<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><BR><DIV><DIV>On Mar 21, 2007, at 9:59 AM, Ron Teitelbaum wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Times New Roman; font-size: 18px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV class="Section1"><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; ">Rob,</SPAN><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "></O:P></SPAN></FONT></P><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "> </SPAN></O:P></SPAN></FONT></P><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; ">I think what we have is a</SPAN><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "></O:P></SPAN></FONT></P><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "> </SPAN></O:P></SPAN></FONT></P><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">3.2 Constructed, definite-length method</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">This method applies to simple string types, structured types, types derived</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">simple string types and structured types by implicit tagging, and types derived</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">from anything by explicit tagging. It requires that the length of the value be</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">known in advance. The parts of the BER encoding are as follows:</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">Identifier octets. As described in Section 3.1, except that bit 6 has value "1,"</SPAN><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="font-family: Verdana; font-size: 13.3333px; ">indicating that the encoding is constructed.</SPAN></SPAN></FONT></DIV></DIV></SPAN></BLOCKQUOTE><DIV><BR class="khtml-block-placeholder"></DIV>It turns out to be Implicit, which means you don't have the value encoded with explicit tags. The definition specifies the type, in this case a Sequence. </DIV><DIV><BR><BLOCKQUOTE type="cite"><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Times New Roman; font-size: 18px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV class="Section1"><DIV style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 16px; "><FONT size="2" face="Verdana"><SPAN style="font-size:10.0pt;font-family:Verdana; font-size: 13.3333px; "><O:P style="font-family: Verdana; font-size: 13.3333px; "></O:P></SPAN></FONT></DIV><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "> <SPAN style="">The value 160 (1 in bit 6) should be considered a Constructed, Definite-length field. I’m still researching it but it would seem to me that this is how you define a user object within a value. Instead of having a primitive data type within an explicit context value you have a constructed data type (in our world an object with ivars).</SPAN></SPAN></O:P></SPAN></FONT></P></DIV></SPAN></BLOCKQUOTE>It is constructed because it is not a simple "primitive" type.<BR><BLOCKQUOTE type="cite"><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Times New Roman; font-size: 18px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV class="Section1"><P class="MsoNormal"><FONT size="2" color="navy" face="Arial"><SPAN style="font-size: 10.0pt;font-family:Arial;color:navy; color: rgb(0, 0, 128); font-size: 13.3333px; "><O:P style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "><SPAN class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13.3333px; "> <SPAN style="">I’m still reading but I think that we may be able to replace 160 with ASN1ExplicitContextValueConstructed that has a definite length and holds the values in a sequence. Do you have the actual ANS.1 definition for this extension? I’d be interested if it says that it’s explicit constructed.</SPAN></SPAN></O:P></SPAN></FONT></P></DIV></SPAN></BLOCKQUOTE>It's Implicit constructed. Here is the definition:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">-- subject alternative name extension OID and syntax</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">SubjectAltName ::= GeneralNames</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">GeneralName ::= CHOICE {</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> otherName [0] AnotherName,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> rfc822Name [1] IA5String,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> dNSName [2] IA5String,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> x400Address [3] ORAddress,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> directoryName [4] Name,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> ediPartyName [5] EDIPartyName,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> uniformResourceIdentifier [6] IA5String,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> iPAddress [7] OCTET STRING,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> registeredID [8] OBJECT IDENTIFIER }</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">AnotherName ::= SEQUENCE {</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> type-id OBJECT IDENTIFIER,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> value [0] EXPLICIT ANY DEFINED BY type-id }</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 13px/normal Courier; min-height: 16px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">EDIPartyName ::= SEQUENCE {</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> nameAssigner [0] DirectoryString OPTIONAL,</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;"> partyName [1] DirectoryString }</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 18px/normal Times New Roman; min-height: 21px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">and my bytes specify:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 18px/normal Times New Roman; min-height: 21px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Sequence {</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>dNSName [2] IA5String,</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>otherName [0] AnotherName}</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 18px/normal Times New Roman; min-height: 21px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">where AnotherName is an Implicit sequence.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR class="khtml-block-placeholder"></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Rob</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR class="khtml-block-placeholder"></DIV></BODY></HTML>