DER ≠ ASN.1. I've written a handful of BER/DER encoders and decoders without coming near implementing ASN.1. DER is a decent TLV format.
Also, IIUC, attestation certificate can be (arguably, should be) < 256 bytes but not < 127 bytes, i.e. 0x30 0x81 <length byte> is allowed.
-
-
Yes, I don't know enough about the variety of certs actually seen here. I'm oversimplifying, unaware of general context.
-
If most certs are >= 256 bytes, probably safer for CA to always pad certs to >= 256 bytes, in case someone hard-coded 0x30 0x82 <len> <len>.
-
By my math, a P-256 cert signed with P-256 ECDSA is 235 bytes before you put in subject, issuer, serial number, or extensions.
-
Unless I'm missing context, I'd be surprised to see one under 256 bytes in the wild.
-
Here's one that I think may be valid & reasonable that's 251 bytes: https://goo.gl/L2yCos . But usually there will be at least 1 extn.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.