I'm not certain if this is an issue or a philosophical stance.
I believe the difference between BER and DER on GeneralizedTime comes down to whether or not fractional seconds are included in the output. DER should stop at the Z. It'll do so if you deliberately truncate the time since BER requires that trailing zeros be excluded and the DER encoder seems to follow that rule.
One could argue that a DER encoder shouldn't produce invalid DER output. One could also argue that silently truncating detail provided by the user of a library is a worse sin than producing invalid DER. Particularly when most parsers will happily ignore or even read the extra detail just fine.
I didn't see an issue anywhere (closed or open) on the specific topic so I thought I'd mention it in case it just hadn't been considered either way.
I'm not certain if this is an issue or a philosophical stance.
I believe the difference between BER and DER on GeneralizedTime comes down to whether or not fractional seconds are included in the output. DER should stop at the Z. It'll do so if you deliberately truncate the time since BER requires that trailing zeros be excluded and the DER encoder seems to follow that rule.
One could argue that a DER encoder shouldn't produce invalid DER output. One could also argue that silently truncating detail provided by the user of a library is a worse sin than producing invalid DER. Particularly when most parsers will happily ignore or even read the extra detail just fine.
I didn't see an issue anywhere (closed or open) on the specific topic so I thought I'd mention it in case it just hadn't been considered either way.