[Cryptography] Is ASN.1 still the thing?
hyc at symas.com
Mon Nov 13 13:44:21 EST 2017
Jerry Leichter wrote:
>> Do JSON, Yaml, or protobuff allow representing data format in ways that give a unique and well defined checksum, that will not be affected by endianess or compiler options?
> For protobuf, I'm pretty sure the answer is yes. It would take a careful reading of the specs to be sure there are no corner cases, and it depends on proper implementation: protobuf representations of some datatypes are transferred in a compressed format. For example, integers use a varying-length representation that can drop leading zeroes. So you *could* represent an integer in multiple ways - though you're *supposed* to use the shortest representation (which is unique). Whether a receiver would reject a non-canonical representation, I don't know - probably not.
> Then again, one could say the same thing about ASN.1.
In ASN.1 DER you're required to use the shortest representation, and the
decoder must reject the input if it's not in shortest form.
The subject of this message thread ought to be "why are people still inventing
serialization formats?" ASN.1 works well from network and CPU efficiency
perspective, *and* is reliable for security-oriented usage.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography