Why self describing data formats:

Steven M. Bellovin smb at cs.columbia.edu
Mon Jun 25 19:48:17 EDT 2007

On Fri, 01 Jun 2007 20:59:55 +1000
"James A. Donald" <jamesd at echeque.com> wrote:

> Many protocols use some form of self describing data format, for
> example ASN.1, XML, S expressions, and bencoding.
> Why?
> Presumably both ends of the conversation have negotiated what
> protocol version they are using (and if they have not, you have big
> problems) and when they receive data, they need to get the data they
> expect.  If they are looking for list of integer pairs, and they get
> a integer string pairs, then having them correctly identified as
> strings is not going to help much.
The most important reason is application flexibility -- very often,
complex data structures are being passed around, and having some
format like those makes life easier.

There is some security benefit, though -- see Section 7 of Abadi
and Needham's "Prudent Engineering Practice for Cryptographic
Protocols" (1995).  (Yes, they're calling for a lot less than
full-blown ASN.1.)

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list