Field slide attacks and how to avoid them.
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Sep 19 13:19:22 EDT 2001
"Kevin E. Fu" <fubob at MIT.EDU> writes:
>But XDR is so BORING compared to a REAL standard like ASN.1! It doesn't have
>infinite possibilies for object definitions requiring help from standards
>committees, multiple incompatible data representations with different kinds of
>ambiguity, or ugly API packages that are too large to believe that the
>implementers debugged them adequately. That's just no fun at all!
I can feel this sliding into a specification language debate, but I have to put
in a word to defend ASN.1 here. When used by a skilled practitioner, ASN.1 can
be truly elegant. The problem is that, like BASIC, it looks deceptively
simple, so that everyone thinks they can write a spec in ASN.1 after five
minutes study of an ASN.1 introductory guide, and they usually do. The result
is a great confused muddle which noone can figure out and everyone implements
slightly differently, leading to ASN.1's reputation of being a pain to work
with (to paraphrase the famous FORTRAN comment, "The determined hack can write
crap in any language"). Having had experience working with ASN.1, XDR, the SSL
specification notation, and PGP, I definitely prefer ASN.1 for its ability
(when used correctly) to provide a clear, unambiguous definition of a data
exchange format.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list