[Cryptography] Is ASN.1 still the thing?

Howard Chu hyc at symas.com
Mon Nov 13 13:41:31 EST 2017 

Jason Cooper wrote:
> Hi James,
> 
> To answer the question in the subject line, yes, ASN.1 is unfortunately
> still a thing.  As long as one must interact with x509, you get the
> ASN.1 baggage for free. :-P
> 
> On Mon, Nov 13, 2017 at 01:11:39PM +1000, James A. Donald wrote:
>> Do JSON, Yaml, or protobuff allow representing data format in ways
>> that give a unique and well defined checksum, that will not be
>> affected by endianess or compiler options?
> 
> I presume what you're getting at: Does it have a strict binary
> representation?  Any format that permits arbitrary whitespace will fail
> that test.  Although, you could specify the reduced form prior to
> hashing.
> 
>> Cryptographers specify data formats are in ASN.1 because that way
>> you can get a unique hash or checksum of the data, regardless of
>> which compiler you are using, and whether your machine is big endian
>> or little endian.
> 
> They do?  That seems odd.  I really hope ASN.1 isn't being chosen for
> the reasons you've outlined.  Above and beyond the complexities of
> parsing it, there's also the difficulty of parsing it on embedded
> systems.  From my experience, it's extraordinarily difficult to parse as
> a stream.

Fwiw, liblber in OpenLDAP is extremely efficient for parsing ASN.1. It allows 
OpenLDAP slapd to run at line speed, even on multigigabit network links.

> Also, as a "C enthusiast", I think protobuf is just an abomination.  If
> you've spent any amount of time reading hex dumps of serial protocols
> like ADS-B, one look at protobuf makes you think "Why the f*ck would you
> create a binary form of XML?" It was clearly never intended to be a
> serious line protocol format, but rather a universal (from a high-level
> programmer view) data pack/unpacker.  And even then, I try to avoid code
> generators. ;-)
> 
>> ASN.1 provides canonical format so that you can hash it or checksum
>> it, ultra efficient binary format for C and C++ purists, and
>> supposedly human readable format, though its human readable format
>> is not particularly human readable.  You are a lot better off with
>> YAML if, as in ini files, you want human readability.
> 
> Well, you're crossing use cases here.  There is data storage (x509
> attributes), configuration files (/etc/* in *nix), and line protocols.
> All of which have different requirements.  To the best of my knowledge,
> the only reason ASN.1 still exists in mainstream usage is because of
> x509.  And I really hope both of those die a horrible death in a flaming
> Yugo off of a 500 ft cliff into ice-cold seas and jagged rocks.
> 
> Not that I have an opinion about it or anything.  :-))

LOL. Only after we're certain that XML is dead and gone, and JSON is tossed 
into the trashbin of history as it properly deserves.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list