Re: Why is this a big deal?
Digging a little deeper, I think a big cause of the problem is that ASN.1 (used in RFC5820 to define the structure of a certificate) seems to only have the data type "Integer", with the exact meaning of that term being "depending on constraints specified " in a specific specification ie. in the text of the specification, in this case RFC5820.
Funny I missed that and obviously have forgotten ASN.1 (not had to use it for nearly 30 years), given the origins of ASN.1 - somewhere in the mists of defining OSI PDUs, it is a little surprising that it is so vague and allows for ambiguous interpretation. Additionally, I have discovered that it is known that this ambiguity has caused problems with ASN.1 decodes over the years, yet no one has seen fit to revise the ASN.1 specification...