Why self describing data formats:
Steven M. Bellovin
smb at cs.columbia.edu
Mon Jun 25 19:48:17 EDT 2007
On Fri, 01 Jun 2007 20:59:55 +1000
"James A. Donald" <jamesd at echeque.com> wrote:
> Many protocols use some form of self describing data format, for
> example ASN.1, XML, S expressions, and bencoding.
>
> Why?
>
> Presumably both ends of the conversation have negotiated what
> protocol version they are using (and if they have not, you have big
> problems) and when they receive data, they need to get the data they
> expect. If they are looking for list of integer pairs, and they get
> a integer string pairs, then having them correctly identified as
> strings is not going to help much.
>
The most important reason is application flexibility -- very often,
complex data structures are being passed around, and having some
format like those makes life easier.
There is some security benefit, though -- see Section 7 of Abadi
and Needham's "Prudent Engineering Practice for Cryptographic
Protocols" (1995). (Yes, they're calling for a lot less than
full-blown ASN.1.)
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list