

Something that we've recently encountered while testing our Certificate validation rules is certificates whose serial numbers are integers whose values are larger than 4 octets. I'm wondering how other folks deal with these things. Integers that occur within the LDAP protocol are generally constrained to maxInt, 2^31 - 1, but no such constraint applies anywhere else. Do you use a multi-precision math library to generate the decimal representation of these integers?

For now we've copied the OpenSSL library's behavior, which is to use decimal for up to 31 bit numbers, and just output the hexadecimal octets for anything larger. But this clearly doesn't conform to the GSER definition of INTEGER.

As an aside, I really wish we were using hex for the canonical Integer representation; then any system could manipulate integers of any size independently of any native word size... -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] X.509, RFC4523, RFC3641, big Ints
  - From: Steven Legg <steven.legg@eb2bcom.com>
- Re: [ldapext] X.509, RFC4523, RFC3641, big Ints
  - From: Luke Howard <lukeh@padl.com>

Prev by Date: Re: [ldapext] Summary of group discussion
Next by Date: Re: [ldapext] X.509, RFC4523, RFC3641, big Ints
Index(es):
- Chronological
- Thread