DER ≠ ASN.1. I've written a handful of BER/DER encoders and decoders without coming near implementing ASN.1. DER is a decent TLV format.
If most certs are >= 256 bytes, probably safer for CA to always pad certs to >= 256 bytes, in case someone hard-coded 0x30 0x82 <len> <len>.
-
-
By my math, a P-256 cert signed with P-256 ECDSA is 235 bytes before you put in subject, issuer, serial number, or extensions.
-
Unless I'm missing context, I'd be surprised to see one under 256 bytes in the wild.
-
Here's one that I think may be valid & reasonable that's 251 bytes: https://goo.gl/L2yCos . But usually there will be at least 1 extn.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.