[Cryptography] Is ASN.1 still the thing?
Howard Chu
hyc at symas.com
Mon Nov 13 13:41:31 EST 2017
Jason Cooper wrote:
> Hi James,
>
> To answer the question in the subject line, yes, ASN.1 is unfortunately
> still a thing. As long as one must interact with x509, you get the
> ASN.1 baggage for free. :-P
>
> On Mon, Nov 13, 2017 at 01:11:39PM +1000, James A. Donald wrote:
>> Do JSON, Yaml, or protobuff allow representing data format in ways
>> that give a unique and well defined checksum, that will not be
>> affected by endianess or compiler options?
>
> I presume what you're getting at: Does it have a strict binary
> representation? Any format that permits arbitrary whitespace will fail
> that test. Although, you could specify the reduced form prior to
> hashing.
>
>> Cryptographers specify data formats are in ASN.1 because that way
>> you can get a unique hash or checksum of the data, regardless of
>> which compiler you are using, and whether your machine is big endian
>> or little endian.
>
> They do? That seems odd. I really hope ASN.1 isn't being chosen for
> the reasons you've outlined. Above and beyond the complexities of
> parsing it, there's also the difficulty of parsing it on embedded
> systems. From my experience, it's extraordinarily difficult to parse as
> a stream.
Fwiw, liblber in OpenLDAP is extremely efficient for parsing ASN.1. It allows
OpenLDAP slapd to run at line speed, even on multigigabit network links.
> Also, as a "C enthusiast", I think protobuf is just an abomination. If
> you've spent any amount of time reading hex dumps of serial protocols
> like ADS-B, one look at protobuf makes you think "Why the f*ck would you
> create a binary form of XML?" It was clearly never intended to be a
> serious line protocol format, but rather a universal (from a high-level
> programmer view) data pack/unpacker. And even then, I try to avoid code
> generators. ;-)
>
>> ASN.1 provides canonical format so that you can hash it or checksum
>> it, ultra efficient binary format for C and C++ purists, and
>> supposedly human readable format, though its human readable format
>> is not particularly human readable. You are a lot better off with
>> YAML if, as in ini files, you want human readability.
>
> Well, you're crossing use cases here. There is data storage (x509
> attributes), configuration files (/etc/* in *nix), and line protocols.
> All of which have different requirements. To the best of my knowledge,
> the only reason ASN.1 still exists in mainstream usage is because of
> x509. And I really hope both of those die a horrible death in a flaming
> Yugo off of a 500 ft cliff into ice-cold seas and jagged rocks.
>
> Not that I have an opinion about it or anything. :-))
LOL. Only after we're certain that XML is dead and gone, and JSON is tossed
into the trashbin of history as it properly deserves.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list