[Cryptography] RSA recommends against use of its own products.
James A. Donald
jamesd at echeque.com
Sun Sep 29 01:29:26 EDT 2013
On 2013-09-27 09:54, Phillip Hallam-Baker wrote:
>
> Quite, who on earth thought DER encoding was necessary or anything
> other than incredible stupidity?
>
> I have yet to see an example of code in the wild that takes a binary
> data structure, strips it apart and then attempts to reassemble it to
> pass to another program to perform a signature check. Yet every time
> we go through a signature format development exercise the folk who
> demand canonicalization always seem to win.
>
> DER is particularly evil as it requires either the data structures to
> be assembled in the reverse order or a very complex tracking of the
> sizes of the data objects or horribly inefficient code. But XML
> signature just ended up broken.
We have a compiler that generates C code from ASN.1 code. Does it not
generate code behind the scenes that does all this ugly stuff for us
without us having to look at the code?
I have not actually used the compiler, and I have discovered that hand
generating code to handle ASN.1 data structures is a very bad idea, but
I am told that if I use the compiler, all will be rainbows and unicorns.
You go first.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130929/585c8206/attachment.html>
More information about the cryptography
mailing list