[Cryptography] Is ASN.1 still the thing?

Howard Chu hyc at symas.com
Mon Nov 13 13:44:21 EST 2017

Jerry Leichter wrote:
>> Do JSON, Yaml, or protobuff allow representing data format in ways that give a unique and well defined checksum, that will not be affected by endianess or compiler options?
> For protobuf, I'm pretty sure the answer is yes.  It would take a careful reading of the specs to be sure there are no corner cases, and it depends on proper implementation:  protobuf representations of some datatypes are transferred in a compressed format.  For example, integers use a varying-length representation that can drop leading zeroes.  So you *could* represent an integer in multiple ways - though you're *supposed* to use the shortest representation (which is unique).  Whether a receiver would reject a non-canonical representation, I don't know - probably not.
> Then again, one could say the same thing about ASN.1.

In ASN.1 DER you're required to use the shortest representation, and the 
decoder must reject the input if it's not in shortest form.

The subject of this message thread ought to be "why are people still inventing 
serialization formats?" ASN.1 works well from network and CPU efficiency 
perspective, *and* is reliable for security-oriented usage.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list