[Cryptography] RSA recommends against use of its own products.

James A. Donald jamesd at echeque.com
Sun Sep 29 01:29:26 EDT 2013

On 2013-09-27 09:54, Phillip Hallam-Baker wrote:
> Quite, who on earth thought DER encoding was necessary or anything 
> other than incredible stupidity?
> I have yet to see an example of code in the wild that takes a binary 
> data structure, strips it apart and then attempts to reassemble it to 
> pass to another program to perform a signature check. Yet every time 
> we go through a signature format development exercise the folk who 
> demand canonicalization always seem to win.
> DER is particularly evil as it requires either the data structures to 
> be assembled in the reverse order or a very complex tracking of the 
> sizes of the data objects or horribly inefficient code. But XML 
> signature just ended up broken.

We have a compiler that generates C code from ASN.1 code.  Does it not 
generate code behind the scenes that does all this ugly stuff for us 
without us having to look at the code?

I have not actually used the compiler, and I have discovered that hand 
generating code to handle ASN.1 data structures is a very bad idea, but 
I am told that if I use the compiler, all will be rainbows and unicorns.

You go first.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130929/585c8206/attachment.html>

More information about the cryptography mailing list